|
|
|
|
Updates for 2008
ALERT --Security UPDATE Alert: 4 Microsoft Security Bulletins for May 2008 by Orin Thomas, MVP Windows Security Microsoft released four security updates for May, rating three of them as critical. Here's a brief description of each update; for more information, go to www.microsoft.com/technet/security/bulletin/ms08-may.mspx MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution The attack vector for this vulnerability is a specially crafted Microsoft Word file. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletin MS08-009. Applies to: Word 2007, 2003, XP, and 2000. Recommendation: Microsoft rates this update as critical. Although the vulnerability has been privately reported to Microsoft and a public exploit is not presently believed to exist, the vulnerability exists in all editions of Word, making the development of an exploit by third parties highly likely. You should test and deploy this update as a part of your organization's accelerated patch management strategy. MS08-027: Vulnerability in Microsoft Publisher Could Allow Remote Code Execution The attack vector for this vulnerability is a specially
crafted Microsoft Publisher file. The most severe consequence from an attack
leveraging this vulnerability is an attacker gaining complete control over the
affected computer. This bulletin replaces previous bulletins Applies to: Publisher 2007, 2003, XP, and 2000. Recommendation: Microsoft rates this update as critical. Although the vulnerability has been privately reported to Microsoft and a public exploit is not presently believed to exist, the vulnerability exists in all editions of Publisher. Because Publisher is less widely deployed than Word, this update, although critical, should be assigned a lower priority for testing and deployment than MS08-026. If your organization uses Publisher, you should test and deploy this update as a part of your organization's patch management strategy. MS08-028: Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution The attack vector for this vulnerability is a specially crafted .mdb file or a Microsoft Office file that includes an embedded .mdb file. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletin MS04-014. Applies to: Windows Server 2003 SP1 (not SP2), Windows XP SP2 (not SP3), and Windows 2000. Recommendation: Microsoft rates this update as critical. In the event that you have not already deployed Windows Server 2003 SP2 or Windows XP SP3, you should test and deploy this update to affected systems as part of your organization's accelerated patch management strategy. MS08-029: Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service The attack vector for this vulnerability is a specially crafted file which, when scanned by the malware protection engine, would result in a Denial of Service (DoS). This could cause the engine to stop and the computer to automatically restart. Applies to: Windows Live OneCare, Antigen for Exchange, Antigen for SMTP Gateway, Windows Defender, Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, System Sweeper located in Diagnostics and Recovery Toolset 6.0. Recommendation: Microsoft rates this update as moderate. Because this update is likely to affect Microsoft Exchange and SharePoint servers, you should test and deploy this update as a part of your organization's regular patch management strategy.
--Security UPDATE Alert: 8 Microsoft Security Bulletins for April 2008 by Orin Thomas, MVP Windows Security Microsoft released eight security updates for April, rating five of them as critical. Here's a brief description of each update; for more information, go to www.microsoft.com/technet/security/bulletin/ms08-apr.mspx MS08-018: Vulnerability in Microsoft Project Could Allow Remote Code Execution The attack vector for this vulnerability is a specially created Microsoft Project document. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletins. Applies to: Project 2000, Project 2002, and Project 2003. Does not affect Project 2007 or Project Server 2003. Recommendation: Microsoft rates this update as critical. The priority you assign this update should depend on the frequency with which your organization uses and shares Project documents. MS08-019: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution The attack vector for this vulnerability is a specially created Visio file. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletin MS07-030. Applies to: Visio 2002, Visio 2003, and Visio 2007. Does not apply to Visio Viewer. Recommendation: Microsoft rates this update as important. The urgency you attach to deploying this update should be proportional to the frequency with which your organization uses and shares Visio documents. MS08-020: Vulnerability in DNS Client Could Allow Spoofing The attack vector for this vulnerability is a specially crafted response to a DNS request. The most severe consequence from an attack leveraging this vulnerability is a client being redirected away from legitimate destinations. Applies to: Windows 2000, Windows XP, Windows Server 2003, and Windows Vista without SP1. Does not apply to Vista SP1 or Windows Server 2008. Recommendation: Microsoft rates this update as important. You should test and deploy this update as a part of your normal patch management routine. MS08-021: Vulnerability in GDI could allow Remote Code Execution The attack vector for this vulnerability is a specially created EMF or WMF image file which exploits the Windows Graphics Device Interface (GDI). The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletin MS07-046. Applies to: All Windows OSs. Recommendation: Microsoft rates this update as critical. Given that this exploit can be leveraged against all Windows OSs, you should perform accelerated testing and deploy this update to computers in your environment as soon as possible. MS08-022: Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution The attack vector for this vulnerability is specially crafted VBScript and JScript scripts. