| Microsoft Plans Four Security Fixes For Upcoming Patch Tuesday |
 |
 |
 |
| Written by Administrator | |
| Friday, 09 May 2008 19:29 | |
 Microsoft on Thursday said that it plans to release patches for four security vulnerabilities on Tuesday, May 13. According to its Security Bulletin Advance Notification for May 2008, Microsoft (NSDQ: MSFT) said it will fix three critical vulnerabilities and one moderate vulnerability. The critical flaws affect Microsoft Office, Microsoft Word, and Microsoft Windows The critical Windows vulnerability involves the Microsoft Jet 4.0 Database Engine. In March, Microsoft issued a Security Advisory saying that it was "investigating new public reports of very limited, targeted attacks using a vulnerability in the Microsoft Jet Database Engine that can be exploited through Microsoft Word." The Microsoft Jet Database Engine makes data accessible to a variety of Microsoft and third-party applications, including Microsoft Access, Microsoft Visual Basic, and Information Services (IIS) applications. According to Microsoft's Jet Security Advisory, versions of the Microsoft Jet Database Engine (msjet40.dll) lower than 4.0.9505.0 are vulnerable to a buffer overrun flaw. To exploit the flaw, an attacker would have to convince a user to open a Word file designed to load a database file that uses msjet40.dll. "The Jet bulletin is the critical patch that will have the widest impact because it affects Windows XP, Windows 2000 and Windows Server 2003," said Lumension Security director of solutions and strategy Don Leatham in an e-mailed statement. "When prioritizing this month's patches, this will probably get the most attention because of the number of organizations running these systems and programs."
Bookmark
Email This
Hits: 161 Comments (0)
 Write comment
|
|
| Last Updated ( Saturday, 10 May 2008 04:29 ) |
Subscribe to this comment's feed
