Hej på er,

Så var det då dags igen, andra tisdagen i månaden och det är uppdateringsdags. Fyra kritiska bulletiner den här månaden, sex viktiga och en lite mindre viktig. Elva uppdateringar allt som allt alltså om dina system sedan tidigare är uppdaterade. Här följer som vanligt sammanfattningen av dem:

Bulletin Information

Executive Summaries

The security bulletins for this month are as follows, in order of severity:

Critical (4)

Microsoft Security Bulletin MS08-060

Vulnerability in Active Directory Could Allow Remote Code Execution (957280)

Executive Summary

This security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker gains access to an affected network. This vulnerability only affects Microsoft Windows 2000 servers configured to be domain controllers. If a Microsoft Windows 2000 server has not been promoted to a domain controller, it will not be listening to Lightweight Directory Access Protocol (LDAP) or LDAP over SSL (LDAPS) queries, and will not be exposed to this vulnerability.

Maximum Severity Rating

Critical

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.

Affected Software

Microsoft Windows. For more information, see the Affected Software and Download Locations section.

 

Microsoft Security Bulletin MS08-058

Cumulative Security Update for Internet Explorer (956390)

Executive Summary

This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerabilities could allow information disclosure or remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating

Critical

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.

Affected Software

Microsoft Windows, Internet Explorer. For more information, see the Affected Software and Download Locations section.

 

Microsoft Security Bulletin MS08-059

Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)

Executive Summary

This security update resolves a privately reported vulnerability in Microsoft Host Integration Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted Remote Procedure Call (RPC) request to an affected system. Customers who follow best practices and configure the SNA RPC service account to have fewer user rights on the system could be less impacted than customers who configure the SNA RPC service account to have administrative user rights.

Maximum Severity Rating

Critical

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.

Affected Software

Microsoft Host Integration Server. For more information, see the Affected Software and Download Locations section.

 

Microsoft Security Bulletin MS08-057

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)

Executive Summary

This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating

Critical

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update does not require a restart.

Affected Software

Microsoft Office. For more information, see the Affected Software and Download Locations section.

 
Important (6)

Microsoft Security Bulletin MS08-066

Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)

Executive Summary

This security update resolves a privately reported vulnerability in the Microsoft Ancillary Function Driver. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Maximum Severity Rating

Important

Impact of Vulnerability

Elevation of Privilege

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.

Affected Software

Microsoft Windows. For more information, see the Affected Software and Download Locations section.

 

Microsoft Security Bulletin MS08-061

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)

Executive Summary

This security update resolves one publicly disclosed and two privately reported vulnerabilities in the Windows kernel. A local attacker who successfully exploited these vulnerabilities could take complete control of an affected system. The vulnerabilities could not be exploited remotely or by anonymous users.

Maximum Severity Rating

Important

Impact of Vulnerability

Elevation of Privilege

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.

Affected Software

Microsoft Windows. For more information, see the Affected Software and Download Locations section.

 

Microsoft Security Bulletin MS08-062

Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)

Executive Summary

This update resolves a privately reported vulnerability in the Windows Internet Printing Service that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating

Important

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.

Affected Software

Microsoft Windows. For more information, see the Affected Software and Download Locations section.

 

Microsoft Security Bulletin MS08-063

Vulnerability in SMB Could Allow Remote Code Execution (957095)

Executive Summary

This security update resolves a privately reported vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerability could allow remote code execution on a server that is sharing files or folders. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights.

Maximum Severity Rating

Important

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.

Affected Software

Microsoft Windows. For more information, see the Affected Software and Download Locations section.

 

Microsoft Security Bulletin MS08-064

Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)

Executive Summary

This security update resolves a privately reported vulnerability in Virtual Address Descriptor. The vulnerability could allow elevation of privilege if a user runs a specially crafted application. An authenticated attacker who successfully exploited this vulnerability could gain elevation of privilege on an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

Maximum Severity Rating

Important

Impact of Vulnerability

Elevation of Privilege

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.

Affected Software

Microsoft Windows. For more information, see the Affected Software and Download Locations section.

 

Microsoft Security Bulletin MS08-065

Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)

Executive Summary

This security update resolves a privately reported vulnerability in the Message Queuing Service (MSMQ) on Microsoft Windows 2000 systems. The vulnerability could allow remote code execution on Microsoft Windows 2000 systems with the MSMQ service enabled.

Maximum Severity Rating

Important

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.

Affected Software

Microsoft Windows. For more information, see the Affected Software and Download Locations section.

 
Moderate (1)

Microsoft Security Bulletin MS08-056

Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)

Executive Summary

This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user clicks a specially crafted CDO URL. An attacker who successfully exploited this vulnerability could inject a client-side script in the user's browser that could spoof content, disclose information, or take any action that the user could take on the affected Web site.

Maximum Severity Rating

Moderate

Impact of Vulnerability

Information Disclosure

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update does not require a restart.

Affected Software

Microsoft Office. For more information, see the Affected Software and Download Locations section.

Mvh/Micke