Another big month for Microsoft security patches

Stephen Withers
Wednesday, 10 December 2008 01:15

Your IT - Home IT

Microsoft's Christmas bonus for system administrators has arrived in the form of eight security bulletins. Six of them are rated 'critical' and a seventh is more significant than its 'important' rating implies.

If you're the sort of system administrator that thoroughly tests the compatibility of each patch before applying it, you'll probably be working overtime in the runup to the holiday season.

Microsoft this month released eight security bulletins covering 28 vulnerabilities. Six of the bulletins are rated critical.

Affected products include Windows, Internet Explorer, and Office.

The various vulnerabilities can be exploited via maliciously crafted WMF image files, saved searches or search URLs, web pages, Word or RTF documents, or Excel documents.

Security flaws in the way Windows Media Player and related software work are also addressed. According to Microsoft's security vulnerability research & defense blog, neither issue is particularly severe when viewed in isolation.

"However, if the two issues are combined the impact can be quite severe, with the potential for Remote Code Execution," wrote Microsoft security software engineer Mark Wodrich.

How does that work? See page 2.