Bounteous October patch day at Microsoft
This October's Microsoft patch day has given administrators plenty to be getting on with. As previously announced, Microsoft has released a total of eleven security bulletins. Microsoft classifies four of the patch packages as critical. Excel executes malicious code in Excel documents (MS08-057) – the vulnerable code is also found in SharePoint Server 2007. Windows 2000 domain controllers and the Host Integration Server can be infected with arbitrary malicious code via LDAP queries (MS08-060) and crafted RPC packets (MS08-059) respectively.
Internet Explorer 5.01, 6 and 7 are again accorded a wide-ranging cumulative update which is classed as critical (MS08-058). The vulnerabilities fixed include various cross-domain vulnerabilities, but most of the fixed vulnerabilities were exploited by attackers to inject malicious code onto and gain control of users' computers when they visit a crafted web page. Some of the bugs can lead to disclosure of confidential information.
A vulnerability in MS Office which results in the software package disclosing user information or executing script actions on web pages when the user clicks on crafted CDO links is classed as "moderate" (MS08-056). Microsoft categorises the remainder of the bulletins as "important". Three vulnerabilities in the Windows kernel of all versions of Windows (MS08-061), one vulnerability in the Ancillary Function Driver (AFD) in Windows XP and Server 2003 (MS08-066) and Virtual Address Descriptor manipulation (MS08-064) can all be locally exploited to obtain elevated access privileges.
Bugs in the internet printing service in all Windows versions except Vista (MS08-062), in the SMB networking protocol (MS08-063) and in message queuing (MS08-065) can all also be exploited for remote execution of malicious code, but are classed as "important" only. Microsoft has made the patches available via the usual update mechanisms.
- Microsoft Security Bulletin Summary for October 2008
- MS08-056 (Moderate): Vulnerability in Microsoft Office Could Allow Information Disclosure
- MS08-057 (Critical): Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
- MS08-058 (Critical): Cumulative Security Update for Internet Explorer
- MS08-059 (Critical): Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution
- MS08-060 (Critical): Vulnerability in Active Directory Could Allow Remote Code Execution
- MS08-061 (Important): Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
- MS08-062 (Important): Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution
- MS08-063 (Important): Vulnerability in SMB Could Allow Remote Code Execution
- MS08-064 (Important): Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege
- MS08-065 (Important): Vulnerability in Message Queuing Could Allow Remote Code Execution
- MS08-066 (Important): Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege