Microsoft Security Bulletin Summary for October 2008http://www.microsoft.com/technet/securi ... 8-oct.mspx Critical Security Bulletins (5)============================================================
MS08-060 - Vulnerability in Active Directory Could Allow Remote Code Execution (957280)http://www.microsoft.com/technet/securi ... 8-060.mspx - Affected Software:
- Active Directory on Microsoft Windows 2000 Server Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS08-058 - Cumulative Security Update for Internet Explorer (956390)http://www.microsoft.com/technet/securi ... 8-058.mspx - Affected Software:
- Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
- Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4
- Internet Explorer 6 for Windows XP Service Pack 2 and Windows XP Service Pack 3
- Internet Explorer 6 for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
- Internet Explorer 6 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
- Internet Explorer 6 for Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
- Internet Explorer 6 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7 for Windows XP Service Pack 2 and Windows XP Service Pack 3
- Internet Explorer 7 for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
- Internet Explorer 7 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
- Internet Explorer 7 for Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
- Internet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7 in Windows Vista and Windows Vista Service Pack 1
- Internet Explorer 7 in Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
- Internet Explorer 7 in Windows Server 2008 for 32-bit Systems (Windows Server 2008 Server Core installation not affected)
- Internet Explorer 7 in Windows Server 2008 for x64-based Systems (Windows Server 2008 Server Core installation not affected)
- Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems
- Impact: Remote Code Execution
- Version Number: 1.0
MS08-059 Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)http://www.microsoft.com/technet/securi ... 8-059.mspx - Affected Software:
- Microsoft Host Integration Server 2000 Service Pack 2 (Server)
- Microsoft Host Integration Server 2000 Administrator Client
- Microsoft Host Integration Server 2004 (Server)
- Microsoft Host Integration Server 2004 Service Pack 1 (Server)
- Microsoft Host Integration Server 2004 (Client)
- Microsoft Host Integration Server 2004 Service Pack 1 (Client)
- Microsoft Host Integration Server 2006 for 32-bit Systems
- Microsoft Host Integration Server 2006 for 64-bit Systems
- Impact: Remote Code Execution
- Version Number: 1.0
MS08-057 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)http://www.microsoft.com/technet/securi ... 8-057.mspx - Affected Software:
- Microsoft Office Excel 2000 Service Pack 3
- Microsoft Office Excel 2002 Service Pack 3
- Microsoft Office Excel 2003 Service Pack 2
- Microsoft Office Excel 2003 Service Pack 3
- Microsoft Office Excel 2007
- Microsoft Office Excel 2007 Service Pack 1
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
- Microsoft Office Excel Viewer 2003
- Microsoft Office Excel Viewer 2003 Service Pack 3
- Microsoft Office Excel Viewer
- Microsoft Office Compatibility Pack for Word, Excel, and
PowerPoint 2007 File Formats
- Microsoft Office Compatibility Pack for Word, Excel, and
PowerPoint 2007 File Formats Service Pack 1
- Microsoft Office SharePoint Server 2007
- Microsoft Office SharePoint Server 2007 Service Pack 1
- Microsoft Office SharePoint Server 2007 x64 Edition
- Microsoft Office SharePoint Server 2007 x64 Edition
Service Pack 1
- Impact: Remote Code Execution
- Version Number: 1.0
<EDIT 23 Oct-08>MS08-067 Vulnerability in Server Service Could Allow Remote Code Execution (958644)http://www.microsoft.com/technet/securi ... 8-067.mspx Executive SummaryThis security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.
This security update is rated
Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated
Important for all supported editions of Windows Vista and Windows Server 2008...
- Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2 and Windows XP Service Pack 3
- Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems
- Windows Vista and Windows Vista Service Pack 1
- Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
- Windows Server 2008 for 32-bit Systems (Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems (Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems
- Impact: Remote Code Execution
- Restart Requirement:
The update requires a restart - Version Number: 1.0
[More at
viewtopic.php?f=29&t=36622&p=203352#p203352]
</EDIT 23 Oct-08>Important Security Bulletins (6)============================================================
MS08-066 Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)http://www.microsoft.com/technet/securi ... 8-066.mspx - Affected Software:
- Windows XP Service Pack 2 and
Windows XP Service Pack 3
- Windows XP Professional x64 Edition and
Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1 and
Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition and
Windows 2003 Server x64 Edition Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems and
Windows Server 2003 with SP2 for Itanium based Systems
- Impact: Elevation of Privilege
- Version Number: 1.0
MS08-061 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)http://www.microsoft.com/technet/securi ... 8-061.mspx - Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2 and
Windows XP Service Pack 3
- Windows XP Professional x64 Edition and
Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1 and
Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition and
Windows 2003 Server x64 Edition Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems and
Windows Server 2003 with SP2 for Itanium based Systems
- Windows Vista and
Windows Vista Service Pack 1
- Windows Vista x64 Edition and
Windows Vista x64 Edition Service Pack 1
- Windows Server 2008 for 32-bit Systems
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems
- Impact: Elevation of Privilege
- Version Number: 1.0
MS08-062 Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)http://www.microsoft.com/technet/securi ... 8-062.mspx - Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2 and
Windows XP Service Pack 3
- Windows XP Professional x64 Edition and
Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1 and
Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition and
Windows 2003 Server x64 Edition Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems and
Windows Server 2003 with SP2 for Itanium based Systems
- Windows Vista and
Windows Vista Service Pack 1
- Windows Vista x64 Edition and
Windows Vista x64 Edition Service Pack 1
- Windows Server 2008 for 32-bit Systems
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems
- Impact: Remote Code Execution
- Version Number:
2.2 (October 29, 2008) - Reason for Revision: Revised entries in the section, Frequently Asked Questions (FAQ) Related to This Security Update, and in the Microsoft Baseline Security Analyzer (MBSA) and Systems Management Server (SMS) detection and deployment tables in the section, Detection and Deployment Tools and Guidance, to notify customers that the update packages for Windows Server 2008 for Itanium-based Systems and all supported editions of Windows Vista have now been made available on Windows Update, Microsoft Update, Windows Software Update Services (WSUS), Systems Management Server, and System Center Configuration Manager.
MS08-063 Vulnerability in SMB Could Allow Remote Code Execution (957095)http://www.microsoft.com/technet/securi ... 8-063.mspx - Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2 and
Windows XP Service Pack 3
- Windows XP Professional x64 Edition and
Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1 and
Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition and
Windows 2003 Server x64 Edition Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems and
Windows Server 2003 with SP2 for Itanium based Systems
- Windows Vista and
Windows Vista Service Pack 1
- Windows Vista x64 Edition and
Windows Vista x64 Edition Service Pack 1
- Windows Server 2008 for 32-bit Systems
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems
- Impact: Remote Code Execution
- Version Number: 1.0
MSO8-064 Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)http://www.microsoft.com/technet/securi ... 8-064.mspx - Affected Software:
- Windows XP Service Pack 2 and
Windows XP Service Pack 3
- Windows XP Professional x64 Edition and
Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1 and
Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition and
Windows 2003 Server x64 Edition Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems and
Windows Server 2003 with SP2 for Itanium based Systems
- Windows Vista and
Windows Vista Service Pack 1
- Windows Vista x64 Edition and
Windows Vista x64 Edition Service Pack 1
- Windows Server 2008 for 32-bit Systems
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems
- Impact: Elevation of Privilege
- Version Number: 1.0
MS08-065 Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)http://www.microsoft.com/technet/securi ... 8-065.mspx - Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
Moderate Security Bulletins (1)============================================================
MS08-056 Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)http://www.microsoft.com/technet/securi ... 8-056.mspx - Affected Software:
- Microsoft Office XP Service Pack 3
- Impact: Remote Code Execution
- Version Number: 1.0
Other Information
=================Microsoft Windows Malicious Software Removal Tool:
==================================================Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
Non-Security, High-Priority Updates on MU, WU, and WSUS:
========================================================For information about non-security releases on Windows Update and Microsoft Update, please see:
Note that this information pertains only to
non-security, high-priority updates on Microsoft Update, Windows Update, Windows Server Update Services, and Software Update Services released on the same day as the Security Bulletin Summary. Information will not be provided about
non-security updates released on other days.
========================================================Support
- Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.
- International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.
© 2008 Microsoft Corporation. All rights reserved.
Login
Register
FAQ
Search
