Microsoft fixes IE, Office in big month of security updates

Microsoft has released patches to fix 19 critical holes in its software Tuesday, including five flaws in IE that should be patched immediately.

Microsoft released patches to fix 19 critical vulnerabilities in its software Tuesday, including five flaws in its Internet Explorer browser that security experts advise IT administrators to patch immediately.

The total of 11 security updates released for August is the largest round of Patch Tuesday updates Microsoft has released since last February and should give IT administrators plenty to do to secure their companies' systems. "People are going to be quite busy with this load," said Jason Miller, security data team leader for Shavlik Technologies, a patch-management software provider in St. Paul, Minnesota.

Six of the patches, which can be found on Microsoft's Web site, are rated as critical, while five are rated as important.

Miller and other security experts cited Microsoft Security Bulletin MS08-045, a Cumulative Security Update for Internet Explorer, as the top priority among this month's batch of updates. The update patches five privately reported vulnerabilities and one that already has been disclosed publicly and for which attack code already exists, which makes it a zero-day flaw.

Don Leatham, director of solutions and strategy for Lumension Security, said the fact that the IE vulnerabilities affect HTML (Hypertext Markup Language) is enough reason to make patching them of the utmost importance, since the opportunity for exploitation is so vast. "Every Web site in the world uses HTML," he said. Lumension, based in Scottsdale, Arizona, provides patch- and vulnerability-management software and services

Shavlik's Miller said that the IE patches and another critical update released Tuesday that fixes a vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access -- MS08-041 -- are related because they both allow an attacker to create a Web site that takes advantage of these vulnerabilities. He listed them both as priorities for immediate installation.

Leatham also cited the Snapshot Viewer exploit as a high priority for IT administrators because many businesses use Access and its Snapshot Viewer tool extensively.

"You can be assured people are using the viewer to share information with partners, customers and internally given the popularity of the Office suite and how much businesses tend to use Access," he said.

An update that fixes a vulnerability in the Microsoft Windows Image Color Management System -- MS08-046 -- also should be installed immediately because it could allow an attack if a user navigates to a Web page and views a particular graphic, researchers said. The color-management system is part of the graphical subsystem of Windows.

"Given that [the vulnerability] is Web-based and graphical, you definitely want to pay some special attention to that one," Leatham said.

Two August updates rated as important also should be of interest to IT professionals, even if Microsoft has rated them below the critical updates. They are MS08-047, which fixes a vulnerability in IPsec Policy processing, and MS08-50, which patches a flaw in Messenger.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Elizabeth Montalbano

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?