iTWire - September Patch Tuesday: a critical day for media files at Microsoft

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

September Patch Tuesday: a critical day for media files at Microsoft

September Patch Tuesday: a critical day for media files at Microsoft

E-mail

by Stephen Withers
Wednesday, 10 September 2008
Page 1 of 3 Patch Tuesday has come around all too quickly, and Microsoft has released four critical updates. Once again, the handling of media files has proved fertile ground for vulnerability hunters. Featured Whitepaper 5 Best Practices for Smartphone Support Of the four, the GDI+ issue is perhaps the most pernicious, as all that's necessary to exploit it is the display of a maliciously crafted image by software that uses GDI+. Since this includes Internet Explorer and Office, all an attacker would need to do is add the image to a web page (think of all the popular sites that display user-generated content) or insert it into a Word document that is then spammed out to potential victims. When the image is displayed, code within the exploit file would be executed with the same rights as the current user. The updates address several vulnerabilities in GDI+, and relate to Windows XP, Vista, Server 2003, Server 2008, Internet Explorer 6, and Windows 2000 with any of .NET Framework 1.0, 1.1 or 2.0. Also affected are Office XP, 2003 and 2007, plus Visio 2002, PowerPoint Viewer 2003, Works 8 and Digital Image Suite 2006. If that wasn't enough, there are additional patches for SQL Server 2000 and 2005; Visual Studio 2003, 2003, 2005 and 2008; Report Viewer 2005 and 2008; Visual FoxPro 8.0 and 9.0; the Microsoft Platform SDK Redistributable: GDI+; and Forefront Client Security 1.0. Windows Media Player is also at risk - please read on. << First page < 1 2 3 Next page > Last page - Post your comment >>

< Next story in category		Previous story in the category >

Sponsored Releases

progeCAD 2009 Free 2010 Version Upgrades Offer from CADDIT.net

Virtual Computer brings reduced desktop management costs to Australia

NETSUITE ANNOUNCES Q3 09 RESULTS

AVG (AU/NZ) Wins Computer Troubleshooters Vendor of the Year Award for the Second Year

Mobile & Wireless VoIP on the Apple iPhone

AVG (AU/NZ) Growing Fast in an Economy Looking for Security

...Promote your press-releases here

Latest jobs

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Business & IT Transformation Roles

Systems Analysts	Business Process Analysts
Test Analysts	Business Analysts
Business Readiness Analysts

Project C

stats for wordpress

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking