Friday, December 12, 2008 5:38 AM
SQL Master
December 2008 Microsoft Security Bulletin Release - Community Related information
|
Here is the email extract that we get from Microsoft CSS Team:
What is the purpose of this alert? |
|
This alert is to provide you with an overview of the new security bulletins being released on December 9, 2008. Security bulletins are released monthly to resolve critical problem vulnerabilities.
New Security Bulletins:
Microsoft is releasing the following eight (8) new security bulletins for newly discovered vulnerabilities:
|
Bulletin ID |
Bulletin Title and Executive Summary |
Maximum Severity Rating |
Vulnerability Impact |
Affected Software |
Restart Requirement |
|
MS08-070 |
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) |
Critical |
Remote Code Execution |
Microsoft Developer Tools and Software, Microsoft Office |
Requires restart |
|
MS08-071 |
Vulnerabilities in GDI Could Allow Remote Code Execution (956802) |
Critical |
Remote Code Execution |
Microsoft Windows |
Requires restart |
|
MS08-072 |
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) |
Critical |
Remote Code Execution |
Microsoft Office |
May require restart |
|
MS08-073 |
Cumulative Security Update for Internet Explorer (958215) |
Critical |
Remote Code Execution |
Microsoft Windows, Internet Explorer |
Requires restart |
|
MS08-074 |
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) |
Critical |
Remote Code Execution |
Microsoft Office |
May require restart |
|
MS08-075 |
Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) |
Critical |
Remote Code Execution |
Microsoft Windows |
Requires restart |
|
MS08-076 |
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) |
Important |
Remote Code Execution |
Microsoft Windows |
May require restart |
|
MS08-077 |
Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) |
Important
|
Elevation of Privilege |
Microsoft Office, Microsoft Server Software |
May require restart |
Summaries for these new bulletins may be found at the following pages:
http://www.microsoft.com/technet/security/bulletin/MS08-Dec.mspx.
Microsoft Windows Malicious Software Removal Tool
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here: http://support.microsoft.com/?kbid=890830.
High-Priority Non-Security Updates
High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU) or Windows Server Update Services (WSUS) will be detailed in the following KB Article: http://support.microsoft.com/?id=894199.
Public Bulletin Release Webcast
Microsoft will host a Webcast to address customer questions on these bulletins:
Title: Information about Microsoft December Security Bulletins (Level 200)
Date: Wednesday, December 10th, 2008 11:00 AM Pacific Time (US & Canada)
URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032374647.
New Security Bulletin Technical Details
In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit Microsoft Support Lifecycle.
|
Bulletin Identifier |
Microsoft Security Bulletin MS08-070 |
|
Bulletin Title |
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) |
|
Executive Summary |
This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities could allow remote code execution if a user browsed a Web site that contains specially crafted content.
The security update addresses the vulnerabilities by improving validation and error handling within the ActiveX controls. |
|
Severity Ratings and Affected Software |
This security update is rated Critical for supported components of the Microsoft Visual Basic 6.0 Runtime Extended Files; all supported editions of Microsoft Visual Studio .NET 2002, Microsoft Visual Studio .NET 2003, Microsoft Visual FoxPro 8.0, Microsoft Visual FoxPro 9.0, Microsoft Office Project 2003, Microsoft Office Project 2007; and the Chinese Simplified (China), Chinese Pan (Hong Kong), Chinese Traditional (Taiwan), and Korean versions of Microsoft Office FrontPage 2002. |
|
Impact of Vulnerability |
Remote Code Execution |
|
Vulnerability Identifiers |
CVE-2008-4253: FlexGrid Control Memory Corruption Vulnerability
CVE-2008-4254: Hierarchical FlexGrid Control Memory Corruption Vulnerability
CVE-2008-4255: Windows Common AVI Parsing Overflow Vulnerability
CVE-2008-4252: DataGrid Control Memory Corruption Vulnerability
CVE-2008-4256: Charts Control Memory Corruption Vulnerability
CVE-2008-3704: Masked Edit Control Memory Corruption Vulnerability |
|
Known Issues |
Any issue on pertaining to this bulletin that is discovered and verified will be documented in Microsoft Knowledge Base Article 932349. The article would also document recommended solutions for any new issues as they are verified. |
|
Restart Requirement |
Requires restart |
|
Removal Information |
Removal steps vary depending on which update is installed. Please see the Security Update Deployment section of the bulletin at the link below for specific details. |
|
Bulletins Replaced by This Update |
None |
|
Full Details: |
http://www.microsoft.com/technet/security/bulletin/MS08-070.mspx |
|
|
|
|
Bulletin Identifier |
Microsoft Security Bulletin MS08-071 |
|
Bulletin Title |
Vulnerabilities in GDI Could Allow Remote Code Execution (956802) |
|
Executive Summary |
This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.
