Advertisement
Promo

Security threats Toolkit

Microsoft patches four security flaws

Robert Vamosi CNET News

Published: 12 Nov 2008 10:08 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Microsoft on Tuesday released its November 2008 security bulletin, including one patch rated 'critical'.

The critical bulletin affects Microsoft XML Core Services and Internet Explorer, while the 'important' bulletin affects Microsoft Server Message Block (SMB) Protocol. Both affect all versions of Windows.

From October, Microsoft began sharing the technical details of new vulnerabilities to give software developers a chance to update affected products before the public announcement. Microsoft is including within each bulletin an 'exploitability index' to help system administrators prioritise the patches. All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS08-068: Important
Exploitability index: 1. Microsoft recommends customers apply the update at the earliest opportunity. Titled 'Vulnerability in SMB could allow remote code execution (957097)', this bulletin is important for all supported editions of Microsoft Windows 2000, Windows XP and Windows Server 2003, and moderate for all supported editions of Windows Vista and Windows Server 2008. This bulletin addresses the vulnerability detailed in CVE-2008-4037. Microsoft said an attacker "who successfully exploited this vulnerability could install programs; view, change or delete data; or create new accounts with full user rights".

MS08-069: Critical
Exploitability index: 1-2. Microsoft recommends customers apply this update immediately. Titled 'Vulnerabilities in Microsoft XML Core Services could allow remote code execution (955218)", this bulletin is rated critical for Microsoft XML Core Services 3.0 and important for Microsoft XML Core Services 4.0, Microsoft XML Core Services 5.0 and Microsoft XML Core Services 6.0. This bulletin replaces MS07-042 and addresses the three vulnerabilities detailed in CVE-2007-0099, CVE-2008-4029 and CVE-2008-4033. Microsoft said: "The most severe vulnerability could allow remote code execution if a user viewed a specially crafted web page using Internet Explorer".

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
3 out of 3 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

1 comment

  1. Great to have the patches but which of my systems... lumension

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:




Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

4 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters