Microsoft fixed six vulnerabilities which are critical for Windows, Word, Publishers and Anti-Virus software.
First up on the critical list is a Microsoft Word patch, an update resolving what the software giant said were “two newly discovered and privately reported vulnerabilities” in the popular application that could allow hackers to deploy remote code execution (RCE) exploits through a maliciously crafted Word file. If successful, when a user clicks on the file, a hacker would be able to install, view, edit, change or delete capabilities when it comes to data. The intruder could also create new accounts and adjust user profiles for elevated privileges on the workstation and, by extension, the network.
The second patch patches a vulnerability in several versions of Microsoft Publisher, the company’s consumer and small business-grade desktop publishing program. Although Microsoft designated the fix as critical, Amol Sarwate , the manager of Qualys Inc.’s vulnerability research lab, downplayed the patch as nothing new. “This is just another of the kind we’ve seen in the past year where client-side applications are being targeted,” he said.
Meanwhile, the third patch, involving the Jet Database Engine — in many processing environments, the foundation for Windows products and applications on the OS — is probably the most vital of the critical patches. Security administrators, systems administrators, and even database and network administrators would all do well to pay attention to this bulletin as well as monitor the results after installation.
Lastly, the lone moderate patch, while not critical, deals with a potential denial of service hack that can lock administrators and users out of Windows Live OneCare, Microsoft Antigen, the Windows Defender security program, Forefront and the Standalone System Sweeper.
According to Redmond, two of the four patches will require a restart of the system after installation.
Source: Redmond Channel partnerFiled under Enterprise Software, Service Pack and Patches | Tags: Jet Database engine, Microsoft, MS08-026, MS08-027, MS08-028, MS08-029, Patch | Comment Below