Microsoft Releases Eleven Patches for October 2008

Microsoft Corp. has released its latest monthly security bulletin - Patch Tuesday for October 14, 2008. It includes eleven patches addressing 20 security flaws. Of these patches, four are rated as "critical", six as "important" and the rest as "moderate".

Security specialists said that one of the 'critical' patches fixes a vulnerability in Excel pertaining to the execution of remote code. The code can allow a hacker to install malware to serve his malicious purpose through a crafty Excel file.

Furthermore, the next critical patch fixes a flaw of remote code execution in the Host Integration Server product of Microsoft. The company said that an attacker could exploit this vulnerability by sending a harmful 'Remote Procedure Call' (RPC) request, and if the operation is successful, then it could enable the attacker to fully compromise the targeted system, as reported by SearchSecurity on October 14, 2008.

Flaws were also found in Active Directory on Microsoft Windows 2000 Server. Security investigators also address an issue in the manner the server assigns memory for LDAP requests. Microsoft said that a remote hacker could send a malicious LDAP request, creating a problem of memory allocation. If properly exploited, the hacker could take full control of the targeted network.

The last critical patch is a cumulative update for Internet Explorer that includes fixes for execution of remote code in IE 7, 6 and 5.

Security specialists said that the IE bulletins addresses five problems that could be exploited by an attacker if a user visits a malicious Web page. Of these five, two comprised an HTML element cross-domain flaw and an event-handling cross-domain flaw. These flaws are chief contenders for the development of consistent attack code.

David Marcus, Director of Security Research and Communications at McAfee, said that the vulnerabilities of remote code execution pose a big threat to users not deploying the patch, as reported by Vnunet on October 15, 2008.

Marcus added that it was the month announcing remote code bugs, and a lot of the flaws that Microsoft addressed allow hackers to gain full access to an affected computer by getting an end-user to view malicious sites.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 10/20/2008