Microsoft released four security updates for September, rating all of them as critical. If unpatched, these vulnerabilities leave applicable software open to the execution of remote code. Patching critical vulnerabilities in a timely manner is important; exploits have appeared within a week of the release of an update. Here's a brief description of each update; for more information, go to
http://www.microsoft.com/technet/security/bulletin/ms08-sep.mspx
MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution
Applies to: Internet Explorer (IE) 6.0 and .NET Framework on Windows Server 2008, Windows Vista, Windows Server 2003, Windows 2000; Office 2007, 2003, XP; GDR and QFE update for SQL Server 2005 SP2
Update Size: Between 2MB and 15MB, depending on installed software
This vulnerability can be leveraged to allow the execution of remote code. As a part of an overall system infiltration strategy, the execution of remote code can lead to the attacker gaining complete control of the target computer. This vulnerability is exploited by a user visiting a specially created website or viewing a specially modified image file. The update addresses the vulnerability by changing how GDI+ handles the display of malformed images. This bulletin replaces previous bulletin MS07-050 for IE 6.0 SP1 on Win2K SP4.
Recommendation: Microsoft rates this update as critical. Given the wide software footprint of this vulnerability and the ability of attackers to compromise third-party websites to make them platforms for hosting files containing this type of exploit, you should test and deploy this update as a part of your organization's accelerated patch management routine.
MS08-053: Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution
Applies to: Windows Media Encoder 9 Series on Windows Server 2008, Windows Vista, Windows Server 2003, Windows XP, Windows 2000
Update Size: Approximately 1MB for x86, 2MB for x64
This buffer overrun vulnerability in the WMEX.DLL ActiveX control can be leveraged to allow the execution of remote code. As a part of an overall system infiltration strategy, the execution of remote code can lead to the attacker gaining complete control of the target computer. This vulnerability is exploited by a user visiting a website that hosts specifically crafted media files. The update addresses the vulnerability by changing the way that the controls in Windows Media Encoder interact with Internet Explorer (IE). This bulletin replaces no previous security bulletins.
Recommendation: Microsoft rates this update as critical. Given the wide software footprint of this vulnerability and the ability of attackers to compromise third-party websites to make them platforms for hosting files containing this type of exploit, you should test and deploy this update as a part of your organization's accelerated patch management routine.
MS08-054: Vulnerability in Windows Media Player Could Allow Remote Code Execution
Applies to: Windows Media Player 11 on Windows Server 2008, Windows Vista, Windows XP
Update size: 0.5MB
This vulnerability can be leveraged to allow the execution of remote code. As a part of an overall system infiltration strategy, the execution of remote code can lead to the attacker gaining complete control of the target computer. This vulnerability is exploited by a user streaming a specially crafted audio file from a Windows Media server. The update addresses the vulnerability by changing the way that Windows Media Player 11 plays audio files streamed from a server-side playlist. This bulletin replaces no previous security bulletins.
Recommendation: Microsoft rates this update as critical. Unlike some other vulnerabilities patched with this set of updates, this vulnerability cannot be directly leveraged through a specially crafted web page. Although you should deploy this update as soon as possible, you should prioritize the deployment of updates related to bulletins MS08-052 and MS08-053.
MS08-055: Vulnerability in Microsoft Office Could Allow Remote Code Execution
Applies to: Office 2007, 2003, XP; One Note 2007
Update size: 10MB to 18MB, depending on installed software
This vulnerability can be leveraged to allow the execution of remote code. As a part of an overall system infiltration strategy, the execution of remote code can lead to the attacker gaining complete control of the target computer. This vulnerability is exploited by a user opening a specially created One Note URL. The update addresses the vulnerability by modifying the way that Office validates URLs. This bulletin replaces security bulletins MS08-016 and MS07-025.
Recommendation: Microsoft rates this update as critical. Although you should deploy this update as soon as possible, you should prioritize the deployment of updates related to bulletins MS08-052 and MS08-053.
An often irreverent look at some of the week's other news, including a Vista Capable dismissal request, Zune price reductions, Morrow musings, Novell and Microsoft sitting in a tree ... two years later, Yahoo!, IE 6 on Windows Mobile, and so much more ...
Order Your SQL Fundamentals CD Today! Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.
You've Deployed SharePoint...Now What? This one-day free online conference delivers the technical knowledge needed to kick MOSS up a notch. In one information-packed day, independent SharePoint experts will present practical, real-world information and provide take-away, ready-to-use solutions
Don't Miss 3 Introductory PowerShell Lessons! Paul Robichaux equips you with PowerShell basics in 3 introductory lessons, each followed by live Q&A—all on your own computer! Register today!
What Would You Do If You Ran Microsoft? ITTV's 2008 inaugural video contest, "If I Ran Microsoft..." is your chance to tell it like it is. Be goofy or be serious, but don"t miss this chance to have fun, win prizes, and go viral in a major way.
Maximize Your SharePoint Investment This web seminar discusses how true bi-directional replication of SharePoint content from one server to another enables branch offices to maintain access to current SharePoint content.
Register
