Login, change your address, subscribe to new or manage current magazines or e-newsletter subscriptions
IT World Events
Site Map - Affiliates
Computerworld Publication PageNetworkWorld Publication PageCIO Canada Publication PageITJobUniverse.ca - The Information, Communication and Technology (ICT) Job Board
Enter your  QUICKLINK number to go directly to that article.
Advanced Search
Knowledge Centres
Content Types
Featured White Papers
Gartner Research Note "Boost SharePoint Performance with an Application Delivery Network"Gartner Research Note "Boost SharePoint Performance with an Application Delivery Network"
Provided by: Citrix
read more
From fear to value: CIO strategies for propelling business through the economic crisisFrom fear to value: CIO strategies for propelling business through the economic crisis
Provided by: IBM
read more
Reaping the rewards of your service-oriented architecture infrastructureReaping the rewards of your service-oriented architecture infrastructure
Provided by: IBM
read more
Yuk it Up
Featured White Paper
Ensuring that IT security is delivering true value to the organization requires approaching security through a business lens, with the ability to span operational silos and IT domains to secure your critical business processes across the organization. Read on to learn how to help mitigate enterprise security risks by leveraging IBM solutions to drive business innovation and success, while reducing complexity and costs along the way.
IT World Canada Blogs
Keep up with breaking news on worms, trojans, spam and other threats to your corporate network and hear about the best practices in risk management from some of Canada's leading experts.
Salary Calculator 2009
Check out Computerworld Canada's 2009 Salary Calculator. Access up-to-date information from our 2009 IT Salary Survey, including salaries, cash bonuses, and percentage increases over 2008.
Featured Spotlight
Keep up on who's hiring, who's downsizing and how the government is helping. News, job opportunities, recruiters and employment lawyers are all available.
Sign-Up for
Security
eNewsletter Delivered Weekly
Click here
Page 1 of 1

Digg it Twitter

Microsoft security fixes focus on Windows desktop

By: Robert MacMillan - IDG News Service (SS)  (09 Sep 2008)

In all, eight bugs are squashed in the four sets of patches, but the most critical problem is addressed in the MS08-052 update. What you need to know about GDI+

Microsoft has released four sets of security updates for its products, fixing critical flaws in the Windows desktop.

The software maker's monthly set of security updates, released Tuesday, mostly fixes problems in the underlying operating system, but also includes a patch for a component of the OneNote note-taking software that is used by Microsoft Office.

In all, eight bugs are squashed in the four sets of patches, but the most critical problem is addressed in the MS08-052 update, according to Andrew Storms, director of security operations with security vendor nCircle. This update fixes five bugs in the Graphics Device Interface+ (GDI+) software used by Windows programs to draw images on computer screens and printers.

GDI+ was first released as part of the Windows XP operating system, and this latest security fix gets top priority because it is so widely used, security experts say. "If you are running XP, 2003 or 2008, you are going to need an update," Storms said via instant message.

Five months ago, hackers targeted a flaw in the older version of GDI, used by Windows 2000 systems. In these attacks, criminals placed maliciously crafted images on Web sites, which were designed to exploit the GDI flaw and install unauthorized software on the victim's machine.

Although Microsoft has not heard of anyone taking advantage of these latest GDI+ bugs in an attack, now that the software patches are available, hackers can probably reverse-engineer one of the flaws and develop new code that exploits the bugs, Storms said.

In its other Windows updates, Microsoft fixed vulnerabilities in the Windows Media Encoder 9, which is not included in the default Windows configuration, and Windows Media Player 11. Media Player 11 is the latest version of the audio and video player that ships with Windows. The Windows Media Encoder 9 is downloaded as part of the beta code for the Advanced Windows Media Plug-In for Adobe Premier 6.5, Microsoft said.

Although several of September's bugs look like they could be used to create some nasty attacks, they primarily affect Windows desktops rather than servers, said Eric Schultze, chief technology officer at Shavlik Technologies. "So your servers sitting in the data center, you're way less at risk with those," he said. "Worry most abut the computers where people are sitting in front of the keyboard."

