Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Outlook Express, Windows Mail, and Windows Messenger as part of the Microsoft Security Bulletin Summary for August 2008. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information.
US-CERT encourages users to review the bulletins and follow best-practice security policies to determine which updates should be applie
Bulletin Title | |
Executive Summary | This update resolves a privately reported vulnerability in the Microsoft Image Color Management (ICM) system that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Maximum Severity Rating | |
Impact of Vulnerability | Remote Code Execution |
Detection | Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart. |
Affected Software | Microsoft Windows. For more information, see the Affected Software and Download Locations section. |
| Bulletin Identifier | Microsoft Security Bulletin MS08-045 |
Bulletin Title | |
Executive Summary | This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. All of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Maximum Severity Rating | |
Impact of Vulnerability | Remote Code Execution |
Detection | Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart. |
Affected Software | Microsoft Windows, Internet Explorer. For more information, see the Affected Software and Download Locations section. |
| Bulletin Identifier | Microsoft Security Bulletin MS08-041 |
Bulletin Title | |
Executive Summary | This security update resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. |
Maximum Severity Rating | |
Impact of Vulnerability | Remote Code Execution |
Detection | Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update does not require a restart. |
Affected Software | Microsoft Office. For more information, see the Affected Software and Download Locations section. |
| Bulletin Identifier | Microsoft Security Bulletin MS08-043 |
Bulletin Title | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066) |
Executive Summary | This security update resolves four privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Maximum Severity Rating | |
Impact of Vulnerability | Remote Code Execution |
Detection | Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update does not require a restart. |
Affected Software | Microsoft Office. For more information, see the Affected Software and Download Locations section. |
| Bulletin Identifier | Microsoft Security Bulletin MS08-051 |
Bulletin Title | Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785) |
Executive Summary | This security update resolves three privately reported vulnerabilities in Microsoft Office PowerPoint and Microsoft Office PowerPoint Viewer that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Maximum Severity Rating | |
Impact of Vulnerability | Remote Code Execution |
Detection | Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update does not require a restart. |
Affected Software | Microsoft Office. For more information, see the Affected Software and Download Locations section. |
| Bulletin Identifier | Microsoft Security Bulletin MS08-044 |
Bulletin Title | Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090) |
Executive Summary | This security update resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Maximum Severity Rating | |
Impact of Vulnerability | Remote Code Execution |
Detection | Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update does not require a restart. |
Affected Software | Microsoft Office. For more information, see the Affected Software and Download Locations section. |
for more information, visit Microsoft
0 comments:
Post a Comment