Technology news and Jobs 
Information Technology News Patch frenzy erupts after August Patch Tuesday
Information Technology News Patch frenzy erupts after August Patch Tuesday | Patch frenzy erupts after August Patch Tuesday |
|
| by Stephen Withers | |
| Wednesday, 13 August 2008 | |
|
Page 2 of 6 The Color Management vulnerability involves a heap overflow, but the good news is that a successful exploit only gains the same rights as the current user - which is one of the reasons why security experts recommend that administrative accounts are used as little as possible. The Internet Explorer bulletin is rated critical for IE5, 6 and 7. One of the six vulnerabilities was disclosed publicly, but at the time of releasing the bulletins Microsoft was unaware of any proof of concept code or attacks involving any of them. FIve of the flaws can be exploited by maliciously crafted web pages that cause IE to access uninitialised memory. The sixth takes advantage of incorrect validation of print preview parameters. A successful exploit of any allows the execution of remote code, but only with the user's rights. Microsoft has warned that these each of these vulnerabilities could be exploited by user-generated content or advertisements on web pages. The critical vulnerability in the ActiveX control for the Microsoft Access Snapshot Viewer is of particular concern as it has been publicly disclosed and is being exploited. Attackers have even taken to using drive-by downloads to install the control on systems visiting malicious or compromised web sites so the flaw can be exploited. Microsoft suggests setting a kill bit in the registry to prevent the old and insecure version from running even if it is introduced to a system. More on this month's Office updates on page three. |
| < Next story in category | Previous story in the category > |
|---|
