|
awenlock -> Microsoft Security Patches - May 2008 (5/13/2008 2:34:24 PM)
|
So it's another "Patch Tuesday", this time covering May's security patches. Microsoft have released details of the 4 patches, 3 Critical & 1 Moderate, that they have released this month. They are as follows:
Microsoft Security Bulletin MS08-026
Title: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
Summary:
This security update resolves several privately reported vulnerabilities in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Rating: Critical
Impact: Remote Code Execution
Affected Software: Word
Link: http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx
-----
Microsoft Security Bulletin MS08-027
Title: Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208)
Summary:
This security update resolves a privately reported vulnerability in Microsoft Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Rating: Critical
Impact: Remote Code Execution
Affected Software: Publisher
Link: http://www.microsoft.com/technet/security/bulletin/ms08-027.mspx
-----
Microsoft Security Bulletin MS08-028
Title: Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749)
Summary:
This security update resolves a security vulnerability in the Microsoft Jet Database Engine (Jet) in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Rating: Critical
Impact: Remote Code Execution
Affected Software: Windows
Link: http://www.microsoft.com/technet/security/bulletin/ms08-028.mspx
-----
Microsoft Security Bulletin MS08-029
Title: Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044)
Summary:
This security update resolves two privately reported vulnerabilities in the Microsoft Malware Protection Engine. An attacker could exploit either of the vulnerabilities by constructing a specially crafted file that could allow denial of service when received by the target computer system and scanned by the Microsoft Malware Protection Engine. An attacker who successfully exploited either vulnerability could cause the Microsoft Malware Protection Engine to stop responding and automatically restart.
Rating: Moderate
Impact: Denial of Service
Affected Software: Windows Live OneCare, Microsoft Antigen, Microsoft Windows Defender, Microsoft Forefront Security.
Link: http://www.microsoft.com/technet/security/bulletin/ms08-029.mspx
Links:
ISC: http://isc.sans.org/diary.html?storyid=4411 (Excellent Summary of the patches)
Microsoft: http://www.microsoft.com/technet/security/bulletin/ms08-may.mspx
Happy testing and if you discover any issues post are more than welcome here :)
Regards
Alan
|
|
|
|
