Nick VR4
08-01-2008, 07:42 PM
First of many
https://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx
This bulletin summary lists security bulletins released for January 2008.
With the release of the bulletins for January 2008, this bulletin summary replaces the bulletin advance notification originally issued January 3, 2008. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.
Microsoft is hosting a webcast to address customer questions on these bulletins on January 9, 2008, at 11:00 AM Pacific Time (US & Canada). Register now for the January Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.
Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.
Bulletin Information
Executive Summaries
The security bulletins for this month are as follows, in order of severity:
Critical (1)
Bulletin Identifier Microsoft Security Bulletin MS08-001
Bulletin Title
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
Executive Summary
This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Maximum Severity Rating
Critical
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will require a restart.
Affected Software
Windows. For more information, see the Affected Software and Download Locations section.
Top of sectionTop of section
Important (1)
Bulletin Identifier Microsoft Security Bulletin MS08-002
Bulletin Title
Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)
Executive Summary
This important update resolves a privately reported vulnerability in Microsoft Windows Local Security Authority Subsystem Service (LSASS). The vulnerability could allow an attacker to run arbitrary code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Maximum Severity Rating
Important
Impact of Vulnerability
Local Elevation of Privilege
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will require a restart.
Affected Software
Windows. For more information, see the Affected Software and Download Locations section.
https://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx
This bulletin summary lists security bulletins released for January 2008.
With the release of the bulletins for January 2008, this bulletin summary replaces the bulletin advance notification originally issued January 3, 2008. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.
Microsoft is hosting a webcast to address customer questions on these bulletins on January 9, 2008, at 11:00 AM Pacific Time (US & Canada). Register now for the January Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.
Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.
Bulletin Information
Executive Summaries
The security bulletins for this month are as follows, in order of severity:
Critical (1)
Bulletin Identifier Microsoft Security Bulletin MS08-001
Bulletin Title
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
Executive Summary
This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Maximum Severity Rating
Critical
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will require a restart.
Affected Software
Windows. For more information, see the Affected Software and Download Locations section.
Top of sectionTop of section
Important (1)
Bulletin Identifier Microsoft Security Bulletin MS08-002
Bulletin Title
Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)
Executive Summary
This important update resolves a privately reported vulnerability in Microsoft Windows Local Security Authority Subsystem Service (LSASS). The vulnerability could allow an attacker to run arbitrary code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Maximum Severity Rating
Important
Impact of Vulnerability
Local Elevation of Privilege
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will require a restart.
Affected Software
Windows. For more information, see the Affected Software and Download Locations section.