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletin MS06-023. Applies to: Windows 2000, Windows XP, and Windows Server 2003. Does not apply to Windows Vista or Windows Server 2008. Recommendation: Microsoft rates this update as critical. You should test and deploy this update to computers in your environment as soon as possible. MS08-023: Security Update of ActiveX Kill Bits The attack vector for this vulnerability is a specifically created Web page viewed by using Microsoft Internet Explorer (IE). Depending on the OS attacked, the consequences range from complete control over the affected computer to basic remote code execution. Applies to: Windows 2000 and Windows XP (Critical), Windows Server 2003 (Moderate), Windows Vista (Important), and Windows Server 2008 (Low). Recommendation: Microsoft rates this update as critical for some OSs to low for others. The priority that you apply to this update should reflect your organization's OS deployment. An organization that has only Windows Server 2008 and Windows Vista computers can deploy this patch according to their normal patch management cycle; an organization that has Windows 2000 or Windows XP clients should perform more rapid testing and deployment. MS08-024: Cumulative Update for Internet Explorer The attack vector for this vulnerability is a specially created Web page. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletin MS08-010. Applies to: All versions of Microsoft Internet Explorer. Recommendation: Microsoft rates this update as critical. You should give high priority to the testing and deployment of this update. MS08-025: Vulnerability in Windows Kernel Could Allow Elevation of Privilege This attack requires the attacker to be logged on locally. The most severe consequence from an attack leveraging this vulnerability is attackers elevating their privileges so that they have administrative rights. Applies to: All versions of Windows. Recommendation: Microsoft rates this update as important.
Because this attack can be leveraged only by a locally logged-on user, you can
test and deploy this patch as a part of your normal patch management routine. ALERT --4
Microsoft Security Bulletins for March 2008 by Orin Thomas, MVP Windows
Security Microsoft released four Microsoft Office-related security updates for
March, rating all of them as critical. Here's a brief description of each
update; for more information, go to MS08-014: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution The attack vector for this vulnerability is a specially created Excel file that must be opened by the target of the attack. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletins MS07-044, MS07-036, and MS08-013. Applies to: Office 2000, Office XP, Office 2003, Office 2007,
Office Recommendation: Microsoft rates this update as critical for Excel 2000 and important for other affected Excel versions. Given the frequency with which organizations share Excel documents and that the vulnerability has been publicly reported, you should prioritize the testing and deployment of this update. MS08-015: Vulnerability in Microsoft Outlook Could Allow Remote Code Execution The attack vector for this vulnerability is a specially created mailto URI. This vulnerability is not exploitable by the target of the attack simply opening an email message. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletin MS07-003. Applies to: Office 2000, Office XP, Office 2003, Office 2007 Recommendation: Microsoft rates this update as critical. This vulnerability was privately disclosed to Microsoft, so you can give the testing and deployment of this update a lower priority than the other updates in this bulletin. MS08-016: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution The attack vector for this vulnerability is a specially created Office file that must be opened by the target of the attack. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletins MS07-025, MS07-015, and MS08-013. Applies to: Office 2000, Office XP, Office 2003, Office 2004 for Mac Recommendation: Microsoft rates this update as critical for Office 2000 and important for all other versions of Office that are affected. MS08-017: Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution The attack vector for these vulnerabilities is a specially created Web page that, if navigated to, would allow the attacker to take complete control of the target computer. Applies to: Office 2000, Office XP, Visual Studio .NET 2002, Visual Studio .NET 2003, BizTalk Server 2000, BizTalk Server 2002, Commerce Server 2000, ISA Server 2000 Recommendation: Microsoft rates this update as critical. Given
the large number of applications and server software affected by these privately
reported vulnerabilities, you should give high priority to the testing and
deployment of this update. ALERT --11
Microsoft Security Bulletins for February 2008 Orin Thomas, MVP Windows
Security, orin@windowsitpro.com Microsoft released 11 security updates for
February, rating six of them as critical. Here's a brief description of each
