Following a comparatively quiet update in January, Microsoft’s monthly security update for February 2008 rolls out eleven security fixes to its Microsoft Windows operating systems, six of which the company considers critical. The most obvious of the bunch would enable a specially-crafted Web page to execute arbitrary code on a users’ system; the vulnerability impacts Internet Explorer 5.01 up to Internet Explorer 7.
Three of the critical fixes land in Microsoft Office 2000, XP, and 2003, and also impact Office 2004 for Macintosh, although the more recent 2007 and 2008 released of Office for both platforms are immune. The problem could lead to remote code execution.
Two other vulnerabilities apply to Microsoft’s Internet Information Services (IIS) server, while another two could be used in a denial-of-service attack that could force affected systems to restart. The final vulnerability only impacts the Microsoft Works File Converter, but it could enable an attacker to take over a remote system.
Windows Server 2008 and Windows Vista SP1 are not impacted by any of the new security bulletins.
The updates can be obtained from the Microsoft Update Web site, or using Windows’ built-in update tool.