The security update addresses the vulnerabilities by modifying the way GDI validates file size parameters and performs integer calculations to prevent overflow conditions.
|
|
Severity Ratings and Affected Software |
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
|
Impact of Vulnerability |
Remote Code Execution |
|
Vulnerability Identifiers |
CVE-2008-2249: GDI Integer Overflow Vulnerability
CVE-2008-3465: GDI Heap Overflow Vulnerability |
|
Known Issues |
Any issue on pertaining to this bulletin that is discovered and verified will be documented in Microsoft Knowledge Base Article 956802. The article would also document recommended solutions for any new issues as they are verified. |
|
Restart Requirement |
Requires restart |
|
Removal Information |
For this update installed on Windows 2000, Windows XP, or Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
For this update installed on Windows Vista or Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates. |
|
Bulletins Replaced by This Update |
MS08-021 |
|
Full Details: |
http://www.microsoft.com/technet/security/bulletin/MS08-071.mspx |
|
|
|
|
Bulletin Identifier |
Microsoft Security Bulletin MS08-072 |
|
Bulletin Title |
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) |
|
Executive Summary |
This security update resolves eight privately reported vulnerabilities in Microsoft Office Word and Microsoft Office Outlook that could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.
The security update addresses the vulnerability by modifying the way that Microsoft Office Word and Microsoft Office Outlook handle specially crafted Word and Rich Text Format (RTF) files. |
|
Severity Ratings and Affected Software |
This security update is rated Critical for supported editions of Microsoft Office Word 2000 and Microsoft Office Outlook 2007. For supported editions of Microsoft Office Word 2002, Microsoft Office Word 2003, Microsoft Office Word 2007, Microsoft Office Compatibility Pack, Microsoft Office Word Viewer 2003, Microsoft Works 8, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac, this security update is rated Important. |
|
Impact of Vulnerability |
Remote Code Execution |
|
Vulnerability Identifiers |
CVE-2008-4031: Word RTF Object Parsing Vulnerability
CVE-2008-4030: Word RTF Object Parsing Vulnerability
CVE-2008-4025: Word RTF Object Parsing Vulnerability
CVE-2008-4026: Word Memory Corruption Vulnerability
CVE-2008-4027: Word RTF Object Parsing Vulnerability
CVE-2008-4028: Word RTF Object Parsing Vulnerability
CVE-2008-4837: Word Memory Corruption Vulnerability
CVE-2008-4024: Word Memory Corruption Vulnerability |
|
Known Issues |
Any issue on pertaining to this bulletin that is discovered and verified will be documented in Microsoft Knowledge Base Article 957173. The article would also document recommended solutions for any new issues as they are verified. |
|
Restart Requirement |
May require restart |
|
Removal Information |
Removal steps vary depending on which update is installed. Please see the Security Update Deployment section of the bulletin at the link below for specific details. |
|
Bulletins Replaced by This Update |
MS08-026, MS08-042, and MS08-057 |
|
Full Details: |
http://www.microsoft.com/technet/security/bulletin/MS08-072.mspx |
|
|
|
|
Bulletin Identifier |
Microsoft Security Bulletin MS08-073 |
|
Bulletin Title |
Cumulative Security Update for Internet Explorer (958215) |
|
Executive Summary |
This security update resolves four privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
The security update addresses these vulnerabilities by modifying the way that Internet Explorer validates parameters, handles the error resulting in the exploitable condition, and handles extra data when embedding objects in Web pages. |
|
Severity Ratings and Affected Software |
This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on Microsoft Windows 2000; Internet Explorer 6 running on Windows XP; and Internet Explorer 7. For Internet Explorer 6 running on Windows Server 2003, this security update is rated Moderate. |
|
Impact of Vulnerability |
Remote Code Execution |
|
Vulnerability Identifiers |
CVE-2008-4260 : Uninitialized Memory Corruption Vulnerability
CVE-2008-4258 : Parameter Validation Memory Corruption Vulnerability
CVE-2008-4259 : HTML Objects Memory Corruption Vulnerability
CVE-2008-4261 : HTML Rendering Memory Corruption Vulnerability |
|
Known Issues |
Any issue on pertaining to this bulletin that is discovered and verified will be documented in Microsoft Knowledge Base Article 958215. The article would also document recommended solutions for any new issues as they are verified. |
|
Restart Requirement |
Requires restart |
|
Removal Information |
For this update installed on Windows 2000, Windows XP, or Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
For this update installed on Windows Vista or Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates. |
|
Bulletins Replaced by This Update |
MS08-058 |
|
Full Details: |
http://www.microsoft.com/technet/security/bulletin/MS08-073.mspx |
|
|
|
|
Bulletin Identifier |
Microsoft Security Bulletin MS08-074 |
|
Bulletin Title |
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) |
|
Executive Summary |
This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.
