Microsoft fixes 28 flaws - 6 critical

by Hilbert Hagedoorn on: 12/11/2008 10:05 AM | source: | 0 comment(s)

If you do not have automated updated activated, now might be a good idea to update Windows. Microsoft on Tuesday released its December 2008 security bulletin. The "critical" bulletins affect Windows GDI, Word, Excel, Internet Explorer and Windows Search. The "important" updates affect SharePoint and Windows Media Components.

MS08-070: Critical - Titled "Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)", this bulletin affects the Microsoft Visual Basic 6.0 Runtime Extended Files; all supported editions of Microsoft Visual Studio .Net 2002, Microsoft Visual Studio .Net 2003, Microsoft Visual FoxPro 8.0, Microsoft Visual FoxPro 9.0, Microsoft Office Project 2003, and Microsoft Office Project 2007.

MS08-071: Critical - Titled "Vulnerabilities in GDI Could Allow Remote Code Execution (956802)", this bulletin is rated critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. Microsoft says "exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS08-072: Critical - Titled "Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)," this bulletin is rated critical for supported editions of Microsoft Office Word 2000 and Microsoft Office Outlook 2007. For supported editions of Microsoft Office Word 2002, Microsoft Office Word 2003, Microsoft Office Word 2007, Microsoft Office Compatibility Pack, Microsoft Office Word Viewer 2003, Microsoft Works 8, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac, this security update is rated important. Microsoft says this bulletin resolves "eight privately reported vulnerabilities in Microsoft Office Word and Microsoft Office Outlook that could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

MS08-073: Critical - Titled "Cumulative Security Update for Internet Explorer (958215)", this bulletin is rated critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on Microsoft Windows 2000; Internet Explorer 6 running on Windows XP; and Internet Explorer 7. For Internet Explorer 6 running on Windows Server 2003, this security update is rated "moderate." Microsoft says the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.

MS08-074: Critical - Titled "Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)." This bulletin is rated critical for all supported editions of Microsoft Office Excel 2000. For all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2007, Microsoft Office Compatibility Pack, Microsoft Office Excel Viewer, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac, this security update is rated important. For Internet Explorer 6 running on Windows Server 2003, this security update is rated moderate. Microsoft says if a user opens a specially crafted Excel file an attacker could exploit these vulnerabilities and take complete control of an affected system.

MS08-075: Critical - Titled "Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)" This bulletin is rated critical for all supported editions of Windows Vista and Windows Server 2008. Microsoft says that "these vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system."

Related Stories

Microsoft urges companies to dump Windows XP - 09/19/2011 09:09 AM
In an new post on the official Windows blog site, Microsoft's Stephen L Rose stated that there are two big reasons for leaving Windows XP behind. One of them is, of course, the fact that there is a ne...

Microsoft shows off Windows 8 preview - 09/14/2011 09:04 AM
Microsoft presented a developer preview of Windows 8 at its BUILD conference in Los Angeles. The company demonstrates the new Metro user interface, Internet Explorer 10, new touch features and many ot...

Microsoft adds RAW preview support to Windows 7 - 07/28/2011 09:04 AM
After a quick codec pack download, those of you running Windows 7 or Vista should be able to preview RAW files straight from Windows Explorer, without having to use third-party tools like Adobe Bridge...

AMD Bulldozer APU could Power Microsoft's Next Xbox Console - 07/22/2011 09:43 AM
Accriding to a rumor on the web Microsoft's next-generation Xbox gaming console might be powered by an AMD-designed accelerated processing unit that is based on the Bulldozer architecture, according t...

Microsoft reveals 128-bit AES encryption based wireless keyboard - 06/07/2011 08:04 AM
Mircosoft announced the Wireless Desktop 2000, a new wireless keyboard that protects your keystrokes with AES 128-bit encryption. The unit will be available within about a month for roughly $40. The e...