February 2008 Monthly Bulletin Release

I'm Simon, Release Manager in the MSRC.  The February 2008 release contains 11 new bulletins, 6 of which have maximum severities of "Critical".

MS08-003            Vulnerability in Active Directory Could Allow Denial of Service (946538)

MS08-004            Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)

MS08-005            Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)

MS08-006            Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)

MS08-007            Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)

MS08-008            Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)

MS08-009            Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077)

MS08-010            Cumulative Security Update for Internet Explorer (944533)

MS08-011            Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)

MS08-012            Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085)

MS08-013            Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108)

If you read the February Advance Notification which we published Thursday last week, you may have noticed that the February release contains one less bulletin than was projected.  We continue test and work on the updates and bulletins right up until they are published.  If we find an issue with a planned bulletin, in order to make sure that we protect customers with the highest possible quality of update and detection, we may need to pull a bulletin out if it in any way falls short of this mark.  If this happens in the few days before release, this may cause a delta between the Advance Notification, and what we actually release.  Of course any such bulletin will be made right, and put back into the release process as quickly as possible.

Please join us for the regular monthly security bulletin webcast, Wednesday February 13 11:00 AM PT (GMT -8). We'll have an overview of the February bulletins, and you'll have the opportunity to ask us questions around the release.

Cheers,

Simon

*This posting is provided "AS IS" with no warranties, and confers no rights.*