Microsoft released 11 security updates for February, rating six of them as critical. Here's a brief description of each update; for more information, go to http://www.microsoft.com/technet/security/bulletin/ms08-feb.mspx
MS08-003: Vulnerability in Active Directory Could Allow Denial of Service
The attack vector for this vulnerability is a Denial of Service (DoS) attack against Active Directory Application Mode (ADAM) on client computers and Active Directory on servers. The most severe consequence from an attack leveraging this vulnerability is an affected computer halting and then automatically restarting. This bulletin replaces previous bulletin MS07-039.
Applies to: Windows 2000, Windows XP, Windows Server 2003
Recommendation: Microsoft rates this update as important. You should perform testing and deployment of this update as part of your organization’s regular patch management routine.
MS08-004: Vulnerability in Windows TCP/IP Could Allow Denial of Service
The attack vector for this privately reported vulnerability is a specially crafted DHCP server response that corrupts TCP/IP structures that cause the affected system to stop responding and restart automatically. This bulletin replaces previous bulletin MS08-001.
Applies to: Windows Vista
Recommendation: Microsoft rates this update as important. You should perform testing and deployment of this update as part of your organization’s regular patch management routine.
MS08-005: Vulnerability in Internet Information Services Could Allow Elevation of Privilege
The attack vector for this privately reported vulnerability is the way that Microsoft IIS handles file change notifications in the default FTP and WWW folders. The most severe consequence from an attack leveraging this vulnerability is the execution of arbitrary code, allowing the attacker to take full control of an affected computer.
Applies to: Windows 2000, Windows XP, Windows Vista, Windows Server 2008
Recommendation: Microsoft rates this update as important. You should perform testing and deployment of this update as part of your organization’s regular patch management routine.
MS08-006: Vulnerability in Internet Information Services Could Allow Remote Code Execution
The attack vector for this privately reported vulnerability is the way that Microsoft IIS handles input to Active Server Pages (ASP) Web pages. An attacker who exploits this vulnerability could perform actions on the IIS server with the same rights as the Worker Process Identity. This bulletin replaces previous bulletin MS06-034.
Applies to: Windows XP, Windows Server 2003
Recommendation: Microsoft rates this update as important. You should perform testing and deployment of this update as part of your organization’s regular patch management routine.
MS08-007: Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution
The attack vector for this vulnerability is the way the WebDAV Mini-Redirector handles responses. The most severe consequence from an attack leveraging this vulnerability is complete control of an affected system.
Applies to: Windows XP, Windows Server 2003, Windows Vista
Recommendation: Microsoft rates this update as critical. You should perform accelerated testing and deployment of this update.
MS08-008: Vulnerability in OLE Automation Could Allow Remote Code Execution
The attack vector for this vulnerability is a specially crafted Web page. The most severe consequence from an attack leveraging this vulnerability is remote code execution with the privileges of the currently logged on user. This bulletin replaces previous bulletin MS07-043.
Applies to: Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Office 2004 for Mac
Recommendation: Microsoft rates this update as critical. You should perform accelerated testing and deployment of this update.
MS08-009: Vulnerability in Microsoft Word Could Allow Remote Code Execution
The attack vector for this vulnerability is a specially crafted Microsoft Word file. The most severe consequence from an attack leveraging this vulnerability is complete control of an affected system. This bulletin replaces previous bulletin MS07-060.
Applies to: Office 2000, Office XP, Office 2003 Recommendation: Microsoft rates this update as critical. You should perform accelerated testing and deployment of this update.
MS08-010: Cumulative Security Update for Internet Explorer
This cumulative update addresses several vulnerabilities, the most serious of which involves an attacker using a specially crafted Web page to take control of an affected system. This bulletin replaces previous bulletin MS07-069.
Applies to: All versions of Windows
Recommendation: Microsoft rates this update as critical. You should perform accelerated testing and deployment of this update.
MS08-011: Vulnerability in Microsoft Works File Converter Could Allow Remote Code Execution
The attack vector for this privately reported vulnerability is a specially crafted Microsoft Works file. The most severe consequence from an attack leveraging this vulnerability is complete control of an affected computer.
Applies to: Microsoft Office 2003, Microsoft Works 8, Microsoft Works Suite 2005
Recommendation: Microsoft rates this update as important. You should perform testing and deployment of this update as a part of your organization’s regular patch management routine.
MS08-012: Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution
The attack vector for this vulnerability is a specially crafted Microsoft Publisher file. The most severe consequence from an attack leveraging this vulnerability is an attacker taking complete control of an affected computer. This bulletin replaces previous bulletin MS06-054.
Applies to: Office 2000, Office XP, Office 2003
Recommendation: Microsoft rates this update as critical. You should perform accelerated testing and deployment of this update.
MS08-013: Vulnerability in Microsoft Office Could Allow Remote Code Execution
The attack vector for this vulnerability is a specially crafted Microsoft Office file with a malformed object inserted into the document. The most severe consequence from an attack leveraging this vulnerability is complete control of an affected system. This bulletin replaces previous bulletin MS06-047.
Applies to: Office 2000, Office XP, Office 2003
Recommendation: Microsoft rates this update as critical. You should perform accelerated testing and deployment of this update.
End of Article
Register
