August's Patch Tuesday Brings Lots of Security Updates Your Way

Posted 08/12/2008 at 8:17pm | by Mark Edward Soper

0

Comments

Print

It's a super-sized Patch Tuesday this month, and here's what to expect Windows Update to be sending you in the next day or so (if not already). Follow the links if you prefer to install the updates immediately.

Critical updates include:

• A fix for a remote code execution vulnerability in Windows Image Color Management affects users running Windows XP, Windows Server 2003, and Windows 2000 SP4 (Windows Vista users can breathe easy on this one).
• A fix for a sextet of vulnerabilities in Internet Explorer 5.01, 6, and 7 affects users of Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003, Windows Vista, and Windows Server 2008.
• A fix for a remote code execution vulnerability in the ActiveX control for Microsoft Access's snapshot viewer affects Office 2000 SP3, Office XP SP3, and Office 2003 SP2 and SP3 (Office 2007 users, you ducked this one).
• A fix for a quartet of privately reported vulnerabilities in Microsoft Excel. Versions from Office 2000 SP3 all the way through Office 2007 as well as viewers, Share Point Server, and compatibility packs are affected.
• A fix for a trio of privately reported remote code execution vulnerabilities in PowerPoint and PowerPoint Viewer affects PowerPoint XP, PowerPoint 2003, PowerPoint 2007, PowerPoint Viewer 2007, as well as Microsoft Office 2004 and 2008 for MacOS.
• A fix for five privately reported major vulnerabilities in handling image files in some versions of Office affects Office 2000, Office XP, Office 2003 SP2, Project 2002 SP1, MS Office Converter Pack, and MS Works 8.

Important Updates include:

• A fix for a vulnerability in IPSec VPN rules affects all versions of Windows Vista, Windows Vista SP1 and Windows Server 2008.
• A fix for remote code vulnerabilities in Microsoft Windows Event System affects Windows Server 2000 SP4, Windows XP SP2 and SP3, all Windows XP 64-bit editions, Windows Server 2003 SP1 and SP2 (all editions), Windows Vista and Vista SP1, and all editions of Windows Server 2008.
• A fix for a vulnerability in both Outlook Express and Windows Mail affects Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008.
• A fix for an information disclosure vulnerability  in Windows Messenger 4.7 (affects Windows XP SP2, SP3, 64-bit; Windows Server 2003 SP1, SP2, 32-bit, 64-bit, Itanium) and Windows Messenger 5.1 (affects Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 32-bit, 64-bit, Itanium).
• A fix for a remote code execution vulnerability in Microsoft Word versions for Office XP SP3 and Office 2003 SP2/SP3.

What Else Does Patch Tuesday Bring You?

As usual, you'll get a new version of the MS Windows Malicious Software tool and a new Windows Mail junk e-mail filter. This month, Patch Tuesday's also bringing you updates for Windows Home Server, daylight savings time updates for current Windows versions, and other fixes for various Windows versions. For details, see the New non-security contents section of KB894199.

Stay safe out there!