This security update addresses these vulnerabilities by modifying the way that Microsoft Office Excel opens Excel files. |
|
Severity Ratings and Affected Software |
This security update is rated Critical for all supported editions of Microsoft Office Excel 2000. For all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2007, Microsoft Office Compatibility Pack, Microsoft Office Excel Viewer, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac, this security update is rated Important. |
|
Impact of Vulnerability |
Remote Code Execution |
|
Vulnerability Identifiers |
CVE-2008-4264: File Format Parsing Vulnerability
CVE-2008-4265: File Format Parsing Vulnerability
CVE-2008-4266: Excel Global Array Memory Corruption Vulnerability |
|
Known Issues |
Any issue on pertaining to this bulletin that is discovered and verified will be documented in Microsoft Knowledge Base Article 959070. The article would also document recommended solutions for any new issues as they are verified. |
|
Restart Requirement |
May require restart |
|
Removal Information |
Removal steps vary depending on which update is installed. Please see the Security Update Deployment section of the bulletin at the link below for specific details. |
|
Bulletins Replaced by This Update |
MS08-057 |
|
Full Details: |
http://www.microsoft.com/technet/security/bulletin/MS08-074.mspx |
|
|
|
|
Bulletin Identifier |
Microsoft Security Bulletin MS08-075 |
|
Bulletin Title |
Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) |
|
Executive Summary |
This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.
The security update addresses the vulnerabilities by modifying the way that Windows Explorer frees memory when saving Windows Search files and by modifying the way that Windows Explorer interprets parameters when parsing the search-ms protocol. |
|
Severity Ratings and Affected Software |
The most severe vulnerability is rated Critical for all supported editions of Windows Vista and Windows Server 2008. |
|
Impact of Vulnerability |
Remote Code Execution |
|
Vulnerability Identifiers |
CVE-2008-4268: Windows Saved Search Vulnerability
CVE-2008-4269: Windows Search Parsing Vulnerability |
|
Known Issues |
Any issue on pertaining to this bulletin that is discovered and verified will be documented in Microsoft Knowledge Base Article 959349. The article would also document recommended solutions for any new issues as they are verified. |
|
Restart Requirement |
Requires restart |
|
Removal Information |
Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates. |
|
Bulletins Replaced by This Update |
MS08-038 |
|
Full Details: |
http://www.microsoft.com/technet/security/bulletin/MS08-075.mspx |
|
|
|
|
Bulletin Identifier |
Microsoft Security Bulletin MS08-076 |
|
Bulletin Title |
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) |
|
Executive Summary |
This security update resolves two privately reported vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The most severe vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
The security update addresses the first vulnerability by modifying the way that Windows Media authentication replies are validated. The security update addresses the second vulnerability by ensuring that Windows Media clients treat servers using ISATAP addresses as external. |
|
Severity Ratings and Affected Software |
This security update is rated Important for Windows Media Player 6.4, Windows Media Format Runtime 7.1, Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, Windows Media Format Runtime 11, Windows Media Services 4.1, Windows Media Services 9 Series, and Windows Media Services 2008. |
|
Impact of Vulnerability |
Remote Code Execution |
|
Vulnerability Identifiers |
CVE-2008-3009: SPN Vulnerability
CVE-2008-3010: ISATAP Vulnerability |
|
Known Issues |
Any issue on pertaining to this bulletin that is discovered and verified will be documented in Microsoft Knowledge Base Article 959807. The article would also document recommended solutions for any new issues as they are verified. |
|
Restart Requirement |
This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. |
|
Removal Information |
For this update installed on Windows 2000, Windows XP, or Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
For this update installed on Windows Vista or Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates. |
|
Bulletins Replaced by This Update |
In the case of the Windows Media Services update on Windows Server 2003, MS07-068 is superseded. |
|
Full Details: |
http://www.microsoft.com/technet/security/bulletin/MS08-076.mspx |
|
|
|
|
Bulletin Identifier |
Microsoft Security Bulletin MS08-077 |
|
Bulletin Title |
Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) |
|
Executive Summary |
This security update resolves a privately reported vulnerability. The vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack leading to elevation of privilege could result in denial of service or information disclosure. |
|
Severity Ratings and Affected Software |
This security update is rated Important for all supported editions of Microsoft Office SharePoint Server 2007 and Microsoft Search Server 2008. |
|
Impact of Vulnerability |
Elevation of Privilege |
|
Vulnerability Identifiers |
CVE-2008-4032: Access Control Vulnerability |
|
Known Issues |
Any issue on pertaining to this bulletin that is discovered and verified will be documented in Microsoft Knowledge Base Article 957175. The article would also document recommended solutions for any new issues as they are verified. |
|
Restart Requirement |
May require restart |
|
Removal Information |
This security update cannot be removed. |
|
Bulletins Replaced by This Update |
MS07-059 |
|
Full Details: |
http://www.microsoft.com/technet/security/bulletin/MS08-077.mspx |
|
|
|
Regarding Information Consistency
We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative.
