|
|
Links
|
|
 |
|
|
|
|
Welcome To Sarasota ITPRO
|
|
|
Sarasota ITPRo Up And Running,
Please Register and join the new Group of the "IT Community of Sarasota"
Call for Speakers, Call for members, Call for sponsors, If you want to be part of this amazing and growing group please register on the page and send a email to shartman@suncoastsecuritysociety.org
Sarasota IT Pro. Now Alliance Member of Culminis
|
|
  |
|
|
Security Bulleting
|
|
|
MS08-069 – Critical: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
Bulletin Severity Rating:Critical - This security update resolves several vulnerabilities in Microsoft XML Core Services. The most severe vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-068 – Important: Vulnerability in SMB Could Allow Remote Code Execution (957097)
Bulletin Severity Rating:Important - This security update resolves a publicly disclosed vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerability could allow remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-067 – Critical: Vulnerability in Server Service Could Allow Remote Code Execution (958644)
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.
MS08-066 – Important: Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in the Microsoft Ancillary Function Driver. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS08-065 – Important: Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in the Message Queuing Service (MSMQ) on Microsoft Windows 2000 systems. The vulnerability could allow remote code execution on Microsoft Windows 2000 systems with the MSMQ service enabled.
MS08-064 – Important: Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Virtual Address Descriptor. The vulnerability could allow elevation of privilege if a user runs a specially crafted application. An authenticated attacker who successfully exploited this vulnerability could gain elevation of privilege on an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
MS08-063 – Important: Vulnerability in SMB Could Allow Remote Code Execution (957095)
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerability could allow remote code execution on a server that is sharing files or folders. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
MS08-062 - Important: Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
Bulletin Severity Rating:Important - This update resolves a privately reported vulnerability in the Windows Internet Printing Service that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
MS08-061 – Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
Bulletin Severity Rating:Important - This security update resolves one publicly disclosed and two privately reported vulnerabilities in the Windows kernel. A local attacker who successfully exploited these vulnerabilities could take complete control of an affected system. The vulnerabilities could not be exploited remotely or by anonymous users.
MS08-060 – Critical: Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker gains access to an affected network. This vulnerability only affects Microsoft Windows 2000 servers configured to be domain controllers. If a Microsoft Windows 2000 server has not been promoted to a domain controller, it will not be listening to Lightweight Directory Access Protocol (LDAP) or LDAP over SSL (LDAPS) queries, and will not be exposed to this vulnerability.
MS08-059 – Critical: Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Host Integration Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted Remote Procedure Call (RPC) request to an affected system. Customers who follow best practices and configure the SNA RPC service account to have fewer user rights on the system could be less impacted than customers who configure the SNA RPC service account to have administrative user rights.
MS08-058 - Critical: Cumulative Security Update for Internet Explorer (956390)
Bulletin Severity Rating:Critical - This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerabilities could allow information disclosure or remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-057 – Critical: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
Bulletin Severity Rating:Critical - This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-056 - Moderate: Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
Bulletin Severity Rating:Moderate - This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user clicks a specially crafted CDO URL. An attacker who successfully exploited this vulnerability could inject a client side script in the user's browser that could spoof content, disclose information, or take any action that the user could take on the affected Web site.
MS08-055 – Critical: Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-054 – Critical: Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Windows Media Player that could allow remote code execution when a specially crafted audio file is streamed from a Windows Media server. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-053 – Critical: Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Windows Media Encoder 9 Series. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-052 – Critical: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-051 – Critical: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)
Bulletin Severity Rating:Critical - This security update resolves three privately reported vulnerabilities in Microsoft Office PowerPoint and Microsoft Office PowerPoint Viewer that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-050 – Important: Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)
Bulletin Severity Rating:Important - This security update resolves a publicly reported vulnerability in supported versions of Windows Messenger. As a result of this vulnerability, scripting of an ActiveX control could allow information disclosure in the context of the logged-on user. An attacker could change state, get contact information, and initiate audio and video chat sessions without the knowledge of the logged-on user. An attacker could also capture the user’s logon ID and remotely log on to the user’s Messenger client impersonating that user.
MS08-049 – Important: Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
Bulletin Severity Rating:Important - This update resolves two privately reported vulnerabilities in Microsoft Windows Event System that could allow remote code execution. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
MS08-048 - Important: Security Update for Outlook Express and Windows Mail (951066)
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Outlook Express and Windows Mail. The vulnerability could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-047 – Important: Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)
Bulletin Severity Rating:Important - This update resolves a privately reported vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended to be encrypted on the network. An attacker viewing the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly. It could be used to collect useful information to try to further compromise the affected system or network.
MS08-046 – Critical: Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)
Bulletin Severity Rating:Critical - This update resolves a privately reported vulnerability in the Microsoft Image Color Management (ICM) system that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-045 - Critical: Cumulative Security Update for Internet Explorer (953838)
Bulletin Severity Rating:Critical - This security update resolves five privately reported vulnerabilies and one publicly disclosed vulnerability. All of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
|
|
|
Sponsors
|
|
|
|
|
|
Users
|
|
|
 |
Membership: |
 |
Latest:
andersonj48 |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
16 |
 |
People Online: |
 |
Visitors:
0 |
 |
Members:
0 |
 |
Total:
0 |
Online Now:
|
|
|