Stephen Withers
Wednesday, 13 August 2008 06:37
Your IT -
Home IT
Page 2 of 6
The Color Management vulnerability involves a heap overflow, but the good news is that a successful exploit only gains the same rights as the current user - which is one of the reasons why security experts recommend that administrative accounts are used as little as possible.
Windows 2000, XP and Server 2003 are affected by this flaw.
The Internet Explorer bulletin is rated critical for IE5, 6 and 7. One of the six vulnerabilities was disclosed publicly, but at the time of releasing the bulletins Microsoft was unaware of any proof of concept code or attacks involving any of them.
FIve of the flaws can be exploited by maliciously crafted web pages that cause IE to access uninitialised memory. The sixth takes advantage of incorrect validation of print preview parameters.
A successful exploit of any allows the execution of remote code, but only with the user's rights.
Microsoft has warned that these each of these vulnerabilities could be exploited by user-generated content or advertisements on web pages.
The critical vulnerability in the ActiveX control for the Microsoft Access Snapshot Viewer is of particular concern as it has been publicly disclosed and is being exploited.
Attackers have even taken to using drive-by downloads to install the control on systems visiting malicious or compromised web sites so the flaw can be exploited.
Microsoft suggests setting a kill bit in the registry to prevent the old and insecure version from running even if it is introduced to a system.
More on this month's Office updates on
page three.
LATEST HEADLINES FROM YOUR IT
