Security Bulletin: December 2008 Update

security bulletin
Just in time for Christmas we have 8 new security bulletins being released today.  Please see details of these below and make sure to apply these where it makes sense in your environments.

Bulletin Identifier Bulletin Title Maximum Severity Affected Software Impact Restart Requirement
MS08-070 Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)

Critical

Microsoft Developer Tools and Software, Microsoft Office Remote Code Execution Requires Restart
MS08-071 Vulnerabilities in GDI Could Allow Remote Code Execution (956802) Critical Microsoft Windows Remote Code Execution Requires Restart
MS08-072 Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) Critical Microsoft Office Remote Code Execution May Require Restart
MS08-073 Cumulative Security Update for Internet Explorer (958215) Critical Microsoft Windows, Internet Explorer Remote Code Execution Requires Restart
MS08-074 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) Critical Microsoft Office Remote Code Execution May Require Restart
MS08-075 Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) Critical Microsoft Windows Remote Code Execution Requires Restart
MS08-076 Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) Important Microsoft Windows Remote Code Execution May Require Restart
MS08-077 Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) Important Microsoft Office, Microsoft Server Software Elevation of Privilege May Require Restart

Summaries for these new bulletins can be found here. More technical details of each bulletin can be found in the links in the table above.

Microsoft Windows Malicious Software Removal Tool

We are also releasing an updated version of the Windows Malicious Software Removal Tool on Windows Server Update Services, Windows Update and the download centre. This tool will not be distributed using Software Update Services. More details of this tool can be found here.

High-Priority Non-Security Updates
High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU) or Windows Server Update Services (WSUS) will be detailed in this KB Article.

Technorati Tags: Computer Security,Patching,Updates

Jeffa