Microsoft patches 10 flaws with seven bulletins

by Hilbert Hagedoorn on: 06/11/2008 08:34 AM | source: | 0 comment(s)

Microsoft today released its June 2008 security bulletin, which includes three critical, three important, and one moderate patch. Of the critical, one is for the Bluetooth stack in Windows XP and Windows Vista, one is for DirectX, and another is a cumulative update to Internet Explorer. The one moderate bulletin covers a flaw in the speech recognition feature in Windows 2000, XP, and Windows Vista. Of the important bulletins, one concerns Active Directory and another Pragmatic General Multicast (PGM)

MS08-030: Critical - Titled "Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)", this bulletin is critical for users of Windows XP and Windows Vista (both 32-bit and 64-bit editions). The update addresses vulnerabilities detailed in CVE-2008-1453. The patch modifies the way that the Bluetooth stack handles a large number of service description requests. Microsoft says an attacker could use this to take complete control of an affected system; install programs; view, change, or delete data; or create new accounts with full user rights.

MS08-031: Critical - Titled "Cumulative Security Update for Internet Explorer (950759)", this bulletin affects all users of Windows. However, the critical designation only applies to users of Windows XP and Windows Vista; all others are deemed moderate or important by Microsoft. The update addresses vulnerabilities in CVE-2008-1442 and CVE-2008-1544. The cumulative patch fixes a couple of vulnerabilities including one that could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer and another which could allow information disclosure if a user viewed a specially crafted Web page using Internet Explorer.

MS08-033: Critical - Titled "Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)", this bulletin affects all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. This update addresses the vulnerability detailed in CVE-2008-0011 and CVE-2008-1444. Microsoft says the vulnerability "could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

Related Stories

Microsoft urges companies to dump Windows XP - 09/19/2011 10:09 AM
In an new post on the official Windows blog site, Microsoft's Stephen L Rose stated that there are two big reasons for leaving Windows XP behind. One of them is, of course, the fact that there is a ne...

Microsoft shows off Windows 8 preview - 09/14/2011 10:04 AM
Microsoft presented a developer preview of Windows 8 at its BUILD conference in Los Angeles. The company demonstrates the new Metro user interface, Internet Explorer 10, new touch features and many ot...

Microsoft adds RAW preview support to Windows 7 - 07/28/2011 10:04 AM
After a quick codec pack download, those of you running Windows 7 or Vista should be able to preview RAW files straight from Windows Explorer, without having to use third-party tools like Adobe Bridge...

AMD Bulldozer APU could Power Microsoft's Next Xbox Console - 07/22/2011 10:43 AM
Accriding to a rumor on the web Microsoft's next-generation Xbox gaming console might be powered by an AMD-designed accelerated processing unit that is based on the Bulldozer architecture, according t...

Microsoft reveals 128-bit AES encryption based wireless keyboard - 06/07/2011 09:04 AM
Mircosoft announced the Wireless Desktop 2000, a new wireless keyboard that protects your keystrokes with AES 128-bit encryption. The unit will be available within about a month for roughly $40. The e...