MS07-068 - Critical: Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275) - Version:2.3 Severity Rating: Critical - Revision Note: V2.3 (November 28, 2008): Bulletin updated to correct the filename of wwmasf.dll to wmasf.dll in the file information for Windows Media Format 9.5 Runtime for Windows Server 2003 x64 Edition.Summary: This critical security update resolves a privately reported vulnerability in Windows Media File Format. This vulnerability could allow remote code execution if a user viewed a specially crafted file in Windows Media Format Runtime. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Tue, 25 Nov 2008 08:00:00 GMT
MS07-005: Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723) - Version:2.0 Severity Rating: Important - Revision Note: V2.0 (November 25, 2008): Bulletin updated: added Windows XP Service Pack 3 as an Affected Product. Step-by-Step Interactive Training is not installed on Windows by default and therefore this security update should be applied to systems running Windows XP Service Pack 3.Summary: This update resolves a newly discovered, privately reported vulnerability. The Step-by-Step Interactive Training has a remote code execution vulnerability that could allow an attacker to take complete control of an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update at the earliest opportunity.
Tue, 25 Nov 2008 08:00:00 GMT
MS06-078: Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689) - Version:6.1 Severity Rating: Critical - Revision Note: V6.1 (November 25, 2008): Bulletin updated to correct the filename, Wwmvcore.dll, to Wmvcore.dll for file information for Windows Media Format 9.5 Series Runtime on Windows XP Professional x64 Edition and Windows Server 2003 x64 Edition.Summary: This update resolves two newly discovered vulnerabilities. These vulnerabilities are documented in the Vulnerability Details section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
Tue, 25 Nov 2008 08:00:00 GMT
Microsoft Security Advisory (953839): Cumulative Security Update of ActiveX Kill Bits Revision Note: November 25, 2008: Added an entry to Frequently Asked Questions to communicate that users with Windows Server 2008 Server Core installation will still be offered but do not need to install this update.Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory.
Wed, 12 Nov 2008 08:00:00 GMT
MS08-068 – Important: Vulnerability in SMB Could Allow Remote Code Execution (957097) - Version:1.1 Severity Rating: Important - Revision Note: V1.1 (November 12, 2008): Corrected entry in the FAQ for SMB Credential Reflection Vulnerability - CVE-2008-4037 section to clarify reports of published proof of concept code. Microsoft has not received any direct reports that this vulnerability had been publicly used to attack customers.Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerability could allow remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Wed, 12 Nov 2008 08:00:00 GMT
MS08-058 - Critical: Cumulative Security Update for Internet Explorer (956390) - Version:1.2 Severity Rating: Critical - Revision Note: V1.2 (November 12, 2008): Corrected a registry key verification entry for Internet Explorer 6 for all supported x64-based editions of Windows Server 2003.Summary: This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerabilities could allow information disclosure or remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Wed, 12 Nov 2008 08:00:00 GMT
MS08-056 - Moderate: Vulnerability in Microsoft Office Could Allow Information Disclosure (957699) - Version:1.1 Severity Rating: Moderate - Revision Note: V1.1 (November 12, 2008): Corrected the removal information in the section, Security Update Deployment, to state that this security update cannot be uninstalled. Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user clicks a specially crafted CDO URL. An attacker who successfully exploited this vulnerability could inject a client side script in the user's browser that could spoof content, disclose information, or take any action that the user could take on the affected Web site.
Wed, 12 Nov 2008 08:00:00 GMT
Microsoft Security Advisory (956391): Cumulative Security Update of ActiveX Kill Bits Revision Note: November 12, 2008: Removed an incorrect reference that Windows Server 2008 Server Core installation is affected. Added an entry to Frequently Asked Questions to communicate that users with Windows Server 2008 Server Core installation will still be offered but do not need to install this update.Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory.
MS08-069 – Critical: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218) - Version:1.0 Severity Rating: Critical - Revision Note: Bulletin published.Summary: This security update resolves several vulnerabilities in Microsoft XML Core Services. The most severe vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Wed, 29 Oct 2008 08:00:00 GMT
Microsoft Security Bulletin Summary for September 2008 Revision Note: V2.2 (October 29, 2008): Bulletin summary updated to remove Microsoft Visio 2003 Viewer, Microsoft Visio 2007 Viewer, and Microsoft Visio 2007 Viewer Service Pack 1 as affected software for MS08-052.Summary: This bulletin summary lists security bulletins released for September 2008.
Wed, 29 Oct 2008 08:00:00 GMT
MS08-062 - Important: Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155) - Version:2.2 Severity Rating: Important - Revision Note: V2.2 (October 29, 2008): Revised entries in the section, Frequently Asked Questions (FAQ) Related to This Security Update, and in the Microsoft Baseline Security Analyzer (MBSA) and Systems Management Server (SMS) detection and deployment tables in the section, Detection and Deployment Tools and Guidance, to notify customers that the update packages for Windows Server 2008 for Itanium-based Systems and all supported editions of Windows Vista have now been made available on Windows Update, Microsoft Update, Windows Software Update Services (WSUS), Systems Management Server, and System Center Configuration Manager. Summary: This update resolves a privately reported vulnerability in the Windows Internet Printing Service that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
Wed, 29 Oct 2008 08:00:00 GMT
MS08-059 – Critical: Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695) - Version:1.2 Severity Rating: Critical - Revision Note: V1.2 (October 29, 2008): Corrected the impact of the workaround that deals with disabling the SNA RPC Service. Summary: This security update resolves a privately reported vulnerability in Microsoft Host Integration Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted Remote Procedure Call (RPC) request to an affected system. Customers who follow best practices and configure the SNA RPC service account to have fewer user rights on the system could be less impacted than customers who configure the SNA RPC service account to have administrative user rights.
Wed, 29 Oct 2008 08:00:00 GMT
MS08-057 – Critical: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416) - Version:1.2 Severity Rating: Critical - Revision Note: V1.2 (October 29, 2008): Added entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update, to explain any additional security features included in this update for Microsoft Office 2003 Service Pack 2. Added missing entries for Excel 2003 Service Pack 3 to the section, Detection and Deployment Tools and Guidance. Finally, corrected references to Windows Installer Redistributable in the section, Security Update Deployment. This is an informational change only. There were no changes to the security update binaries.Summary: This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Wed, 29 Oct 2008 08:00:00 GMT
MS08-052 – Critical: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) - Version:2.2 Severity Rating: Critical - Revision Note: V2.2 (October 29, 2008): Added an FAQ entry concerning a printing issue with Microsoft SQL Server 2005 Reporting Services and removed Visio Viewer from Affected Software, including other minor changes. For more details, please see the entry in the Frequently Asked Questions (FAQ) Related to this Security Update section.Summary: This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Will open a new window (pop-up)