September Patch Tuesday: a critical day for media files at Microsoft

Stephen Withers
Wednesday, 10 September 2008 03:24

Your IT - Home IT

Another web-exploitable vulnerability fixed this month affects Windows Media Encoder 9. While that component does not ship with any version of Windows, it may have been subsequently installed. Microsoft notes that one possible source is the Advanced Windows Media Plug-In for Adobe Premier 6.5 (Beta).

September's fourth flaw affects Office XP, 2003, and 2007, plus OneNote 2007.

A maliciously crafted OneNote URL can cause remote code execution. Although Microsoft has found that it only seems possible to exploit the issue if OneNote is actually installed, the underlying flaw is a buffer overflow issue in MSO.dll, which is used by almost all versions of Office and some developer tools, including Visual Studio 2008, Expression Web, and Expression Web 2.

Microsoft recommends that all users of these programs apply the update, whether or not OneNote is installed. This will ensure the system is protected from the flaw in the event that OneNote is installed at a later date, or if another attack vector is subsequently discovered.

Microsoft has also released updated versions of the Malicious Software Removal Tool, the Windows Mail Junk E-mail Filter, and the System Update Readiness Tool.

Rounding out the month's releases are a pair of patches for Vista and Server 2008 said to improve performance, reliability and application compatibility, plus a bug fix for Server 2008 x64 Edition's Hyper-V Volume Shadow Copy Service that overcomes issues concerning the backup of virtual machines.