US-CERT Technical Cyber Security Alert TA08-316A -- Microsoft Updates for Multiple Vulnerabilities

0 views
Skip to first unread message

US-CERT

unread,
Nov 11, 2008, 4:48:02 PM11/11/08
to

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA08-316A


Microsoft Updates for Multiple Vulnerabilities

Original release date: November 11, 2008
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows
* Microsoft Office XP, 2003, and 2007
* Microsoft XML Core Services


Overview

Microsoft has released updates that address vulnerabilities in Microsoft
Windows, Microsoft Office, and Microsoft XML Core Services.


I. Description

As part of the Microsoft Security Bulletin Summary for November 2008,
Microsoft released updates to address vulnerabilities that affect Microsoft
Windows, Microsoft Office, and Microsoft XML Core Services. The most severe
vulnerabilities could allow a remote, unauthenticated attacker to execute
arbitrary code.


II. Impact

A remote, unauthenticated attacker could execute arbitrary code or cause a
vulnerable application to crash.


III. Solution

Apply updates from Microsoft
Microsoft has provided updates for these vulnerabilities in the Microsoft
Security Bulletin Summary for November 2008. The security bulletin describes
any known issues related to the updates. Administrators are encouraged to
note these issues and test for any potentially adverse effects.
Administrators should consider using an automated update distribution system
such as Windows Server Update Services (WSUS).


IV. References

* Microsoft Security Bulletin Summary for November 2008 -
<http://www.microsoft.com/technet/security/bulletin/ms08-nov.mspx>

* Microsoft Update - <https://www.update.microsoft.com/microsoftupdate/>

* Windows Server Update Services -
<http://www.microsoft.com/windowsserversystem/updateservices/default.mspx>

_________________________________________________________________

Feedback can be directed to US-CERT.
_________________________________________________________________

Produced 2008 by US-CERT, a government organization. Terms of use
Revision History

November 11, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSRn7pXIHljM+H4irAQLn6Qf8CUJFNrMMKALPzPyFx66QKkFtrpkdLoKV
C4hZwsQ1LTQNSo845PdtQl9WQHL2Gpw49iq3Yn8cfCp0XO457Xk58BoLKCBAuPNi
9AJJN8C94VSV1O1YpikUGSLIY+D58kZRsmqAaShy+lc1H4whqGeJk5U3HCEMMneY
csnhefV30rdEVFIByghQZu11jq0XbDUGPTVaz9+5Jv6Hi0cthICteHa6jSsGiHbO
2FmXtrvUIKkK8IuSFnc6YkI+/ahKOnXjVswAO5SODXWH/Gzh2tPw8JQkc77ke1ZD
FSREn2lWHF6i7VfrcTxm1COMG5PiZF1dXPDAGt5FOI5qCU/VO+hWsw==
=QrVj
-----END PGP SIGNATURE-----

Reply all
Reply to author
Forward
0 new messages