Microsoft patch updates

The patch affects Outlook 2007 and Word versions 2003, 2002 and 2000. Additionally, Word Viewer 2003 and Word Viewer 2003 SP3, as well as the Office Compatibility Pack for Excel, Word and PowerPoint 2007 file formats are affected with a proviso of "important."

One thing IT pros should note is that the update parameters are structured for where the remedies reside, mainly at the application level, affecting Office 2003 SP3, Office XP SP3, Office 2000 SP3, and the 2007 Office System Software and its first update in Office System SP1.

The second critical update would thwart RCE attacks via the Microsoft Publisher program. Redmond stated in the release notes that the fix is configured to resolve one "newly discovered and privately reported vulnerability" in the program that could be exploited when users open a corrupt Publisher file. The versions affected are Publisher 2003 SP2 and SP3, 2002, 2000 SP3, and all versions of Publisher 2007.

Meanwhile, the third patch, involving the Jet Database Engine — in many processing environments, the foundation for Windows products and applications on the OS — is probably the most vital of the critical patches. Security administrators, systems administrators, and even database and network administrators would all do well to pay attention to this bulletin as well as monitor the results after installation.

"With this flaw, there is a possible way to create a buffer overflow in the Jet engine," explained Jason Miller, security data team manager for St. Paul, Minn.-based Shavlik Technologies. "By exploiting this vulnerability, an evil attacker could take over complete control over a machine. This can be accomplished by sending an evil file that contains a Word document with a specially crafted access database file embedded in the document."