- Insider threat looms large in San Francisco
- Woman fired over death threat
- IT admin pleads not guilty
- Tape storage gets more dense
- Top 10 worst uses for Windows
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Do we need to worry about the recently disclosed vulnerability in the Microsoft Jet Database Engine if we have Windows XP Service Pack 3 installed?
Microsoft Security Bulletin MS08-028 is rated Critical for the Microsoft Jet 4.0 Database Engine, but XP SP3 is listed in the Non-Affected Software section of the bulletin so you should be safe from this vulnerability on machines with XP SP3 installed. Other versions of Windows listed as not affected include Windows Server 2003 SP2, Vista and Vista SP1, and Windows Server 2008. Users running older versions of Windows need to install the associated security update to address this vulnerability. The vulnerability in the Jet Database Engine can be exploited to install and execute programs and code remotely. The security update changes the way the Jet Database Engine parses data within a database to address the vulnerability. This flaw is not limited to users specifically using Microsoft Access databases; it can be used to attack any unpatched Windows PC system running Microsoft Office. Microsoft recommends installing the update for Microsoft Security Bulletin MS08-026, which plugs a hole allowing remote attackers to use a vulnerability in Microsoft Word to load and execute code remotely if a user opens a "specially crafted" Word file (a Word file that has been tampered with by hackers). All Microsoft Office users, both PC and Mac, should install this patch to block attacks from these "specially crafted" Word files. Keeping up with your operating system updates and Microsoft Office updates is a best practice you should encourage, if not force, all your system users to adhere to.
Rss FeedRss Feed
hey buddy, you save my life :D thanx alot- Hamid
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment