Microsoft to release four new patches

May 16, 2008

Microsoft is scheduled to fix serious defects in its Word, Publisher and Jet database software this week.

Additionally the software vendor aims to release a lesser-critical update for its anti-virus products, addressing a defect that attackers could leverage to initiate a denial of service (DoS) attack against products such as Windows Live OneCare and Microsoft Forefront Security.

The updates will be distributed on Tuesday, the day reserved for Microsoft’s monthly collection of security patches. Microsoft has provided some premature details on the patches.

Microsoft deems flaws to be critical when they may be exploited by attackers in order to launch illicit software on a victim’s system.

Even though Microsoft’s note does not illustrate the bugs in detail, it appears that the company is preparing to fix a recognized bug in the Jet database engine, which was disclosed in late March.

Attackers had established a new technique to launch a malicious Jet file using Microsoft Word, Microsoft warned in a blog posting.

Jet files, which have an .mdb extension, are characteristically blocked by Outlook, but attackers have figured out a way to work around the mitigations built into Outlook, Microsoft said in its post.

The Jet error affects Windows XP, 2000 and Server 2003 Service Pack 1.

The Word flaw is deemed critical for both Windows and Mac users.

Although rated only “moderate,” the DoS bug in Microsoft’s security products is ground for anxiety.

It affects many Microsoft security products including OneCare, Antigen, Windows Defender, Standalone System Sweeper and several Forefront Security products.