Security Blog

 

August 28, 2009
Microsoft Announces August Security Patches

Microsoft announced 9 security patches in August. Of the 9, 5 were of the level "Critical", including a fix to the mass exploited Office "memory corruption" zero-day vulnerability, as well as another serious Windows security hole affecting Mac users.

This security update (named as MS09-043), not only fixes a security vulnerability in multiple versions of Office, but also involves VisualStudio.NET 2003 SP1, ISA Server 2004 SP3 / 2006 SP1, and BizTalkServer2002 as well as other Microsoft products, thereby reducing number of users of these products that are at risk to remote code execution attacks.

On July 14th Microsoft released an emergency update immediately available to customers worldwide numbered as "973,472". This security bulletin recognizes that some versions of Office Web Components ActiveX control (this control is mainly used for Web page display, release forms, charts, and databases) contained loopholes that hackers could exploit by constructing a malicious Web page (i.e. "hang Ma page") to gain control of the visitor's computer and execute arbitrary code. Up to now, there have been several million Web pages used by hackers to exploit the Office loophole "hanging horse". We are able to detect and deal with this specifically crafted Trojan. The virus is named Trojan.Win32.Monder.cqjp in our virus library.

In the patch containing the fix for the aforementioned Office memory corruption vulnerability also contained eight other patches for Windows2000, XP, Vista, and even Windows Server 2008, as well as fixes to dozens security vulnerabilities for software applications such as Outlook Express and Windows Media Player. These vulnerabilities may lead to remote code execution, privilege escalation, denial-of-service attacks, and other hacker attacks.

With the Black Hat and DefCon security conferences taking place earlier this month in Las Vegas, there was a large gathering of the world's hackers, disclosing and sharing all kinds of information on security vulnerabilities. We expect this to dramatically amplify the amount of potential threats on the global Internet. Seems like Microsoft has also taken notice shown by their increased intensity for August security updates.

Posted by: Netgear Threat Lab at 2:06 PM
Categories: General , Netgear Threat Lab

No TrackBacks

TrackBack URL: http://prosecure.netgear.com/cgi-bin/mt/mt-tb.cgi/42

Comments

Back to Top

Partner Login

The PowerShift Program puts a world of resources at your fingertips.

Login Page:
http://www.netgear.com/Partners/
Powershift.aspx

Apply to be a Partner:
http://info.netgear.com/forms/powershift

Forget Password:
http://www.netgear.com/Extranet/
ForgotPassword.aspx

In This Section

Categories

 

Recent Posts

 

Monthly Archives

 
 
Lijit Search