Ikväll har Microsoft släppt augustis säkerhetsuppdateringar
Hej!
Augusti är här, för några av oss innebär det att vi har börjat jobba igen och för andra så är det fortfarande semester ett litet tag till. Men traditionen med säkerhetsuppdateringssläppet på den andra tisdagen i månaden fortsätter som vanligt.
Ikväll rör det sig om elva stycken till antalet, sex av dem rankade som critical och de andra fem som Important. Av de kritiska så rör två Windows, en Internet Explorer och de övriga tre Office. Av de som är rankade som important så rör de alla utom en Windows och även där alltså en som rör Office.
Via Windows Update, Microsoft Update, Windows Server Update Services och Download Center uppdateras samtidigt vårt Microsoft Windows Malicious Software Removal Tool.
Under ett par veckor nu så har det pratats rätt mycket om den säkerhetslucka som Dan Kaminsky hittade redan i våras i DNS. Det som var det intressanta i det här fallet är att han valde att jobba precis efter de rekommendationer som i alla fall vi har när det gäller Responsible Disclosure, dvs han jobbade med alla leverantörer av DNS servers som finns och kunde på det sättet lösa problemet och alla dessa företag (där ibland Microsoft) kunde sedan släppa en uppdatering på exakt samma dag. Dock så var det först den 8e aug på Blackhat konferensen som han verkligen avslöjade vad problemet var i detalj. Vid det laget hade många gissat sig till det, men det officiella svaret kom alltså först för ca en vecka sedan. För dem av er som inte följt det så rör det sig om en så kallad DNS poisoning attack som var möjlig tack vare att de flesta implementationer av DNS inte använda random ports. Med lite finurlighet kunde man på det sättet lura en DNS server att ta emot data från en falsk DNS server och på det sättet routa all trafik via sig själv istället. Det luriga med detta är att det är mycket svårt för användaren att upptäcka detta, eftersom namnet i adressfältet faktiskt stämmer, det råkar bara leda till en falsk site.
Den här månaden är, som jag förvarnade om redan förra månaden, den sista gången som det mailet går ut just via mail... det kommer ersättas av att informationen går ut här via min blogg istället på http://michaelanderberg.se. Det gör det lättare att oftare kunna informera er om viktiga och eller intressanta saker som händer kring Microsoft på säkerhetsområdet. Dessutom kan ni då lätt prenumerera på det via RSS.
Om du har frågor kring månadens säkerhetsuppdateringar eller Microsofts säkerhetsarbete i allmänhet är du välkommen att kontakta mig. Du når mig på michael.anderberg@microsoft.com eller via min blogg http://michaelanderberg.se alternativt på telefon 08 – 752 27 55. Jag kan även rekommendera Microsoft Security Response Center Blog, blogs.technet.com/msrc, för information om aktuellt säkerhetsarbete.
Hälsningar Michael
Microsoft Security Bulletin MS08-046
Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)
Executive Summary
This update resolves a privately reported vulnerability in the Microsoft Image Color Management (ICM) system that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating
Critical
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.
Affected Software
Microsoft Windows. For more information, see the Affected Software and Download Locations section.
Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)
Executive Summary
This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. All of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating
Critical
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.
Affected Software
Microsoft Windows, Internet Explorer. For more information, see the Affected Software and Download Locations section.
Microsoft Security Bulletin MS08-041
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
Executive Summary
This security update resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
Maximum Severity Rating
Critical
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update does not require a restart.
Affected Software
Microsoft Office. For more information, see the Affected Software and Download Locations section.
Microsoft Security Bulletin MS08-043
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
Executive Summary
This security update resolves four privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating
Critical
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update does not require a restart.
Affected Software
Microsoft Office. For more information, see the Affected Software and Download Locations section.
Microsoft Security Bulletin MS08-051
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)
Executive Summary
This security update resolves three privately reported vulnerabilities in Microsoft Office PowerPoint and Microsoft Office PowerPoint Viewer that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating
Critical
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update does not require a restart.
Affected Software
Microsoft Office. For more information, see the Affected Software and Download Locations section.
Microsoft Security Bulletin MS08-044
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)
Executive Summary
This security update resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating
Critical
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update does not require a restart.
Affected Software
Microsoft Office. For more information, see the Affected Software and Download Locations section.
Microsoft Security Bulletin MS08-047
Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)
Executive Summary
This update resolves a privately reported vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended to be encrypted on the network. An attacker viewing the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly. It could be used to collect useful information to try to further compromise the affected system or network.
Maximum Severity Rating
Important
Impact of Vulnerability
Information Disclosure
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.
Affected Software
Microsoft Windows. For more information, see the Affected Software and Download Locations section.
Microsoft Security Bulletin MS08-049
Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
Executive Summary
This update resolves two privately reported vulnerabilities in Microsoft Windows Event System that could allow remote code execution. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Maximum Severity Rating
Important
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.
Affected Software
Microsoft Windows. For more information, see the Affected Software and Download Locations section.
Microsoft Security Bulletin MS08-048
Security Update for Outlook Express and Windows Mail (951066)
Executive Summary
This security update resolves a privately reported vulnerability in Outlook Express and Windows Mail. The vulnerability could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating
Important
Impact of Vulnerability
Information Disclosure
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software
Microsoft Windows, Outlook Express, Windows Mail. For more information, see the Affected Software and Download Locations section.
Microsoft Security Bulletin MS08-050
Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)
Executive Summary
This security update resolves a publicly reported vulnerability in supported versions of Windows Messenger. As a result of this vulnerability, scripting of an ActiveX control could allow information disclosure in the context of the logged-on user. An attacker could change state, get contact information, and initiate audio and video chat sessions without the knowledge of the logged-on user. An attacker could also capture the user’s logon ID and remotely log on to the user’s Messenger client impersonating that user.
Maximum Severity Rating
Important
Impact of Vulnerability
Information Disclosure
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update only for Windows Messenger 4.7 on supported editions of Windows XP. The update requires a restart.
Affected Software
Microsoft Windows, Windows Messenger. For more information, see the Affected Software and Download Locations section.
Microsoft Security Bulletin MS08-042
Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)
Executive Summary
This security update resolves a publicly reported vulnerability in Microsoft Word. This vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating
Important
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update does not require a restart.
Affected Software
Microsoft Office. For more information, see the Affected Software and Download Locations section.
