Microsoft monthly update 100% critical
Microsoft has issued its monthly security update, containing a relatively low four updates. However, all eight problems fixed by the update are ranked critical, making them particularly important to check out for anyone not using the automatic update and installation.
The most notable fix, covering five of the problems, involves the Windows Graphics Device Interface+ (GDI) software, which is used to draw the images used in programs such as Internet Explorer and Word. The problems would each have allowed a booby-trapped image file to install malware.
Two of the other fixes plug loopholes in Windows Media Player 11 and Windows Media Player which would also have allowed malware installation. The final fix affects recent versions of Office, specifically the OneNote tool that’s mainly used for collaborating on documents. While that affects a smaller group of users, the consequences are particularly serious as the bug could allow remote-code execution, effectively allowing someone to seize control of a computer.
At the time of writing, there weren’t any reports of hackers exploiting any of these problems. That’s always a concern as there’s a risk people will be able to reverse-engineer the updates – in other words, examine the solution and figure out the details of the original problem, allowing them to exploit the vulnerability before all users have installed the patches.
Security experts have already pegged the GDI flaws as the natural target for hackers, simply because such a high proportion of Windows users would be vulnerable to it. Analysts will be watching this one closely as it’s the first major test of Microsoft’s new policy of allowing security software producers advance notice of the details of each month’s update so they can provide their own protection against exploitation.
One writer has already noted that not all the expected updates appeared or installed correctly, so it may be worth double-checking you get all four updates, even if you rely on the full automatic update and installation option.
Related Posts:
September 15th, 2008
doesn’t this web site has other languages support??