:: Microsoft IE, Outlook, Word Get Critical Bug Fixes ::

	ABOUT US
	ALLIANCES
	COMPETENCIES
	EVENTS
	FACTS & FIGURES
	GLOBAL PRESENCE
	INFRASTRUCTURE
	PRESS RELEASES
	THE BUZZ
	NEWS

Public Relations Contact:
Sujata Duggal
+971 4 437 0101 [tel]

Sales Contact:
+971 4 437 0101 [emea]
+44.207.078.7226 [europe]

Corporate Headquarters:
p.o. box 504909,
dubai, uae .
+971 4 437 0101 [tel]
+971 4 437 0100 [fax]

Microsoft IE, Outlook, Word Get Critical Bug Fixes

According to a news agency, Microsoft has recently released six security updates for its products, fixing critical flaws in Word, Outlook Express, Internet Explorer (IE) and the Kodak image viewer that ships with Windows.

The updates fix nine bugs in Microsoft's products. In addition to the four critical updates, Microsoft also released "important" fixes for the Windows SharePoint collaboration software and in the Windows remote procedure call (RPC) technology.

Nine updates is one less than originally expected. Microsoft said it was planning to fix an unnamed flaw in Windows 2000 and Windows Server 2003 that could be used for "spoofing." That update was not included in earlier patches.

Microsoft pulled this Windows patch because of a "quality control issue�, the company said in a statement. It's not unheard of for Microsoft to make such last-minute decisions. The SharePoint update had previously been pulled from the earlier updates for similar reasons.

The Word vulnerability may be of particular concern.

That's because it has been exploited by attackers, according to Christopher Budd, security program manager with Microsoft's Security Response Center. "We're aware of very limited and targeted attacks, but the issue itself has not been publicly disclosed," he said.

The bug can be exploited when an attacker tricks a victim into opening a maliciously crafted Word document. It was reported to Microsoft sometime during the past few months, Budd said. This type of attack has been used many times over the past few years, exploiting bugs in a variety of Microsoft Office products. These attacks have been launched at a small number of select victims, often within government.

Though the Windows RPC flaw apparently cannot be exploited to run unauthorized software on a victim's machine, security experts consider it one of the most important patches released this time. RPC service has been the source of many virulent computer worms in the past, including 2003's Blaster. Whenever there is a denial of service there is always a chance of remote code execution. However, even if hackers could find a way to use this bug to run unauthorized software on a PC, RPC is typically blocked at the firewall. This means that even if a worm could be crafted, it would have difficulty spreading.

The IE patch, which fixes four bugs in the browser, should be moved to the front of the line by system administrators. That's because IE is so widely used and some of the bugs in the browser are very likely to be used in online attacks.

Even users who have removed Outlook Express from their PCs should now install. According to Microsoft's Budd, "The files in question are part of the core operating system, so what we tell people is if the bits in question are on the box then you should apply the security update."

The IE patch is the most critical and an address spoofing flaw that was patched in this update has been known publicly for three months. The URL spoof has been known since few months and it's the perfect tool for a phisher.

Click here to sign up for the netlink corporate newsletter


	Company \| Services & Divisions \| Partners \| Downloads \| Contact Us \| Clients \| Careers \| Article Copyright 1995-2008, netlink corporation, all rights reserved. \| Privacy Statement EMEA Sales: +971 4 437 0101 \| UK Sales: +44.207.078.7226 \| North America Sales: +1.718.715.1190 netlink & netlink subsidiaries are trademarks of netlink corporation.