Page 1 of 1
Send to a Friend  Rate This Page  Print This PageAdd a new comment
Bookmark this article on:
del.icio.us| Digg it| Furl| Google| Technorati| StumbleIt| Yahoo!

Have something to say about this article? Add a new comment

If you find a comment inappropriate, You can notify the moderator by clicking the Report an innapropriate comment icon.
Broke my internet.Reply to this commentReport an innapropriate comment
The KB938464 Update broke my internet connection. Had to remove it to be able to connect to websites again. Very odd. Sites pinged just fine. ipconfig looked good. Couldn't even get to my router or cable modem configuration pages.
Written by: Bill, from
RE: Broke my internet.Reply to this commentReport an innapropriate comment
I experienced the same problem, except I couldn't get my wireless adapter to associate with the access point. I did a System Restore to before KB938464 and it worked again. However, Windows immediately updated itself and I lost connectivity again. This time I disabled Windows Update and did another System Restore. I don't like running without updates, but until I have a solution, I have to. Any fixes found yet?
Written by: MrVivona, from
RE: Broke my internet.Reply to this commentReport an innapropriate comment
To restore wireless connectivity after installing this update: 1) Click Start, Run, type "services.msc" (without quotes), click OK. 2) Scroll to the bottom of the list and look for the "Wireless Zero Configuration" service. 3) Double-click the service to open its properties, then do the following: a) Change the startup type (drop-down list in the middle of the screen) to Automatic b) Click Apply c) Click the Start button, then OK 4) Close the Services window Should be good to go now.
Written by: WillieB, from Dallas, TX
MrReply to this commentReport an innapropriate comment
I too lost all Internet connectivity when the update was installed. Specifically, My network connection (Ethernet XP to DSL) was showing as "disabled", and in such a way that it could not 'enabled' manually. Only after System restore could I re-connect with my DSL modem.
Written by: John Martin, from Oneida
RE: MrReply to this commentReport an innapropriate comment
I did an update to one of my servers, and it died, we have to use recovery console to recover it. The server restarted with the error windows cannot start and windows\system32\ntoskrnl.exe corrupted or missing. I don't know if this is related to the patch or just coincidence.
Written by: jcheah52, from
PresidentReply to this commentReport an innapropriate comment
I haven't noticed any problems with the update - could there be other issues already associated with your systems prior to the update?
Written by: David Goncalves, from Toronto
SwitchReply to this commentReport an innapropriate comment
I didn't have any problem with that update, as I switch to mac one year ago. Windows is crap and doesn't worth to be updated anyway ...
Written by: Georges, from Longueuil
KB954430 Lost my Internet Connection - Vista Reply to this commentReport an innapropriate comment
What is the deal with Vista!!! I am going out of my mind, need to install one update at a time. Its a crap shoot, to whether my internet connection will be lost. Depending on the update, I lose my connection and have to restore to prior the update. So far I have problems with KB956391, KB958215, KB954430 & KB938464. I hate VISTA!!!
Written by: Ana, from
ADD A COMMENT
Name:*Your email address will not appear online and will be used only in the event that the editor wishes to contact you personally for additional comment.
City:
Email:
Title:*
Comment:*
* required fields



Related Content
Articles

White Papers
Improving business through smart energy and environment policy
Businesses and public entities today face increasing pressure to develop policies that are both good for the planet and good for business. A framework developed by IBM offers businesses and other organizations a comprehensive approach to energy and environmental issues. The framework helps identify and prioritize environmental efforts by breaking down problems and opportunities into seven distinct business areas, which can then be segmented into manageable projects.
Copyright InformationPrivacy Policy Site MapAbout UsMedia CentreReprint ServicesMobileFeedbackContact Us
ComputerWorld Canada | NetworkWorld Canada | CIO Canada | IT Business | CDN | Direction Informatique | PCWorld Canada | Macworld Canada | IT Job Universe | my IT Vendor
©2009 ITworldcanada.com All rights reserved.