VISTA.BLORGE
TECH.BLORGE.com
MAC.BLORGE.com
GAMER.BLORGE.com

September 10, 2008 |

Microsoft monthly update 100% critical

By John Lister





Microsoft monthly update 100% critical Microsoft has issued its monthly security update, containing a relatively low four updates. However, all eight problems fixed by the update are ranked critical, making them particularly important to check out for anyone not using the automatic update and installation.

The most notable fix, covering five of the problems, involves the Windows Graphics Device Interface+ (GDI) software, which is used to draw the images used in programs such as Internet Explorer and Word. The problems would each have allowed a booby-trapped image file to install malware.

Two of the other fixes plug loopholes in Windows Media Player 11 and Windows Media Player which would also have allowed malware installation. The final fix affects recent versions of Office, specifically the OneNote tool that’s mainly used for collaborating on documents. While that affects a smaller group of users, the consequences are particularly serious as the bug could allow remote-code execution, effectively allowing someone to seize control of a computer.

At the time of writing, there weren’t any reports of hackers exploiting any of these problems. That’s always a concern as there’s a risk people will be able to reverse-engineer the updates – in other words, examine the solution and figure out the details of the original problem, allowing them to exploit the vulnerability before all users have installed the patches.

Security experts have already pegged the GDI flaws as the natural target for hackers, simply because such a high proportion of Windows users would be vulnerable to it. Analysts will be watching this one closely as it’s the first major test of Microsoft’s new policy of allowing security software producers advance notice of the details of each month’s update so they can provide their own protection against exploitation.

One writer has already noted that not all the expected updates appeared or installed correctly, so it may be worth double-checking you get all four updates, even if you rely on the full automatic update and installation option.

Sign up for the BLORGE email newsletter

Related:

  • Microsoft makes tenuous ‘critical-free’ claim for Patch Tuesday
  • Patch Tuesday update zaps third-party bugs, but Media Player fix on hold
  • Emergency Windows patch issued to solve ‘critical’ XP issue
  • IE7 and Windows Mail in Vista to receive ‘critical’ fixes on Patch Tuesday
  • Microsoft predicts hacker behaviour


    • Entry was posted on Wednesday, September 10th, 2008 at 11:57 am under Microsoft, Security, Vista, internet explorer, xp. Print This Post Print This Post

    Read more entries by John Lister.



    One Response to “Microsoft monthly update 100% critical”

    1. ingiltere dil okulu:
      September 15th, 2008

      doesn’t this web site has other languages support??

    Leave a Reply:

    Copyright © 2007 Engaging and compelling blogs that entertain and inform