MS Patch Tuesday: Critical IE, Office, Excel patches coming

Summary:Next Tuesday (August 12th), Microsoft will ship 12 security bulletins with fixes for serious vulnerabilities in a wide range of of widely deployed products.Seven of the 12 bulletins will be rated "critical," Microsoft's highest severity rating.

Critical IE, Office, Excel patches coming
Next Tuesday (August 12th), Microsoft will ship 12 security bulletins with fixes for serious vulnerabilities in a wide range of of widely deployed products.

Seven of the 12 bulletins will be rated "critical," Microsoft's highest severity rating.

The critical bulletins will cover remotely exploitable flaws in Internet Explorer, Windows Media Player, MS Excel, MS PowerPoint, MS Access, MS Office and the Windows operating system.

The other five will carry an "important" rating and will include patches for bugs in Windows, Outlook Express, Windows Mail, Windows Messenger and Microsoft Word.

Windows Vista and Windows Server 2008 are affected by five of the bulletins.

It is very likely that the critical MS Access fix is for a known -- and under attack -- ActiveX control vulnerability in the Snapshot Viewer for Microsoft Access.

A pre-patch advisory is already available to warn about the MS Access attacks:

An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

The ActiveX control for the Snapshot Viewer for Microsoft Access enables you to view an Access report snapshot without having the standard or run-time versions of Microsoft Office Access. The vulnerability only affects the ActiveX control for the Snapshot Viewer for Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003.

The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007. The ActiveX control is also shipped with the standalone Snapshot Viewer.

Topics: Browser, Collaboration, Microsoft, Operating Systems, Security, Software, Software Development, Windows

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.