Microsoft Patches Six Security Holes
Microsoft today issued four updates to fix at least six security flaws in its Windows operating system and Office software. The bundle includes a patch for a critical flaw that hackers already are exploiting to break into vulnerable Windows systems.
Four of the vulnerabilities fixed in today's roundup earned Microsoft's most dire "critical" label, which means hackers could use them to break into Windows systems with little or no help from the user, save from convincing the user into clicking on a link or opening a file or e-mail.
Among the most serious of the critical updates is a fix for a known flaw in Microsoft's Jet Database Engine, a component built into Windows 2000, Windows XP and Windows Server 2003 that provides data access to applications such as Microsoft Access, Microsoft Visual Basic, and many third party applications. Instructions showing attackers how to exploit this flaw have been available online since November 2007, and Microsoft has acknowledged that cyber crooks are actively attacking this vulnerability, which can be exploited by convincing people to open malicious database files (those ending in ".mdb").
The other three critical vulnerabilities reside in Microsoft Office applications and affect nearly every version of Office, including Office 2007. One of the updates even affects Office applications such as Word Viewer 2003 and Office 2004/2008 for Mac.
People who still run Microsoft Office 2000 will not be able to get the Office updates through Microsoft/Windows Update or through Automatic Updates. Office 2000 users will need to pay a special visit to the Office Update page and let the site scan for missing updates. Depending on which installation option chosen, Office 2000 users may need to have the original Office installation disk handy.
Finally, if you run Windows XP and have not already installed Service Pack 3, Microsoft is apt to offer it to you if you scan for updates or switch on Automatic Updates. Given the large number of people who have reported problems after installing Service Pack 3 -- and the tiny benefit users receive from installing the potentially destabilizing update -- I'd urge XP users to avoid the service pack for now. Hopefully, over the next few days I can compile a list of the most common sources of SP3 installation problems.
For those who want to go ahead anyway, or for those who have already installed SP3 and are experiencing problems, check out these two links. The first describes a common reboot loop problem experienced by many users who install SP3 on a Windows XP system powered by an AMD processor. The second is a massively long Microsoft support thread that essentially reminds people that Microsoft provides free online (chat and e-mail) and telephone based support for people having trouble installing Service Pack 3. The toll-free support phone number is (866) 234-6020.
Update, May 14, 4:29 p.m. ET: I just received this clarification from Microsoft, about the situations in which Windows XP users would be offered Service Pack 3 in conjunction with this month's updates: "When visiting the Windows Update Web site, Windows XP customers have the option to run either an "Express" or "Custom" check for available updates. Selecting "Express" will take XP SP2 customers to a screen that lists only XP SP3, since it is the default install. Selecting "custom" will present the customer with more options. Windows XP customers who are set to receive automatic updates will automatically receive the relevant XP SP2 security updates -until XP SP3 is published to Automatic Update. This process is by design as and worked the same way when XP SP2 was released."
May 13, 2008; 3:30 PM ET
Categories: Latest Warnings , New Patches , Safety Tips
Save & Share: Previous: Online Sellers: Beware of Fake Check Scams
Next: Three Charged With Hacking Dave & Buster's Chain
Posted by: gerryrigged | May 13, 2008 3:43 PM | Report abuse
Posted by: Anonymous | May 13, 2008 3:55 PM | Report abuse
Posted by: Anonymous | May 13, 2008 4:00 PM | Report abuse
Posted by: Anonymous | May 14, 2008 5:44 AM | Report abuse
Posted by: Anonymous | May 14, 2008 8:49 AM | Report abuse
Posted by: C.B. | May 14, 2008 9:26 AM | Report abuse
Posted by: Jackson | May 14, 2008 4:53 PM | Report abuse
Posted by: JayinPa | May 14, 2008 9:02 PM | Report abuse
Posted by: JB | May 14, 2008 10:04 PM | Report abuse
Posted by: BigVal | May 15, 2008 12:06 AM | Report abuse
Posted by: Anonymous | May 15, 2008 9:34 PM | Report abuse
Posted by: mdyoung | May 27, 2008 10:32 PM | Report abuse
The comments to this entry are closed.