Microsoft Security Bulletin Summary for August 2008

Revision Note: V2.0 (August 20, 2008): Added note to MS08-043 in Affected Software and Download Locations to clarify that this update applies to servers that have Excel Services installed, such as the default configuration of Microsoft Office SharePoint Server 2007 Enterprise and Microsoft Office SharePoint Server 2007 For Internet Sites. Microsoft Office SharePoint Server 2007 Standard does not include Excel Services. Also added note to MS08-051 in Affected Software and Download Locations, that...

Софт и безопасность Софт и безопасность / Операционные системы / Windows / Microsoft открыла блог, посвященный разработке Windows 7

Корпорация Microsoft 14 августа открыла специализированный тематический блог Engineering Windows 7 Blog (или коротко E7), посвященный находящейся в разработке операционной системе Windows 7. В разделе E7 на сайте сети MSDN старшие менеджеры проекта Windows 7 Йон Деваан и Стивен Синофски намерены регулярно публиковать информацию о следующей версии клиентской программной платформы Microsoft. Ранее софтверный гигант крайне неохотно делился какими-либо подробностями о Windows 7, чтобы не вводить пользователей...

Microsoft Security Advisory (953839): Cumulative Security Update of ActiveX Kill Bits

Revision Note: August 13, 2008: Updated to include links to HP’s AdvisoriesSummary: Microsoft is releasing a new set of ActiveX kill bits with this advisory.

MS08-043 – Critical: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066) - Version:1.1

Severity Rating: Critical - Revision Note: V1.1 (August 13, 2008): Added an entry to the Frequently Asked Questions (FAQ) Related to This Security Update section to communicate that the file information in the associated Microsoft Knowledge Base Article 954066 has been updated. Also changed the bulletin replacement information for Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File...

MS08-044 – Critical: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090) - Version:1.1

Severity Rating: Critical - Revision Note: V1.1 (August 13, 2008): Clarified that the update for Microsoft Office Project 2002 Service Pack 1 is the same as the update for Microsoft Office XP Service Pack 3. Customers who have already successfully installed this update do not have to reinstall.Summary: This security update resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office...

MS08-047 – Important: Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733) - Version:1.1

Severity Rating: Important - Revision Note: V1.1 (August 13, 2008): Added Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 to the Non-Affected Software table.Summary: This update resolves a privately reported vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended...

MS08-048 - Important: Security Update for Outlook Express and Windows Mail (951066) - Version:1.1

Severity Rating: Important - Revision Note: V1.1 (August 13, 2008): Corrected log file location, removal information, and registry key verification in the reference tables of this bulletin. Also added an entry to explain why this update is rated Important for supported editions of Windows XP and Windows Vista and rated Low for supported editions of Windows Server 2003 and Windows Server 2008.Summary: This security update resolves a privately reported vulnerability in Outlook Express and Windows Mail...

MS08-051 – Critical: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785) - Version:1.1

Severity Rating: Critical - Revision Note: V1.1 (August 13, 2008): Added an entry to the Frequently Asked Questions (FAQ) Related to This Security Update section to communicate that the file information in the associated Microsoft Knowledge Base Article 949785 has been updated. Also removed erroneous reference to Microsoft Office 2008 for Mac as affected software in the Executive Summary.Summary: This security update resolves three privately reported vulnerabilities in Microsoft Office PowerPoint...

MS07-047 - Important: Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782) - Version:2.0

Severity Rating: Important - Revision Note: V2.0 (August 12, 2008): Added Windows XP Service Pack 3 as affected software. This is a detection change only; there were no changes to the binaries. Customers who have successfully updated their systems do not need to reinstall this update.Summary: This important security update resolves two privately reported vulnerabilities. These vulnerabilities could allow code execution if a user viewed a specially crafted file in Windows Media Player. Users whose...

Microsoft Security Advisory (953839): Cumulative Security Update of ActiveX Kill Bits

Revision Note: Advisory Published.Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory.

Microsoft Security Advisory (954960): Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates

Revision Note: August 12, 2008: Added entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update to communicate that the re-release of the update to fix a known installation issue with Windows Server 2008 systems is now available via Microsoft Update.Summary: Microsoft has completed the investigation into public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows...

MS08-022 – Critical: Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338) - Version:2.0

Severity Rating: Critical - Revision Note: V2.0 (August 12, 2008): Added known issues link. Also added an entry to the section, Frequently Asked Questions (FAQ) Related to this Security Update, about the known issues and solutions. The solutions include a deployment change for this security update for one issue and a workaround for another. Customers who have successfully updated their systems do not need to reinstall this update. Summary: This critical security update resolves a privately reported...

MS08-033 – Critical: Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) - Version:2.1

Severity Rating: Critical - Revision Note: V2.1 (August 12, 2008): Added known issues link. Also added an entry to the section, Frequently Asked Questions (FAQ) Related to this Security Update, about the known issues and solutions. The solutions include a change to Microsoft Baseline Security Analyzer (MBSA) 2.1 to correctly detect this update.Summary: This security update resolves two privately reported vulnerabilities in Microsoft DirectX that could allow remote code execution if a user opens a...

MS08-040 – Important: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) - Version:1.6

Severity Rating: Important - Revision Note: V1.6 (August 12, 2008): Added entry to the Frequently Asked Questions (FAQ) Related to This Security Update to communicate a change in the installation code for the security update for SQL Server 2005 Service Pack 2. This is an installation code change only. There were no changes to the security update binaries.Summary: This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker...

MS08-041 – Critical: Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617) - Version:1.0

Severity Rating: Critical - Revision Note: Bulletin published.Summary: This security update resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

MS08-042 – Important: Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048) - Version:1.0

Severity Rating: Important - Revision Note: Bulletin published.Summary: This security update resolves a publicly reported vulnerability in Microsoft Word. This vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts...

MS08-043 – Critical: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066) - Version:1.0

Severity Rating: Critical - Revision Note: Bulletin Published.Summary: This security update resolves four privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts...

MS08-044 – Critical: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090) - Version:1.0

Severity Rating: Critical - Revision Note: Bulletin Published.Summary: This security update resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS08-045 - Critical: Cumulative Security Update for Internet Explorer (953838) - Version:1.0

Severity Rating: Critical - Revision Note: Bulletin Published.Summary: This security update resolves five privately reported vulnerabilies and one publicly disclosed vulnerability. All of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS08-046 – Critical: Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954) - Version:1.0

Severity Rating: Critical - Revision Note: Bulletin published.Summary: This update resolves a privately reported vulnerability in the Microsoft Image Color Management (ICM) system that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create...