No content since 2004
Feel free to donate
Chris @ MyITforum
Subscribe in a reader
Subscribe to Chris Mosby at myITforum.com by Email
The security bulletins for this month are as follows, in order of severity:
Bulletin Title
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
Executive Summary
This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. The vulnerability could be exploited through attacks on Microsoft XML Core Services. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating
Critical
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will require a restart.
Affected Software
Windows, XML Core Services. For more information, see the Affected Software and Download Locations section.
Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)
This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page. The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. This update will require a restart.
Windows, Visual Basic, Office for Mac. For more information, see the Affected Software and Download Locations section.
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)
This security update resolves a privately reported vulnerability in addition to other security issues identified during the course of the investigation. These vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will not require a restart.
Office. For more information, see the Affected Software and Download Locations section.
Cumulative Security Update for Internet Explorer (937143)
This critical security update resolves three privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Windows, Internet Explorer. For more information, see the Affected Software and Download Locations section.
Vulnerability in GDI Could Allow Remote Code Execution (938829)
This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in the Graphics Rendering Engine in the way that it handles specially crafted images. An attacker could exploit the vulnerability by constructing a specially crafted image that could potentially allow remote code execution if a user opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Windows. For more information, see the Affected Software and Download Locations section.
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)
This security update resolves a privately reported vulnerability in the Vector Markup Language (VML) implementation in Windows. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerability in Windows Media Player Could Allow Remote Code Execution (936782)
This important security update resolves two privately reported vulnerabilities. These vulnerabilities could allow code execution if a user viewed a specially crafted file in Windows Media Player. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Important
Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)
This important security update resolves two privately reported vulnerabilities in addition to other vulnerabilities identified during the course of the investigation. These vulnerabilities could allow an anonymous remote attacker to run code with the privileges of the logged on user. If a user subscribed to a malicious RSS feed in the Feed Headlines Gadget or added a malicious contacts file in the Contacts Gadget or a user clicked on a malicious link in the Weather Gadget an attacker could potentially run code on the system. In all attack vectors, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Windows Vista. For more information, see the Affected Software and Download Locations section.
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
This important security update resolves one privately reported vulnerability. This is an elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating systems. Only guest operating system users who are granted administrative permissions to the guest operating system would be able to exploit this vulnerability. Guest operating system users not granted administrative permissions to the guest operating system would be unable to exploit this vulnerability.
Elevation of Privilege
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update does not require a restart.
Virtual PC, Virtual Server. For more information, see the Affected Software and Download Locations section.
No Comments