Four patches from Microsoft this month

As with the past six months of security bulletin announcements, patches designed to stave off remote code execution (RCE) exploit attacks continue to pervade Microsoft's security and hotfix strategy. Tuesday looks to be no different, as all three critical items would plug such vulnerabilities pertaining to components of the Microsoft Office Suite and a handful of Windows operating system versions.

The first critical item deals with RCE attack mechanisms through a malicious Word file and comprises updates for Word versions 2000, 2002, 2003 and 2007. Additionally, Word Viewer 2003, Word Viewer 2003 Service Pack 3 as well as the Office Compatibility Pack for Word, Excel and PowerPoint 2007 file formats are affected -- albeit deemed as "important."

Overall, the first fix mainly sits at the application level, affecting Office 2000 SP3, Office XP SP3, Office 2003 SP3 and the 2007 Office System Software and its first update in Office System SP1.

Critical patch No. 2 staves off RCE attacks via the Publisher program. The versions affected are Publisher 2000 SP3, 2002 SP3, 2003 SP2 and SP3 and all versions of Publisher 2007.

The last -- and perhaps most intriguing -- critical bulletin relates to the Jet Database Engine (Jet) and the blocking of RCE attacks in what's known as the foundation for Windows products and applications on the OS. In this particular case, Jet serves as the underlying operational component of a given workstation or network. It lays out the framework for a given enterprise's collection of information stored on a computer, server or drive in a systematic and customized way.

Critics have often complained about the design of the Jet-based database, which many contend wasn't built to sustain the complex and heavy workloads on the average enterprise Exchange Server environment. The fix is for Jet 4.0 Database Engine sitting on the following operating systems: Windows 2000 SP4, XP SP2 and XP Professional x64 Edition. The fix also touches Windows Server 2003 SP1, Windows Server 2003 x64 Edition and Windows Server 2003 with SP1 for Itanium-based systems.

Meanwhile, the lone important fix deals with a potential denial of service hack that can lock administrators and users out of Windows Live OneCare, Microsoft Antigen, the Windows Defender security program, Forefront and the standalone System Sweeper.

Two of the four patches will require a restart.

And in an initiative that began last month, Microsoft is referring IT pros and Windows Enterprise professionals to this knowledge base article for a description of non-security and high-priority updates on Microsoft Update, Windows Update and Windows Server Update Services. While this process doesn't exactly scream "user-friendly," the support page is a comprehensive list of changes in content and deployment of updates.

This month's list features, among other things, information on an upgraded Windows Malicious Software Removal Tool, non-security updates for Windows Server 2008 and Vista, as well as updated info on Windows Server 2008 Dynamic Installer and Vista Dynamic Installer. Rounding out that list is an update of the Windows Mail Junk E-mail Filter.