CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 13th, 2008

Microsoft Patches Critical Database And Office Flaws

Microsoft released four fixes on Tuesday to close a half dozen security holes, including a vulnerability in the Microsoft Jet database which is currently being exploited by attackers. The most serious of them is a bug in Microsoft’s Jet Database Engine, a component built into Windows XP, Windows Server 2003 and Windows 2000 that works with Visual Basic, Access and multiple third-party applications. Attack code for the vulnerability went public in November, and it is actively being exploited in the wild.

The security vulnerabilities affect various Microsoft Office products, the Jet database engine, and Microsoft’s Malware Protection Engine. Among the most critical flaws, the Microsoft Jet database engine vulnerability allows an attacker to execute code by accessing a database file through Microsoft Word. The company patched both the Jet database flaw and the Word flaw.

Vulnerabilities of the type Microsoft is patching today have been a favorite attack method among attackers, especially in stealthy attacks that seek to steal high-value intellectual property. Trojan horse attacks often use rigged Office files that exploit vulnerabilities in the productivity suite.

Microsoft patched two vulnerabilities in Microsoft Word, including one issue that could be exploited through the Outlook e-mail client because the software uses a component of Word to display rich text format (RTF) and Web (HTML) files in the preview pane. Attacks against Microsoft Office have jumped over the past two years, though most exploits generally require some user interaction, clicking “OK” in a dialog box, for all but the oldest versions of Office.

Microsoft also remedied an issue in the way that its Malware Protection Engine handles file scanning. Malware Protection Engine is used in Windows Live OneCare service and Microsoft Forefront and Antigen products. A specially crafted file could be used to lock up the program or to keep the program from working on incoming files, the company stated in its bulletin.

Share this item with others:

More on CyberInsecure:
  • Microsoft’s Patch Fix Critical Vulnerabilities In IE And Office
  • Oracle Patches Critical Database Vulnerabilities
  • Microsoft Patches Windows Worm And Drive-by Download Vulnerabilities
  • Microsoft Patch 14 PowerPoint Vulnerabilities, Adobe Patch Reader And Acrobar 0-day Vulnerability
  • Unpatched Internet Explorer 7 Vulnerability Exploited As Microsoft Patch Fixes 28 Security Vulnerabilities

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Microsoft Patches Critical Database And Office Flaws

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
    Click to hear an audio file of the anti-spam word