CyTRAP Labs: security reminder - 2008-08-12 - Patch Tuesday - Microsoft
- Microsoft has released 11 security bulletins
6 of these bulletings are ranked critical - by Microsoft, which means ‘can result in remote code execution’ 5 are important (this summary focuses on the critical ones only) CVE-2008-0120, CVE-2008-0121, CVE-2008-1455, CVE-2008-2245, CVE-2008-2254, CVE-2008-2255, CVE-2008-2256, CVE-2008-2257, CVE-2008-2258, CVE-2008-2259, CVE-2008-2463, CVE-2008-3003 CVE-2008-3004, CVE-2008-3005, CVE-2008-3006, CVE-2008-3018, CVE-2008-3019, CVE-2008-3020, CVE-2008-3021,
CVE-2008-3460,
If you have Automatic Update activated for your PC, these patches will be downloaded automatically.Does your automatic update work properly?If you are not sure if it does, check below, otherwise by mid-day 2008-08-13 the downloads should be on your machine….
Remember, installing the downloads might necessitate a reboot. Just wait until you stop working once you shut down your machine that will suffice to get them installed.
This vulnerabilities exposes you to a risk that we rate as follows:
| CyTRAP Labs security risk barometer - 4 = critical |
||||
| low | elevated | moderately critical |
critical | severe |
| 1 | 2 | 3 | 4 | 5 |
| what Microsoft Patch Tuesday has in store for us this month | |
| operating system affected |
|
| affected software |
|
| risk | 6 security bulletins rated critical BY Microsoft (click on link - click on Login as guest - click on link again, access to free definition/explanations) were released …the risk rating given for these vulnerabilities by CyTRAP Labs is a 4 (four out of five levels) = CRITICAL - orange |
| how long did this vulnerability remain unpatched since it was publicly disclosed ==> zero-day alert | these vulnerabilities have been known for a while (several months), however, none were actively exploited. |
| patch prioritization - client side impact | users and administrators are urged to roll out this patch as soon as possible, once it has been verified that it does not break any internal applications. |
| where is the patch? | will be downloaded using Automatic Update, update is detected by the MBSA: CyTRAP Labs tip - using the Microsoft Baseline Security Analzyer called MBSA |
| what should one do? | If your Automatic Update is functioning properly, you are covered. CyTRAP Labs tip - how to make sure the latest security patch is installed |
| how can I check that I do have the latest version installed | find out more information how cou can check that this update is installed as well on your PC or server here: |
| not patching the vulnerability could cause what kind of damage to my PC? | could be exploited by attackers to execute arbitrary code on the user’s machine BETTER patch NOW |
| Once updated, what do you need to do? | These updates will require a restart for your PC. |
| Where can you get the overall summary Microsoft has issued? | full version of the Microsoft Security Bulletin Summary for August 2008 |
| where can one get details about each of the patches released on this month’s Microsoft Patch TuesdayWe list the critical ones only - there were 5 important ones as well | - Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954) - Microsoft Security Bulletin MS08-046 - CRITICAL- Cumulative Security Update for Internet Explorer (953838) Microsoft Security Bulletin MS08-045 - CRITICAL - Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617) Microsoft Security Bulletin MS08-041 - CRITICAL- Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066) Microsoft Security Bulletin MS08-043 - CRITICAL |
| release date from vendor | 2008-06-12 - Pacific Standard Time |
| why is this a reminder and not an alert? | security alert or reminder - that’s the question |
| did CASEScontact.org release an advisory about these vulnerabilities earlier? | No we did not issue a zero-day alert |
| CASEScontact.org release a zero-day advisory | NO we did not issue a zero-day advisory see also patched zero-day archive) |
| Common Vulnerabilities and Exposures (CVE) project has assigned the following numbers to these vulnerabilities that were patched by Microsoft | CVE-2008-0120, CVE-2008-0121, CVE-2008-1455, CVE-2008-2245, CVE-2008-2254,CVE-2008-2255, CVE-2008-2256, CVE-2008-2257, CVE-2008-2258, CVE-2008-2259, CVE-2008-2463, CVE-2008-3003 CVE-2008-3004, CVE-2008-3005, CVE-2008-3018, CVE-2008-3019, CVE-2008-3020, CVE-2008-3021, |
| Please make sure that your PC is patched - thank you. | |
| Also of interest: | |
| CyTRAP Labs: security reminder - 2008-04-08 - Patch Tuesday - Microsoft | CyTRAP Labs: security reminder - 2008-06-10 - Patch Tuesday - Microsoft |
| CyTRAP Labs: security reminder - 2008-07-08 - Patch Tuesday - Microsoft | why benchmark |
| Also of interest: | |
 InfoSec - follow us on Twitter |
sign up to our alerts about zero-day exploits and newsletters here |
 CASEScontact follow us on Twitter |
What is Twitter good for |
CVE 2008 0120, CVE 2008 0121, CVE 2008 1455, CVE 2008 2245, CVE 2008 2254, CVE 2008 2255, CVE 2008 2256, CVE 2008 2257, CVE 2008 2258, CVE 2008 2259, CVE 2008 2463, CVE 2008 3003 CVE 2008 3004, CVE 2008 3005, CVE 2008 3006, CVE 2008 3018, CVE 2008 3019, CVE 2008 3020, CVE 2008 3021, Microsoft Access, Microsoft Excel, Microsoft Internet Explorer, Microsoft Office, Microsoft Office 2000 Service Pack 2, Microsoft Office 2000 Service Pack 3, Microsoft Office Powerpoint, Microsoft Office Powerpoint Viewer, Microsoft Office XP Service Pack 3, patch Tuesday, remote code execution, security alert, security bulletin, security reminder, updates, Vulnerabilities, Windows Vista, windows vista x64, Windows XP, windows xp professional
