Microsoft fixes eight flaws with four patches

by Hilbert Hagedoorn on: 09/10/2008 10:43 AM | source: | 0 comment(s)

It's patch tuesday, If you are a Windows users, make sure you hit Windows Update and get patched up.

MS08-052: Critical - Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) - this bulletin affects all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008, Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4, Microsoft Digital Image Suite 2006, SQL Server 2000 Reporting Services Service Pack 2, all supported editions of SQL Server 2005, Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package, and Microsoft Report Viewer 2008 Redistributable Package. It addresses the issues detailed in CVE-2008-5348, CVE-2008-3012, CVE-2008-3013, CVE-2008-3014, and CVE-2008-3015. Microsoft says these vulnerabilities "could allow remote code execution, if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content."

MS08-053: Critical - Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156) - this bulletin affects all supported and affected editions of Microsoft Windows 2000, Windows XP, and Windows Vista, as well as supported and affected versions of Windows Server 2003 and Windows Server 2008. It addresses the vulnerability detailed in CVE-2008-3008. Microsoft says the vulnerability could "allow remote code execution, if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system."

MS08-054: Critical - Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154) - this bulletin affects all supported and affected editions of Windows Media Player 11. This bulletin addresses the issues detailed in CVE-2008-2253. Microsoft says there is a "vulnerability in Windows Media Player that could allow remote code execution when a specially crafted audio file is streamed from a Windows Media server. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system."

MS08-055: Critical - Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047) - this bulletin affects supported editions of Microsoft Office OneNote 2007 and supported editions of Microsoft Office XP, Microsoft Office 2003, and 2007 Microsoft Office System. This bulletin addresses the vulnerability detailed in CVE-2008-3007. Microsoft says "if a user clicks a specially crafted OneNote URL...an attacker who successfully exploited this vulnerability could take complete control of an affected system."

Related Stories

Microsoft urges companies to dump Windows XP - 09/19/2011 10:09 AM
In an new post on the official Windows blog site, Microsoft's Stephen L Rose stated that there are two big reasons for leaving Windows XP behind. One of them is, of course, the fact that there is a ne...

Microsoft shows off Windows 8 preview - 09/14/2011 10:04 AM
Microsoft presented a developer preview of Windows 8 at its BUILD conference in Los Angeles. The company demonstrates the new Metro user interface, Internet Explorer 10, new touch features and many ot...

Microsoft adds RAW preview support to Windows 7 - 07/28/2011 10:04 AM
After a quick codec pack download, those of you running Windows 7 or Vista should be able to preview RAW files straight from Windows Explorer, without having to use third-party tools like Adobe Bridge...

AMD Bulldozer APU could Power Microsoft's Next Xbox Console - 07/22/2011 10:43 AM
Accriding to a rumor on the web Microsoft's next-generation Xbox gaming console might be powered by an AMD-designed accelerated processing unit that is based on the Bulldozer architecture, according t...

Microsoft reveals 128-bit AES encryption based wireless keyboard - 06/07/2011 09:04 AM
Mircosoft announced the Wireless Desktop 2000, a new wireless keyboard that protects your keystrokes with AES 128-bit encryption. The unit will be available within about a month for roughly $40. The e...