14 DAY TRIAL // May has so far proved to be nothing short on an easy ride for the Redmond company, which issued a total of four security bulletins affecting the Windows operating system and the Office suite as well as a range of security solutions including Windows Live OneCare, Antigen, Windows Defender, Forefront Security. Notable is the absence of Windows Vista Service Pack 1 and Windows XP Service Pack 3 from the list of affected products, but the fact of the matter is that neither of the six vulnerabilities patched via the May security updates impact Vista SP1 or XP SP3.
"We just posted our May 2008 Bulletins. We released four bulletins today, which include three bulletins with severity rating of critical and one with the severity rating of moderate. I think it is also worth noting that MS08-026 includes additional security mitigations against attacks as identified in Microsoft Security Advisory 950627. We recommend that customers install the updates provided in both MS08-026 and MS08-028 for the most up to date protection against these types of attacks", revealed Tami Gallupe, MSRC Release Manager.
The three security bulletins, labeled with a severity rating of critical, namely MS08-026, MS08-027, and MS08-028 are designed to patch vulnerabilities in Office Word, Publisher and in the Microsoft Jet Database Engine. The updates patch vulnerabilities that allow for remote code execution in the eventuality of successful exploits. MS08-029 deals with a vulnerability in the Microsoft Malware Protection Engine which puts users at risk of Denial of Service attacks.
Microsoft considers the level of threat for users of Windows Live OneCare, Antigen for Exchange, Antigen for SMTP Gateway, Windows Defender, Forefront Client Security, Forefront Security for Exchange Server and Forefront Security for SharePoint as Moderate. The only Windows operating systems affected are Windows 2000 SP4, XP SP2 and XP Professional x64 Edition, and Windows Server 2003 x64 and SP1. In addition, Office 2000, Office XP, Office 2003 and even Office 2007 SP1 are all at risk.
Here are the links for the security bulletins:
- MS08-026 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution - MS08-027 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution - MS08-028 Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution - MS08-029 Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service