Patch Tuesday Addresses Eight Critical Vulnerabilities

September 10th, 2008 | Category: Technology News

Microsoft’s monthly Patch Tuesday was comparatively light after August’s onslaught of fixes. Still, there is plenty for IT administrators to tackle that month. For September, Microsoft issued four safety measure bulletins to address eight vulnerabilities — all of them critical.

“Given that the four critical bulletins deal with all the majority of current Microsoft operating systems, organizations should not be lax when rolling out that month’s patches,” said Don Leatham, director of solutions and strategy at Lumension defense. “This group addresses critical-level, remote-code execution vulnerabilities that reside on just about every Windows computer in an organization, so companies should be ready to react swiftly.”

poor News, Good News

MS08-052 fixes five privately reported bugs in Windows Media Encoder 9, while MS08-54 addresses a flaw in Windows Media Player. MS08-055 fixes a vulnerability in Microsoft Office. Meanwhile, MS08-052 is the greatest concern. that fix addresses five flaws in the Microsoft Windows GDI+, a Windows graphics API.

All these

flaws could allow a hacker to take complete control of a system. The good news is the issues are all client-side and require some user interaction, such as opening a malicious file or viewing a Web page containing malicious composition.

Spotlight on GDI+

The vulnerabilities that affect GDI+ are the most dangerous considering GDI+ is used in such a large array of Microsoft and third-party software, according to Ben Greenbaum, senior research manager at Symantec protection Response.

“If a user visits a page controlled by an attacker or a site that allows users to upload images, such as some of the social-media sites, they could fall victim to that attack,” Greenbaum said. “Attackers are routinely using vulnerabilities like these to gain control of endpoint systems as part of large-scale hoax campaigns.”

Greenbaum noted that at least one of the vulnerabilities is highly similar to one that protection researchers have…

Orginal post by Mike

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists

Related Articles
  • Patch Tuesday Addresses Client-Side Vulnerabilities
  • June Patch Tuesday Addresses Bluetooth, Kill Bit
  • Microsoft Patches 20 Vulnerabilities and Debuts Index
  • Patch Tuesday Vulnerabilities Include Two Key Servers
  • Microsoft Issues Largest Number of Patches Since 2003

    • No comments yet. Be the first.

    Leave a reply