Microsoft to issue critical fixes for Windows XP, Windows Server 2003

The updates would repair a problem with the Microsoft Jet 4.0 Database Engine that could be exploited by an attacker to gain access to critical system files.

Microsoft said it would release three critical updates next week and one moderate update to repair flaws in Office applications and Windows as part of its monthly patch Tuesday update.

In the Microsoft advance patch notice, the software maker said the security updates plug holes in Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows XP Professional x64 Edition, Windows Server 2003 Service Pack 1, Windows Server 2003 x64 Edition, and Windows Server 2003 with SP1 for Itanium-based Systems.

Microsoft security news:
Microsoft releases April trove of patches: Windows, Office and IE all have patches deemed "critical" by Microsoft this month.

Inside MSRC: Microsoft gives guidance on security updates Microsoft's Bill Sisk takes the reader through the software giant's April 2008 security bulletins.

Microsoft's Mundie: Let's talk privacy Craig Mundie, Microsoft's chief research and strategy officer said industry must work together to address privacy and security challenges on the Internet.

The issue is with Microsoft's Jet 4.0 Database Engine, which could be exploited by an attacker remotely to gain access to a system.

A critical flaw in Microsoft Word 2000 Service Pack 3 could be exploited by an attacker to gain access remotely.

Important updates affect Microsoft Office 2004 and 2008 for Mac, Microsoft Outlook 2007 and Microsoft Word 2002, 2003 and 2007. Also affected is Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.

Bill Sisk, the response communication manager for the Microsoft Security Response Center (MSRC), said the advance bulletin is preliminary information, and is subject to change.

"These updates may require a restart and will be detectable using the newly released version of the Microsoft Baseline Security Analyzer," he said in the Microsoft Security Response Center Blog.

The software giant will also release an updated version of its Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center, and host a Security Bulletin Webcast so customers can ask questions about the latest fixes.

Last month, Microsoft released five critical and three important vulnerabilities. The critical flaws left users open to remote code executions, and affected Office Project, Windows vis-à-vis Graphics Device Interface (GDI), VBScript and JScript scripting engines, and Internet Explorer.

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close