Technology news and Jobs 
Information Technology News Patch frenzy erupts after August Patch Tuesday
Information Technology News Patch frenzy erupts after August Patch Tuesday | Patch frenzy erupts after August Patch Tuesday |
|
| by Stephen Withers | |
| Wednesday, 13 August 2008 | |
|
Page 5 of 6 A pair of flaws in the Windows event system could be exploited to execute remote code and take full control of a system running Windows 2000, XP, Vista, Server 2003 or Server 2008.The bulletin for Outlook Express and Windows Mail covers a situation where a maliciously crafted web page opened with Internet Explorer could result in information disclosure due to the way IE hands-off MHTML URLs to Outlook Express or Mail. The issue is rated important on Windows 2000, XP and Vista, but only low on Server 2003 and 2008 - presumably because people are less likely to be using a Server account for web browsing. Messenger too is affected by an information disclosure issue, one that can allow an attacker to capture a user's Messenger credentials and therefore impersonate that user. Once again, an ActiveX control is the source of the vulnerability. The patch for Windows Messenger 4.7 and 5.1 works by setting up a whitelist of applications that can access the ActiveX control. This approach was necessary as simply setting a kill bit for the control adversely affected Windows' Remote Assistance application. The issue is classified as important on Windows 2000 and XP, and moderate on Server 2003. Vista and Server 2008 are not affected. You can relax now, It's downhill from here! The final page of the story outlines another Office flaw, along with the non-security updates for the month. |
| < Next story in category | Previous story in the category > |
|---|
