September’s Patch Tuesday



September 9th, 2008

Here's what Microsoft has in store for us this Patch Tuesday:

Critical:

  • Microsoft Security Bulletin MS08-054
    Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
    This security update resolves a privately reported vulnerability in Windows Media Player that could allow remote code execution when a specially crafted audio file is streamed from a Windows Media server. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • Microsoft Security Bulletin MS08-052
    Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
    This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • Microsoft Security Bulletin MS08-053
    Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
    This security update resolves a privately reported vulnerability in Windows Media Encoder 9 Series. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • Microsoft Security Bulletin MS08-055
    Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)
    This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This entry was posted on Tuesday, September 9th, 2008 at 18:13 and is filed under Patch Tuesday. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.