SHARE
Follow this article on Twitter Facebook LinkedIn Bookmark and Share
Home >> Security >> Hacking and Viruses

Microsoft security fixes focus on Windows desktop

Microsoft security fixes focus on Windows desktop

By:  Robert MacMillan  On: 08 Sep 2008 For: IDG News Service (SS) Creator

In all, eight bugs are squashed in the four sets of patches, but the most critical problem is addressed in the MS08-052 update. What you need to know about GDI+

Microsoft has released four sets of security updates for its products, fixing critical flaws in the Windows desktop.

The software maker's monthly set of security updates, released Tuesday, mostly fixes problems in the underlying operating system, but also includes a patch for a component of the OneNote note-taking software that is used by Microsoft Office.

In all, eight bugs are squashed in the four sets of patches, but the most critical problem is addressed in the MS08-052 update, according to Andrew Storms, director of security operations with security vendor nCircle. This update fixes five bugs in the Graphics Device Interface+ (GDI+) software used by Windows programs to draw images on computer screens and printers.

GDI+ was first released as part of the Windows XP operating system, and this latest security fix gets top priority because it is so widely used, security experts say. "If you are running XP, 2003 or 2008, you are going to need an update," Storms said via instant message.

Five months ago, hackers targeted a flaw in the older version of GDI, used by Windows 2000 systems. In these attacks, criminals placed maliciously crafted images on Web sites, which were designed to exploit the GDI flaw and install unauthorized software on the victim's machine.

Although Microsoft has not heard of anyone taking advantage of these latest GDI+ bugs in an attack, now that the software patches are available, hackers can probably reverse-engineer one of the flaws and develop new code that exploits the bugs, Storms said.

In its other Windows updates, Microsoft fixed vulnerabilities in the Windows Media Encoder 9, which is not included in the default Windows configuration, and Windows Media Player 11. Media Player 11 is the latest version of the audio and video player that ships with Windows. The Windows Media Encoder 9 is downloaded as part of the beta code for the Advanced Windows Media Plug-In for Adobe Premier 6.5, Microsoft said.

Although several of September's bugs look like they could be used to create some nasty attacks, they primarily affect Windows desktops rather than servers, said Eric Schultze, chief technology officer at Shavlik Technologies. "So your servers sitting in the data center, you're way less at risk with those," he said. "Worry most abut the computers where people are sitting in front of the keyboard."


Sign up for our Newsletters
Tags: Media Player, Microsoft, operating system, Windows Media Encoder
Close X












Close X
Print |  Views: 921   |   Rating:offoffoffoffoff  (0 votes)
Rate this article on a scale of
1 to 5 stars,5 being the best.



Close X
Page 1

Robert MacMillan Robert MacMillan is a contributor to the International Data Group (IDG) News Service, which publishes global technology stories from bureaus around the world to more than 300 publications in more than 60 countries.

Comments (5)

RE: Broke my internet.
by MrVivona 9/12/2008 12:00:00 AMI experienced the same problem, except I couldn't get my wireless adapter to associate with the access point. I did a System Restore to before KB938464 and it worked again. However, Windows immediately updated itself and I lost connectivity again. This time I disabled Windows Update and did another System Restore. I don't like running without updates, but until I have a solution, I have to. Any fixes found yet?
Broke my internet.
by Bill 9/10/2008 12:00:00 AMThe KB938464 Update broke my internet connection. Had to remove it to be able to connect to websites again. Very odd. Sites pinged just fine. ipconfig looked good. Couldn't even get to my router or cable modem configuration pages.
RE: Mr
by jcheah52 9/15/2008 12:00:00 AMI did an update to one of my servers, and it died, we have to use recovery console to recover it. The server restarted with the error windows cannot start and windows\system32\ntoskrnl.exe corrupted or missing. I don't know if this is related to the patch or just coincidence.
Mr
by John Martin 9/13/2008 12:00:00 AMI too lost all Internet connectivity when the update was installed. Specifically, My network connection (Ethernet XP to DSL) was showing as 'disabled', and in such a way that it could not 'enabled' manually. Only after System restore could I re-connect with my DSL modem.
KB954430 Lost my Internet Connection - Vista
by Ana 1/25/2009 12:00:00 AMWhat is the deal with Vista!!! I am going out of my mind, need to install one update at a time. Its a crap shoot, to whether my internet connection will be lost. Depending on the update, I lose my connection and have to restore to prior the update. So far I have problems with KB956391, KB958215, KB954430 & KB938464. I hate VISTA!!!
Name: (required) eMail: (optional)

Your email address will not appear online and will be used only if the editor wishes to contact you personally for additional comments.