Microsoft today released a set of patches as part of their monthly security update to plug critical holes in Microsoft Word, Publisher, and a critical vulnerability in Windows for which a Zero-day exploit has been available for weeks.
The critical Windows vulnerability was discovered in the Microsoft Jet Database Engine 4.0 and could be exploited through a Word document or an email. By convincing a user to click on a link in an email message to navigate to a malicious website that contains a specially crafted Word file, the flaw allowed an attacker to gain the same user rights as the local user.
Microsoft also remedied an issue rated as moderate that would allow an attacker to shut down and restart the Microsoft Malware Protection Engine used in the company’s security products including Windows Live OneCare and Windows Defender. Full details for the latest Patch Tuesday can be found here.