SDA India is an online resource for Software, Development,IT, Architecture, Open Source, Mobile, Security, Databases, Delphi, C, OS, Asp, .Net, Php, Xml, Java

Microsoft, this week, has issued security bulletins and patches for four vulnerabilities. Three of the flaws, in Microsoft Word, Publisher and the Jet database engine, are critical in at least some configurations. The fourth details a moderate vulnerability in Microsoft's Malware Protection Engine, which powers products like Windows Live OneCare, Microsoft Antigen, Microsoft Windows Defender, and Microsoft Forefront Security.

MS08-026 fixes two privately reported holes in Word that could have been allowed an attacker to take control of a victim's computer using a maliciously crafted Word file. The second bulletin, MS08-027, describes a flaw in Microsoft Publisher which sounds very similar to one of the Word vulnerabilities. It too is critical on Publisher 2000 and less so on other versions because of the Confirmation Tool.

MS08-028 repairs a publicly reported flaw in the Microsoft Jet Database Engine (4.0) in Windows. If successfully exploited, the vulnerability could allow an attacker to execute arbitrary code, mitigated by the user's administrative rights.

Finally, security researchers had concerns regarding patches for two vulnerabilities in the Microsoft Malware Protection Engine. While the error was rated "moderate," an unpatched vulnerability provides a remote attacker the potential to compromise malware protection applications. By creating a malicious file, an individual could clog up the system with a denial of service attack, which could cause the Malware Protection Engine to stop scanning infected files.

Commenting on the release of these patches, Amol Sarwate, vulnerability lab manager at Qualys, said that though these bugs are considered to be only a moderate risk, system administrators should take them seriously.

He further added saying that, "If someone sends a malformed e-mail and that is processed by any of these antivirus and antispyware products, it would cause the product to crash. If you can crash security software that is supposed to protect you, then you are left with no protection at all.”