NICK ADSL UK Posted October 14, 2008 Report Share Posted October 14, 2008 Microsoft Security Bulletin(s) for October 14 2008 Note: There may be latency issues due to replication, if the page does not display keep refreshingToday Microsoft released the following Security Bulletin(s). Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.Bulletin Summary:http://www.microsoft.com/technet/security/...n/ms08-oct.mspx Critical (4 )Microsoft Security Bulletin MS08-060Vulnerability in Active Directory Could Allow Remote Code Execution (957280)http://go.microsoft.com/fwlink/?LinkId=128125Microsoft Security Bulletin MS08-058 Cumulative Security Update for Internet Explorer (956390)http://go.microsoft.com/fwlink/?LinkID=128060Microsoft Security Bulletin MS08-059 Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)http://go.microsoft.com/fwlink/?LinkId=125712Microsoft Security Bulletin MS08-057 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)http://go.microsoft.com/fwlink/?LinkID=124653Important (6)Microsoft Security Bulletin MS08-066 Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)http://go.microsoft.com/fwlink/?LinkId=125709Microsoft Security Bulletin MS08-061 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)http://www.microsoft.com/technet/security/...n/MS08-061.mspxMicrosoft Security Bulletin MS08-062 Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)http://go.microsoft.com/fwlink/?LinkId=120829Microsoft Security Bulletin MS08-063 Vulnerability in SMB Could Allow Remote Code Execution (957095)http://go.microsoft.com/fwlink/?LinkID=127994Microsoft Security Bulletin MS08-064 Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)http://go.microsoft.com/fwlink/?LinkId=128103Microsoft Security Bulletin MS08-065 Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)http://www.microsoft.com/technet/security/...n/MS08-065.mspxModerate (1)Microsoft Security Bulletin MS08-056 Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)http://go.microsoft.com/fwlink/?LinkId=128145Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so. If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.Security ToolFind out if you are missing important Microsoft product updates by using MBSA. Link to comment Share on other sites More sharing options...
ɹəuəllıʍ ʇɐb Posted October 16, 2008 Report Share Posted October 16, 2008 Microsoft Security Bulletin MS08-066 Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)http://go.microsoft.com/fwlink/?LinkId=125709Similar as with the July update (KB951748), KB956803 can also lead to a loss of Internet connection in conjunction with older versions of ZoneAlarm. For details see this post http://www.microsoft.com/communities/newsg...ac-db971bcb15af Link to comment Share on other sites More sharing options...
ɹəuəllıʍ ʇɐb Posted October 24, 2008 Report Share Posted October 24, 2008 Microsoft Security Bulletin MS08-067 – CriticalVulnerability in Server Service Could Allow Remote Code Execution (958644)This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter. Link to comment Share on other sites More sharing options...
Recommended Posts