Nick VR4
08-07-2008, 09:33 PM
Bulletin Information
The security bulletins for this month are as follows, in order of severity:
[/IMG]Important (4)[/URL][/B]
Bulletin IdentifierMicrosoft Security Bulletin MS08-040Bulletin Title
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) (http://go.microsoft.com/fwlink/?LinkID=113725)
Executive Summary
This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Maximum Severity Rating
Important (http://go.microsoft.com/fwlink/?LinkId=21140)
Impact of Vulnerability
Elevation of Privilege
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software
Microsoft Windows, Microsoft SQL Server. For more information, see the Affected Software and Download Locations section.
Bulletin IdentifierMicrosoft Security Bulletin MS08-038Bulletin Title
Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582) (http://go.microsoft.com/fwlink/?LinkId=117296)
Executive Summary
This security update resolves a publicly reported vulnerability in Windows Explorer that could allow remote code execution when a specially crafted saved-search file is opened and saved. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating
Important (http://go.microsoft.com/fwlink/?LinkId=21140)
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.
Affected Software
Microsoft Windows. For more information, see the Affected Software and Download Locations section.
Bulletin IdentifierMicrosoft Security Bulletin MS08-037Bulletin Title
Vulnerabilities in DNS Could Allow Spoofing (953230) (http://go.microsoft.com/fwlink/?LinkID=119620)
Executive Summary
This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.
Maximum Severity Rating
Important (http://go.microsoft.com/fwlink/?LinkId=21140)
Impact of Vulnerability
Spoofing
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.
Affected Software
Microsoft Windows. For more information, see the Affected Software and Download Locations section.
Bulletin IdentifierMicrosoft Security Bulletin MS08-039Bulletin Title
Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) (http://go.microsoft.com/fwlink/?LinkId=120820)
Executive Summary
This security update resolves two privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server. An attacker who successfully exploited these vulnerabilities could gain access to an individual OWA client’s session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from within the individual client’s OWA session.
Maximum Severity Rating
Important (http://go.microsoft.com/fwlink/?LinkId=21140)
Impact of Vulnerability
Elevation of Privilege
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software
Microsoft Windows. For more information, see the Affected Software and Download Locations section.
The security bulletins for this month are as follows, in order of severity:
[/IMG]Important (4)[/URL][/B]
Bulletin IdentifierMicrosoft Security Bulletin MS08-040Bulletin Title
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) (http://go.microsoft.com/fwlink/?LinkID=113725)
Executive Summary
This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Maximum Severity Rating
Important (http://go.microsoft.com/fwlink/?LinkId=21140)
Impact of Vulnerability
Elevation of Privilege
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software
Microsoft Windows, Microsoft SQL Server. For more information, see the Affected Software and Download Locations section.
Bulletin IdentifierMicrosoft Security Bulletin MS08-038Bulletin Title
Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582) (http://go.microsoft.com/fwlink/?LinkId=117296)
Executive Summary
This security update resolves a publicly reported vulnerability in Windows Explorer that could allow remote code execution when a specially crafted saved-search file is opened and saved. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating
Important (http://go.microsoft.com/fwlink/?LinkId=21140)
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.
Affected Software
Microsoft Windows. For more information, see the Affected Software and Download Locations section.
Bulletin IdentifierMicrosoft Security Bulletin MS08-037Bulletin Title
Vulnerabilities in DNS Could Allow Spoofing (953230) (http://go.microsoft.com/fwlink/?LinkID=119620)
Executive Summary
This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.
Maximum Severity Rating
Important (http://go.microsoft.com/fwlink/?LinkId=21140)
Impact of Vulnerability
Spoofing
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.
Affected Software
Microsoft Windows. For more information, see the Affected Software and Download Locations section.
Bulletin IdentifierMicrosoft Security Bulletin MS08-039Bulletin Title
Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) (http://go.microsoft.com/fwlink/?LinkId=120820)
Executive Summary
This security update resolves two privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server. An attacker who successfully exploited these vulnerabilities could gain access to an individual OWA client’s session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from within the individual client’s OWA session.
Maximum Severity Rating
Important (http://go.microsoft.com/fwlink/?LinkId=21140)
Impact of Vulnerability
Elevation of Privilege
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software
Microsoft Windows. For more information, see the Affected Software and Download Locations section.