December 2008 Monthly Bulletin Release


Hi,


This is Christopher Budd. I wanted to let you know that we’ve just released our security bulletins for December. The new bulletins for this month are:


·        MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) which is rated “Critical”


·        MS08-071: Vulnerabilities in GDI Could Allow Remote Code Execution (956802) which is rated “Critical”


·        MS08-072: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) which is rated “Critical”


·        MS08-073: Cumulative Security Update for Internet Explorer (958215) which is rated “Critical”


·        MS08-074: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) which is rated “Critical”


·        MS08-075: Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) which is rated “Critical”


·        MS08-076: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) which is rated “Important”


·        MS08-077: Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) which is rated “Important”


In addition, today we’ve published Microsoft Security Advisory 960906 regarding new reports of a vulnerability in the Wordpad Converter for Word 97 files affecting Windows 2000 SP4, Windows XP SP2 and Windows Server 2003 SP1 and SP2. We are aware of very limited and targeted attacks seeking to exploit this vulnerability. The advisory details workarounds that you can evaluate while we develop a security update for this issue.


As we do each month, our colleagues over at the Security Vulnerability Research and Defense blog have more information and details on today’s security updates including MS08-076 that addresses a vulnerability similar to what we addressed with MS08-068. In my posting last month about MS08-068 I noted how we’ve been doing a lot of work to address the difficult issues around the SMBRelay attack. This new bulletin is borne out of that same ongoing effort andthat work is still going on: there are other related issues we’re still working on. You can expect to see more updates in the future out of this ongoing project.


This month the Windows Malicious Software Removal Tool is adding detection for two new families: Win32/FakeXPA and Win32/Yektel. Our colleagues over at the Microsoft Malware Protection Center (MMPC) have posted information on these new families on their blog.


Finally, please join us tomorrow for our monthly TechNet webcast where we review this month’s security bulletins and, most importantly, answer your questions about this month’s release. You can register for the webcast here.


Thanks.


Christopher


*This posting is provided “AS IS” with no warranties, and confers no rights*


Comments (6)

  1. Anonymous says:

    Voici les 8 bulletins publiés ce 9 décembre. Synthèse en français Synthèse en

  2. Anonymous says:

    Looks like the December 2008 Monthly Bulletins are out and the new ones include: MS08-070 : Vulnerabilities

  3. Anonymous says:

    Looks like the December 2008 monthly security bulletins are out and the new ones include: MS08-070 :

  4. Anonymous says:

    • December 2008 Monthly Bulletin Release – Patch Tuesday brings a whopping 28 security fixes from Microsoft, 23 of them critical, in a total of eight patches. • Vint Cerf’s Twitter account hacked, suspended for spam – Even the Father…

  5. Anonymous says:

    This week’s Patch Tuesday dump of security-related fixes for Microsoft’s products covered a whopping 28 vulnerabilities, 23 of them critical, packed into eight updates. But even if you diligently downloaded and installed the code intended for your flavor

  6. Anonymous says:

    Aggiornato il 18/12/2008 ore 12:00 Dicembre 2008 17 dicembre: rilascio straordinario (OOB) bollettino