On TV.com: 2009's Most PIRATED TV Show
BNET Business Network:
BNET
TechRepublic
ZDNet

August 7th, 2008

MS Patch Tuesday: Critical IE, Office, Excel patches coming

Posted by Ryan Naraine @ 12:02 pm

Categories: Arbitrary Code Execution, Botnets, Browsers, Data theft, Denial of Service (DoS), Exploit code, Firefox, Kernel-level Exploits, Malware, Microsoft, Patch Watch, Pen testing, Phishing, Responsible disclosure, Spyware and Adware, Viruses and Worms, Vulnerability research, Windows Vista, Zero-day attacks

Tags: microsoft access, vulnerability, patch management, activex control, microsoft internet explorer, microsoft corp., microsoft excel, microsoft windows, activex/com/com+/dcom, microsoft office

Critical IE, Office, Excel patches comingNext Tuesday (August 12th), Microsoft will ship 12 security bulletins with fixes for serious vulnerabilities in a wide range of of widely deployed products.

Seven of the 12 bulletins will be rated “critical,” Microsoft’s highest severity rating.

The critical bulletins will cover remotely exploitable flaws in Internet Explorer, Windows Media Player, MS Excel, MS PowerPoint, MS Access, MS Office and the Windows operating system.


The other five will carry an “important” rating and will include patches for bugs in Windows, Outlook Express, Windows Mail, Windows Messenger and Microsoft Word.

Windows Vista and Windows Server 2008 are affected by five of the bulletins.

It is very likely that the critical MS Access fix is for a known — and under attack — ActiveX control vulnerability in the Snapshot Viewer for Microsoft Access.

A pre-patch advisory is already available to warn about the MS Access attacks:

An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

The ActiveX control for the Snapshot Viewer for Microsoft Access enables you to view an Access report snapshot without having the standard or run-time versions of Microsoft Office Access. The vulnerability only affects the ActiveX control for the Snapshot Viewer for Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003.

The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007. The ActiveX control is also shipped with the standalone Snapshot Viewer.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 26 Talkback(s)
RE: MS Patch Tuesday: Critical IE, Office, Excel patches coming
Happily using SUSE 11.0 This version easier to install and configure than any before. Only 2 things MS does better: crash and cost money.... (Read the rest)
Posted by: Mnighthawk Posted on: 08/11/08 You are currently: a Guest | | Terms of Use
update to MSupdate ..  bksgs1 | 08/07/08
Patch Tuesday...  MeezerW | 08/11/08
I have to vent about vista  pepelapew@... | 08/07/08
If you have to vent...  cjcoats | 08/08/08
Or just stick with XP  bmgoodman | 08/08/08
Or, try openSUSE 11 ...  OButterball | 08/08/08
open suse 11 is more than any windblows program  dogrun7@... | 08/08/08
Rather misleading....  storm14k | 08/08/08
Why open a command line...  storm14k | 08/08/08
Vista doesn't deliver to me either!  Snarfiorix | 08/08/08
Can't gripe either  slaskoske | 08/08/08
Same for me  CreepinJesus | 08/08/08
So, what OTHER programs are you running ...  OButterball | 08/08/08
RE: MS Patch Tuesday: Critical IE, Office, Excel patches coming  tomstoner@... | 08/08/08
RE: MS Patch Tuesday: Critical IE, Office, Excel patches coming  Sirgwain | 08/08/08
RE: MS Patch Tuesday: Critical IE, Office, Excel patches coming  psion@... | 08/08/08
Yaaawwwwnnnnnn  Crestview | 08/08/08
RE: MS Patch Tuesday: Critical IE, Office, Excel patches coming  ebhb2004@... | 08/08/08
That's just plain stupid of M$ as usual...  hasta la Vista, bah-bie | 08/08/08
RE: MS Patch Tuesday: Critical IE, Office, Excel patches coming  owen35ny | 08/08/08
Windows Vista security 'useless' as proved by researchers  wackoae | 08/08/08
LMAO...ZDNet isn't even going to need to post this story...  storm14k | 08/08/08
FUD.  qmlscycrajg | 08/11/08
Thanks for the information!  joe.smetona@... | 08/11/08
.  qmlscycrajg | 08/11/08
RE: MS Patch Tuesday: Critical IE, Office, Excel patches coming  Mnighthawk | 08/11/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here