Microsoft issues new critical patch for Windows, Office, Forefront, more

security

Microsoft issued a critical patch today for the Windows GDI+ flaw. This patch is in addition to the 28 holes fixed via eight patches released yesterday, the December Patch Tuesday.

This hole was originally found and patched in September as Bulletin MS08-052. But security researchers discovered that the flaw affects a far wider scope of products than the September patch fixes. Today's security update is rated critical for all supported editions of XP, Windows Server 2003, Vista, and Windows Server 2008, IE6 SP1 when installed on Microsoft Windows 2000 SP4, Microsoft Digital Image Suite 2006, SQL Server 2000 Reporting Services Service Pack 2, all supported editions of SQL Server 2005, Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package, and Microsoft Report Viewer 2008 Redistributable Package.

This security update is rated important for all supported editions of Microsoft Office XP; Microsoft Office 2003; all affected Office Viewer software for Microsoft Office 2003; 2007 Microsoft Office System; all affected Office Viewer software for 2007 Microsoft Office System; Microsoft Office Compatibility Pack, Microsoft Expression Web, Microsoft Expression Web 2, Microsoft Office Groove 2007 and Microsoft Office Groove 2007 Service Pack 1; Microsoft Office Project 2002; Microsoft Visio 2002; Microsoft Office PowerPoint Viewer 2003; Microsoft Works 8; and Microsoft Forefront Client Security 1.0.

Microsoft says that these vulnerabilities could allow remote code execution if a user viewed an evil image file using affected software or browsed an evil Web site. According to Symantec's Security Response Team blog,

"The GDI component of Microsoft Windows is prone to an integer-overflow vulnerability that may be triggered by a malicious WMF (Windows Metafile) image. A successful exploit will let the attacker execute arbitrary code in the context of the currently logged-in user."

Also see: 8 patches for Patch Tuesday, plus new WordPad hole found

Visit the Microsoft Subnet web site for more news, blogs, podcasts. Also see: Windows 7 cracked8 little-known technologies that instantly make Microsoft shops run smoother17 job-hunting resources for Windows prosGlenn Weadock: Windows Search optionsWindows & Macs Need Side Impact Crash TestingLibrary of Windows management tools from A Better Windows Worldall Microsoft Subnet bloggers.bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)

Subscribe to

Sign up for the

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

IT Salary Survey: The results are in