The critical flaws affect Microsoft Office, Microsoft Word, and Microsoft Windows respectively.

Thomas Claburn, Editor at Large, Enterprise Mobility

May 9, 2008

2 Min Read

Microsoft on Thursday said that it plans to release patches for four security vulnerabilities on Tuesday, May 13.

According to its Security Bulletin Advance Notification for May 2008, Microsoft said it will fix three critical vulnerabilities and one moderate vulnerability.

The critical flaws affect Microsoft Office, Microsoft Word, and Microsoft Windows respectively. The moderate vulnerability affects several Microsoft security products, including Windows Live OneCare, Antigen, Defender, and Forefront Security. The critical designation typically means that a vulnerability, if successfully exploited, could allow an attacker to execute malicious code remotely. The moderate designation indicates that a number of factors, such as the targeted system's configuration, make the vulnerability harder to exploit.

The critical Windows vulnerability involves the Microsoft Jet 4.0 Database Engine. In March, Microsoft issued a Security Advisory saying that it was "investigating new public reports of very limited, targeted attacks using a vulnerability in the Microsoft Jet Database Engine that can be exploited through Microsoft Word."

The Microsoft Jet Database Engine makes data accessible to a variety of Microsoft and third-party applications, including Microsoft Access, Microsoft Visual Basic, and Information Services (IIS) applications.

According to Microsoft's Jet Security Advisory, versions of the Microsoft Jet Database Engine (msjet40.dll) lower than 4.0.9505.0 are vulnerable to a buffer overrun flaw. To exploit the flaw, an attacker would have to convince a user to open a Word file designed to load a database file that uses msjet40.dll.

"The Jet bulletin is the critical patch that will have the widest impact because it affects Windows XP, Windows 2000 and Windows Server 2003," said Lumension Security director of solutions and strategy Don Leatham in an e-mailed statement. "When prioritizing this month’s patches, this will probably get the most attention because of the number of organizations running these systems and programs."

About the Author(s)

Thomas Claburn

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

See more from Thomas Claburn
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

NHL's Calgary Flames at New Jersey Devils on February 8, 2024 in Newark, NJ
IT Infrastructure
NHL, Presidio, and a Transformation Power Move with Hybrid CloudNHL, Presidio, and a Transformation Power Move with Hybrid Cloud
byJoao-Pierre S. Ruth
Apr 5, 2024
6 Min Read
Online Privacy Security Threat Abstract Background Art
Cyber Resilience
Cyber Risks When Job Hunters Become the HuntedCyber Risks When Job Hunters Become the Hunted
byCarrie Pallardy
Apr 9, 2024
9 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Hand charging an electric car, leaves and butterflies emerge from the cars exhaust, idea of sustainable transportation. Green energy, eco friendly
Sustainability
Sustainable Transportation Takes OffSustainable Transportation Takes Off
bySamuel Greengard
Mar 26, 2024
5 Min Read
Robotic hand takes a slice out of a coin, representing money
Machine Learning & AI
Special Report: What's Next for the GenAI Market in 2024?Special Report: What's Next for the GenAI Market in 2024
bySara Peters
Mar 12, 2024
3 Min Read
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now