Smokey's Security Weblog

veritas odium parit

Microsoft Out-Of-Band Security Bulletin for December 18, 2008

Published: December 9, 2008 | Updated: December 18, 2008
Version 3.1

Bulletin Revisions

•V1.0 (December 9, 2008): Bulletin summary published.

•V2.0 (December 10, 2008): Corrected affected software for MS08-076 to list Windows Media Format Runtime 9.5 and Windows Media Format Runtime 11 as separate updates on Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2. Also removed erroneous references to Windows Media Format Runtime 11 x64 Edition on Windows XP Professional x64 Edition, Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 x64 Edition, and Windows Server 2003 x64 Edition Service Pack 2 for MS08-076.

•V3.0 (December 17, 2008): Added Microsoft Security Bulletin MS08-078, Security Update for Internet Explorer (960714). Also added the bulletin webcast links for this out-of-band security bulletin.

•V3.1 (December 18, 2008): For MS08-078, added unaffected server core notation for Windows Internet Explorer 7 in Windows Server 2008 for 32-bit Systems and in Windows Server 2008 for x64-based Systems.

Bulletin Summary: http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx

Critical (7)

Microsoft Security Bulletin MS08-071
Vulnerabilities in GDI Could Allow Remote Code Execution (956802)

Microsoft Security Bulletin MS08-075
Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)

Microsoft Security Bulletin MS08-073
Cumulative Security Update for Internet Explorer (958215)

Microsoft Security Bulletin MS08-078
Security Update for Internet Explorer (960714)

Microsoft Security Bulletin MS08-070
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)

Microsoft Security Bulletin MS08-072
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)

Microsoft Security Bulletin MS08-074
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)

Important (2)

Microsoft Security Bulletin MS08-077
Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)

Microsoft Security Bulletin MS08-076
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)

Other Information

Please note that Microsoft may release bulletins out side of this schedule if they determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

Disclaimer

The information provided in the Microsoft Knowledge Base is provided “as is” without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Advertisements

December 20, 2008 - Posted by | Advisories, Alerts, Downloads, Friends, Malware, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , , , , , , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: