Hej på er,

Eftersom jag befann mig i ett flygplan på väg till London igårkväll så kommer detta först nu, men här är i alla fall september månads säkerhetsuppdateringar.

Mvh/Micke

 

Executive Summaries

The security bulletins for this month are as follows, in order of severity:


Critical (4)

Microsoft Security Bulletin MS08-054

Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)

Executive Summary

This security update resolves a privately reported vulnerability in Windows Media Player that could allow remote code execution when a specially crafted audio file is streamed from a Windows Media server. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating

Critical

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update does not require a restart.

Affected Software

Microsoft Windows. For more information, see the Affected Software and Download Locations section.

 

Microsoft Security Bulletin MS08-052

Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)

Executive Summary

This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating

Critical

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.

Affected Software

Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, Visual Studio. For more information, see the Affected Software and Download Locations section.

 

Microsoft Security Bulletin MS08-053

Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)

Executive Summary

This security update resolves a privately reported vulnerability in Windows Media Encoder 9 Series. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating

Critical

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.

Affected Software

Microsoft Windows. For more information, see the Affected Software and Download Locations section.

 

Microsoft Security Bulletin MS08-055

Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)

Executive Summary

This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating

Critical

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. Mostly, the update does not require a restart.

Affected Software

Microsoft Office. For more information, see the Affected Software and Download Locations section.