Microsoft patches eight critical flaws

By on
Microsoft patches eight critical flaws

Microsoft on Tuesday pushed out four patches to correct eight vulnerabilities in its operating systems and related components.

Microsoft on Tuesday delivered four fixes for eight critical vulnerabilities, including one bulletin that will have to be distributed multiple times by businesses.

That patch, MS08-052, addresses five graphics-processing vulnerabilities in GDI+, a Windows application program interface for C/C++ programmers.

The flaws are present not only in Windows but also Internet Explorer, .NET Framework, Office, SQL Server and Visual Studio, according to the bulletin. That means administrators must ship individual copies of the patch to each of those affected software components.

“Every Windows XP and later machine on the planet needs to be patched,” Eric Schultze, CTO of patch management software provider Shavlik Technologies, told SCMagazineUS.com on Tuesday. “A lot of systems will be impacted with this one.”

Ben Greenbaum, senior research manager at Symantec Security Response, said in prepared remarks that users' machines could be infected if they visit a malicious website that allows users to upload images.

He added that organisations also need to check their third-party applications to ensure those are updated with the fix.

“At least one of these vulnerabilities is highly similar to one that we have seen before, so hackers may be able to use old code or at the very least apply knowledge gained from previous attacks as a starting point for creating new malicious code,” Greenbaum said.

The monthly security update also resolved a vulnerability in Windows Media Player that could be exploited when a user is tricked into streaming a malicious audio file. A related patch corrected a flaw in Windows Media Encoder 9, which could permit remote code execution as well.

A final fix remediates a protocol-handling bug in Office's OneNote, a note-taking and information management program. Schultze said these types of flaws are dangerous and could become more common if developers fail to conduct proper input validation of programs.

“I think once researchers start spending more time with protocol handlers, they'll find more ways to exploit them,” he said.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
criticaleightfourinmicrosoftpatchessecurityvulnerabilities

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation
Service NSW hits digital services goal two years early

Service NSW hits digital services goal two years early
SA Police ignores Adelaide council plea for facial recognition ban on CCTV

SA Police ignores Adelaide council plea for facial recognition ban on CCTV
NBN Co says TPG tie-up could help Telstra sidestep spectrum limits

NBN Co says TPG tie-up could help Telstra sidestep spectrum limits

Digital Nation

COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age
The security threat of quantum computing
The security threat of quantum computing

Log In

  |  Forgot your password?