Microsoft Patch Tuesday Targets 26 Application Flaws
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Microsoft Patch Tuesday Targets 26 Application Flaws

Written By
Brian Prince
Brian Prince
Aug 12, 2008
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Microsoft released its August Patch Tuesday update Aug. 12 with 11 bulletins that plug 26 security holes across multiple products.

Six of the bulletins are rated “critical” and address remotely exploitable flaws in Internet Explorer, PowerPoint, Excel, Microsoft Office Access, Microsoft Office and the Windows operating system. The critical bulletins swat a total of six bugs in Internet Explorer, five affecting Microsoft Office filters, four in Microsoft Excel, three in Microsoft PowerPoint, and one apiece affecting Office Access and the Windows Image Color Management system.

“The patches that address zero-days issues are the most critical as some of the zero-days are actively being exploited by attackers,” said Amol Sarwate, manager of the vulnerabilities lab at Qualys. “It’s important to note that users should make it a priority to install all of the patches this month. This is the biggest batch of client-side security patches we’ve seen from Microsoft.”

In July, Microsoft reported Office Access was falling victim to targeted attacks trying to take advantage of a bug in the ActiveX control for Snapshot Viewer. The vulnerability is exploitable via a malicious or compromised Web page, and affects the ActiveX control for the Snapshot Viewer for the Microsoft Office Access 2000, 2002 and 2003 versions. The vulnerability is addressed in bulletin MS08-041.

Other zero-day vulnerabilities addressed by the update include a fix for Microsoft Word that was rated “important” and has been exploited in the wild. Another zero-day, also rated important, lies in Windows Messenger and allows attackers to steal information such as a user’s ID and initiate audio or video conferences without the knowledge of the logged-on user.

Another key bulletin is MS08-046, which addresses an issue in the Windows Image Color Management (ICM) system. The vulnerability is triggered by a heap overflow when the Microsoft Color Management System (MSCMS) module of the ICM component improperly allocates memory for a specially crafted image file. A successful exploit would mean getting a user to view the malicious image file, and could give the attacker complete control of an affected system. The vulnerability affects Windows 2000 and XP as well as Windows Server 2003.

Other bulletins rated “important” fixed flaws in Windows, Outlook Express and Windows Mail.
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information