update; for more information, go to www.microsoft.com/technet/security/bulletin/ms08-feb.mspx MS08-003: Vulnerability in Active Directory Could Allow Denial of Service The attack vector for this vulnerability is a Denial of Service (DoS) attack against Active Directory Application Mode (ADAM) on client computers and Active Directory on servers. The most severe consequence from an attack leveraging this vulnerability is an affected computer halting and then automatically restarting. This bulletin replaces previous bulletin MS07-039. Applies to: Windows 2000, Windows XP, Windows Server 2003 Recommendation: Microsoft rates this update as important. You should perform testing and deployment of this update as part of your organization's regular patch management routine. MS08-004: Vulnerability in Windows TCP/IP Could Allow Denial of Service The attack vector for this privately reported vulnerability is a specially crafted DHCP server response that corrupts TCP/IP structures that cause the affected system to stop responding and restart automatically. This bulletin replaces previous bulletin MS08-001. Applies to: Windows Vista Recommendation: Microsoft rates this update as important. You should perform testing and deployment of this update as part of your organization's regular patch management routine. MS08-005: Vulnerability in Internet Information Services Could Allow Elevation of Privilege The attack vector for this privately reported vulnerability is the way that Microsoft IIS handles file change notifications in the default FTP and WWW folders. The most severe consequence from an attack leveraging this vulnerability is the execution of arbitrary code, allowing the attacker to take full control of an affected computer. Applies to: Windows 2000, Windows XP, Windows Vista, Windows Server 2008 Recommendation: Microsoft rates this update as important. You should perform testing and deployment of this update as part of your organization's regular patch management routine. MS08-006: Vulnerability in Internet Information Services Could Allow Remote Code Execution The attack vector for this privately reported vulnerability is
the way that Microsoft IIS handles input to Active Server Pages (ASP) Web pages. Applies to: Windows XP, Windows Server 2003 Recommendation: Microsoft rates this update as important. You should perform testing and deployment of this update as part of your organization's regular patch management routine. MS08-007: Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution The attack vector for this vulnerability is the way the WebDAV Mini-Redirector handles responses. The most severe consequence from an attack leveraging this vulnerability is complete control of an affected system. Applies to: Windows XP, Windows Server 2003, Windows Vista Recommendation: Microsoft rates this update as critical. You should perform accelerated testing and deployment of this update. MS08-008: Vulnerability in OLE Automation Could Allow Remote Code Execution The attack vector for this vulnerability is a specially crafted Web page. The most severe consequence from an attack leveraging this vulnerability is remote code execution with the privileges of the currently logged on user. This bulletin replaces previous bulletin MS07-043. Applies to: Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Office 2004 for Mac Recommendation: Microsoft rates this update as critical. You should perform accelerated testing and deployment of this update. MS08-009: Vulnerability in Microsoft Word Could Allow Remote Code Execution The attack vector for this vulnerability is a specially
crafted Microsoft Word file. The most severe consequence from an attack
leveraging this vulnerability is complete control of an affected system. Applies to: Office 2000, Office XP, Office 2003 Recommendation: Microsoft rates this update as critical. You should perform accelerated testing and deployment of this update. MS08-010: Cumulative Security Update for Internet Explorer This cumulative update addresses several vulnerabilities, the most serious of which involves an attacker using a specially crafted Web page to take control of an affected system. This bulletin replaces previous bulletin MS07-069. Applies to: All versions of Windows Recommendation: Microsoft rates this update as critical. You should perform accelerated testing and deployment of this update. MS08-011: Vulnerability in Microsoft Works File Converter Could Allow Remote Code Execution The attack vector for this privately reported vulnerability is a specially crafted Microsoft Works file. The most severe consequence from an attack leveraging this vulnerability is complete control of an affected computer. Applies to: Microsoft Office 2003, Microsoft Works 8, Microsoft Works Suite 2005 Recommendation: Microsoft rates this update as important. You should perform testing and deployment of this update as a part of your organization's regular patch management routine. MS08-012: Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution The attack vector for this vulnerability is a specially crafted Microsoft Publisher file. The most severe consequence from an attack leveraging this vulnerability is an attacker taking complete control of an affected computer. This bulletin replaces previous bulletin MS06-054. Applies to: Office 2000, Office XP, Office 2003 Recommendation: Microsoft rates this update as critical. You should perform accelerated testing and deployment of this update. MS08-013: Vulnerability in Microsoft Office Could Allow Remote Code Execution The attack vector for this vulnerability is a specially crafted Microsoft Office file with a malformed object inserted into the document. The most severe consequence from an attack leveraging this vulnerability is complete control of an affected system. This bulletin replaces previous bulletin MS06-047. Applies to: Office 2000, Office XP, Office 2003 Recommendation: Microsoft rates this update as critical. You
should perform accelerated testing and deployment of this update.
|
