Internet Explorer, Office Hit Hard on Patch Tuesday

Microsoft's 11 patches heavy on client side.

By John Fontana

CONNECTIONS
Microsoft
Internet Explorer
Vista
Wed, August 13, 2008Network World Microsoft Tuesday issued six critical patches, one less than expected, covering Windows, Office, Internet Explorer and Windows Media Player. Five other patches rated as important were delivered as part of Microsoft's monthly Patch Tuesday release.

The list of critical patches had so far been light this summer. There were three in June and none in July. Microsoft has issued a total of 51 patches so far this year.

Office was perhaps the hardest hit this month with Word, Excel, Access and PowerPoint all having vulnerabilities. Internet Explorer had one patch but six vulnerabilities. The patches mostly were centered on the client side rather than the server side.

August's release addressed 26 separate vulnerabilities in the 11 patches, the largest number of patches in one month since the 11 released in February.

Four of the August vulnerabilities were classified as zero day: MS08-041 (Access), MS08-042 (Word), MS08-045 (Internet Explorer), MS08-050 (Windows Messenger).

"Even though 50 is rated only as important, it is categorized as information theft," says Amol Sarwate, manager of vulnerabilities research lab at Qualys. "An attacker can steal the user's Messenger ID and they can use it to call people for audio and video conferences and to see all the user's chat information."

Christopher Budd, security response communications lead for Microsoft, said in a statement that the planned seventh critical patch, which Microsoft announced last week, was held back due to quality issues. The statement did not say when that patch would be released, but it is likely to find its way into the September release unless the vulnerability begins to be actively exploited.

The patch for Internet Explorer (MS08-045) addresses a combination of five privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerabilities affect Internet Explorer version 5.01, 6.0, 6.0 (SP1), and 7 on various versions of Windows including Windows 2000, XP, XP Pro, Vista, and Windows Server 2003 and 2008.

Four of the vulnerabilities deal with HTML, points out Don Leatham, director of solutions and strategy at Lumension Security. "All four can provide a hacker with remote code execution across IE 6 and 7 and across almost all versions of Windows. Every single Web page in the world has some level of HTML and so we think this is one people need to get ahead of. This is going to be a playground for hackers."

The Office vulnerabilities centered on Access, Excel, PowerPoint and Office Filters. The Filters vulnerability is rated critical for supported editions of Microsoft Office 2000. It is rated important for supported editions of Office XP, Office 2003 Service Pack 2, Project 2002 Service Pack 1, Office Converter Pack, and Works 8.

Loading...
Security MarketSpace
White Papers
5 Tips for Data Loss Prevention Solutions
RSA® The Security Division of EMC has identified 5 key considerations to help organizations simplify the evaluation process for selecting a DLP solution that is right for their business. Learn more »
Secure Training Videos to Prevent Theft
Learn how Dream Force extended their marketing reach without being constricted. Learn more »
Prevent Intellectual Property Theft
Learn what the key components were in Hock International's purchasing decision. Learn more »
Webcasts
Maximizing the Business Value of the PC Infrastructure
Reduced IT budgets have CIOs hunting for ways to maximize their PC infrastructure, while saving money and IT staff time. Diane Bryant, CIO of Intel Corp., talks with CIO magazine's Gary Beach about how her organization is addressing these challenges. Learn more »
 
SPONSORED LINKS
 

Data Loss Prevention: A Better Way to Approach Security

Software Executives: Take Control of Your Organization's Code Quality

Delivering Secure and Reliable Data through Spreadsheet Automation

Taking the Service Desk to the Next Level

Why Data Loss is Increasing--and What You Can Do About It

Communications and Collaboration Needs at Business Organizations

Using Open Source to Deploy Web Applications

Mid-Sized Company CIO Community: infoBOOM!

Enterprise PBX Comparison Guide

Getting Value from Outdated Networking Equipment

Accenture IT Consulting: Logical meets technological. More . . .

White Paper: 8 Key Ingredients to Building an Internal Cloud

Read about virtualization and consolidation effort best practices

Building the Virtualized Enterprise with VMware Infrastructure

Top 10 Business and IT Drivers for the Wealth Management Sector

Bottom-Line Benefits of Virtualization

White Paper: The Building Blocks for Cloud Computing

Oracle's Application Grid Technical Demo

Next-Generation Application Servers and Infrastructure

Application Infrastructure at Enterprise Organizations

Achieving Business Agility with Application Grid

Learn about The Information Technology Infrastructure Library.

Achieving Pervasive Performance Management

Gartner Shares Predictions for 2009

64-page prescriptive guide to security, compliance, and IT operations.

Stop Application Fraud at the Source with Device Reputation

Ready to Act: 3 Recommendations for Agile Processes

Automating the Generation and Secure Distribution of Excel Reports

Seven Ways ITIL Can Help You in an Economic Downturn

Maximizing the Business Value of the PC Infrastructure

Learn how to managing client systems in the enterprise.

Cloud Computing: Read about VMware's compelling vision & set of products

Enterprise PBX Buyer's Guide

Secondary Market Primer: Your Network at Half Price

Top-line Performance that's Bottom-line Efficient

Accenture: Outsourcing for uncertain times. Click to learn more.

Learn about the VMware vSphere (TM) & Intel (R) Xeon (R) Processor 5500 Series

Learn how a virtualized enterprise can help your company reduce costs

Why Isn't Server Virtualization Saving Us More?

8 Key Ingredients to Building an Internal Cloud

Data Center Optimization: Three Key Strategies

A CIO Executive Guide: Cloud Computing Looms Big on the Horizon

Oracle WebLogic Server Technical Demo

Data Grids and Service-Oriented Architecture

Achieving the Impossible: Unlimited Application Scalability

A Middleware Foundation for Application Grid

Tips for successful virtualization management.

Smart Decisions: The Role of Key Performance Indicators

Reduce risk, gain agility. See how Progress can help your business.

Improve ROI, lower TCO and reduce energy consumption.

 
 
RESOURCE CENTER