Peaches Posted December 10, 2008 Report Share Posted December 10, 2008 (edited) Microsoft issues mammoth security update, biggest in five yearsFixes 28 flaws in Windows, Office, IE, ActiveX development tools and more"December 9, 2008 (Computerworld) Microsoft Corp. today patched 28 vulnerabilities, nearly all of them marked "critical," in the biggest batch of fixes it has issued since it switched to a regular monthly update schedule more than five years ago.Of the 28 bugs quashed today, Microsoft ranked 23 of them critical, the top rating in its four-step scoring system. Of the five others, three were judged to be "important," the next step down, and two were pegged as "moderate." The patches were issued in eight updates for Windows, Internet Explorer, Office, SharePoint, Windows Media, and the company's most popular development tools, Visual Basic and Visual Studio. Researchers agreed that one of the Windows updates should be tops on everyone's to-do list. "There are a few that will stick out for a lot of people," said Andrew Storms, director of security operations at nCircle Network Security Inc. "The GDI is one." MS08-071, which contains two separate vulnerabilities, both critical, updates the Graphics Device Interface (GDI), the core graphics rendering component of Windows. GDI has been repeatedly patched by Microsoft, most recently in September. "full details here: http://www.computerworld.com/action/articl...tsrc=hm_ts_head>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Highly critical .. WordPad Text Converter for Word 97 Description:A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.The vulnerability is caused due to an unspecified error in the WordPad Text Converter for Word 97 files and can be exploited to corrupt memory.Successful exploitation allows execution of arbitrary code.NOTE: According to Microsoft, the vulnerability is currently being actively exploited.Solution:Do not open untrusted documents using WordPad.The vendor recommends Windows XP SP2 users to upgrade to Windows XP SP3, which is reportedly not affected.Provided and/or discovered by:Reported as a 0-day.Original Advisory:Microsoft (KB960906):http://www.microsoft.com/technet/security/...ory/960906.mspxMicrosoft Office Word Multiple Vulnerabilities Multiple vulnerabilities have been reported in Microsoft Office Word, which can be exploited by malicious people to compromise a user's system.1) An unspecified error when parsing certain records can be exploited to corrupt memory via a specially crafted Word file.2) An integer overflow error exists when calculating the space required for the specified number of points in a polyline or polygon. This can be exploited to cause a heap-based buffer overflow during parsing of objects in Rich Text Format (.rtf) files e.g. when a user opens a specially crafted .rtf file with Word or previews a specially crafted e-mail.3) An unspecified error when parsing certain records can be exploited to corrupt memory via a specially crafted Word file.4) An unspecified error when parsing control words in RTF files can be exploited to corrupt memory via a specially crafted RTF file.5) An unspecified error when parsing control words in RTF files can be exploited to corrupt memory via a specially crafted RTF file.6) An unspecified error when parsing control words in RTF files can be exploited to corrupt memory via a specially crafted RTF file.7) An unspecified error when parsing strings in RTF files can be exploited to corrupt memory via a specially crafted RTF file.8) An unspecified error when parsing certain records can be exploited to corrupt memory via a specially crafted Word file.Successful exploitation of the vulnerabilities may allow execution of arbitrary code.Solution:Apply patches.Original Advisory:MS08-072 (KB957173):http://www.microsoft.com/technet/security/...n/MS08-072.mspxSee here for details & links: http://secunia.com/advisories/30285/>>>>>>>>>>>>>>>>>>>>>Other highly critical Microsoft software Vulnerabilities] ... * Microsoft Excel Multiple VulnerabilitiesSome vulnerabilities have been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. Microsoft Visual Basic ActiveX Controls Multiple Vulnerabilities Highly critical Multiple vulnerabilities have been reported in various Microsoft products, which can be exploited by malicious people to compromise a user's system. Microsoft Internet Explorer Multiple VulnerabilitiesIssued 8 hours ago. // Highly critical // Some vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system. All of the above can be viewed here: http://secunia.com/advisories/ Edited December 10, 2008 by Peaches Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.