|
|
| Microsoft Security Bulletins |
RSS Feed URL : http://www.microsoft.com/technet/security/bulletin/secrss.aspx
Category : Microsoft
Total Views : 15 |
| Latest entries from this feed url |
MS08-029 – Moderate: Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044)
Bulletin Severity Rating:Moderate - This security update resolves two privately reported vulnerabilities in the Microsoft Malware Protection Engine. An attacker could exploit either of the vulnerabilities by constructing a specially crafted file that could allow denial of service when received by the target computer system and scanned by the Microsoft Malware Protection Engine. An attacker who successfully exploited this vulnerability could cause the Microsoft Malware Protection Engine to stop responding and automatically restart.
MS08-028 – Important: Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749)
Bulletin Severity Rating:Critical - This security update resolves a security vulnerability in the Microsoft Jet Database Engine (Jet) in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-027 – Critical: Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208)
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-026 – Critical: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-025 – Important: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)
Bulletin Severity Rating:Important - This important security update resolves a privately reported vulnerability in the Windows kernel. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
MS08-024 - Critical: Cumulative Security Update for Internet Explorer (947864)
Bulletin Severity Rating:Critical - This critical security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-023 - Critical: Security Update of ActiveX Kill Bits (948881)
Bulletin Severity Rating:Critical - This critical security update resolves one privately reported vulnerability for a Microsoft product. This update also includes a kill bit for the Yahoo! Music Jukebox product. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-022 – Critical: Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
Bulletin Severity Rating:Critical - This critical security update resolves a privately reported vulnerability in the VBScript and JScript scripting engines in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS08-021 – Critical: Vulnerability in GDI Could Allow Remote Code Execution (948590)
Bulletin Severity Rating:Critical - This critical security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted EMF or WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS08-020 – Important: Vulnerability in DNS Client Could Allow Spoofing (945553)
Bulletin Severity Rating:Important - This important security update resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS clients and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations.
MS08-019 – Important: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)
Bulletin Severity Rating:Important - This security update resolves privately reported vulnerabilities in Microsoft Office Visio that could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-018 – Critical: Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Project that could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-017 - Critical: Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)
Bulletin Severity Rating:Critical - This critical update resolves two privately reported vulnerabilities in Microsoft Office Web Components. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-016 – Critical: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-015 - Critical: Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Office Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane.
MS08-014 - Critical: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
Bulletin Severity Rating:Critical - This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-013 – Critical: Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108)
Bulletin Severity Rating:Critical - This critical security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file with a malformed object inserted into the document. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-012 - Critical: Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085)
Bulletin Severity Rating:Critical - This critical security update resolves two privately reported vulnerabilities in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-011 – Important: Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)
Bulletin Severity Rating:Important - This important security update resolves three privately reported vulnerabilities in the Microsoft Works File Converter. These vulnerabilities could allow remote code execution if a user opens a specially crafted Works (.wps) file with an affected version of Microsoft Office, Microsoft Works, or Microsoft Works Suite. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS08-010 - Critical: Cumulative Security Update for Internet Explorer (944533)
Bulletin Severity Rating:Critical - This critical security update resolves three privately reported and one publicly reported vulnerabilities. The most serious of the vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-009 - Critical: Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077)
Bulletin Severity Rating:Critical - This critical security update resolves one privately reported vulnerability in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-008 – Critical: Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)
Bulletin Severity Rating:Critical - This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page. The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE) Automation. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-007 – Critical: Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)
Bulletin Severity Rating:Critical - This critical security update resolves one privately reported vulnerability in the WebDAV Mini-Redirector. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS08-006 – Important: Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)
Bulletin Severity Rating:Important - This important update resolves a privately reported vulnerability in Internet Information Services (IIS). A remote code execution vulnerability exists in the way that IIS handles input to ASP Web pages. An attacker who successfully exploited this vulnerability could then perform actions on the IIS server with the same rights as the Worker Process Identity (WPI). The WPI is configured with Network Service account privileges by default. IIS servers with ASP pages whose application pools are configured with a WPI that uses an account with administrative privileges could be more seriously impacted than IIS servers whose application pool is configured with the default WPI settings.
MS08-005 – Important: Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
Bulletin Severity Rating:Important - This important update resolves a privately reported vulnerability in Internet Information Services (IIS). A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
