No content since 2004
Feel free to donate
Chris @ MyITforum
Subscribe in a reader
Subscribe to Chris Mosby at myITforum.com by Email
How do I use this table?
Use this table to learn about the likelihood of functioning exploit code to be released for each of the security updates that you may need to install. You should review each of the assessments below, in accordance with your specific configuration, in order to prioritize your deployment. For more information about what these ratings mean, and how they are determined, please see Microsoft Exploit Index.
MS08-056
Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
CVE-2008-4020
2 - Inconsistent exploit code likely
Functioning exploit code could be created. However, the severity impact is limited as the vulnerability allows spoofing in a dialog in specific Web application scenarios only. As a result, this may get little attention from attackers.
MS08-057
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
CVE-2008-4019
1 - Consistent exploit code likely
CVE-2008-3471
CVE-2008-3477
MS08-058
Cumulative Security Update for Internet Explorer (956390)
CVE-2008-2947
(Public at bulletin release)
CVE-2008-3472
CVE-2008-3473
CVE-2008-3475
CVE-2008-3474
3 - Functioning exploit code unlikely
CVE-2008-3476
MS08-059
Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
CVE-2008-3466
While only specific types of enterprise customers would likely install Host Integration Server, functioning exploit code is likely to be created.
MS08-060
Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
CVE-2008-4023
Triggering the vulnerability to cause a denial of service condition is likely. However, creating functioning exploit code to leverage remote code execution is difficult due to not being able to control a needed write address.
MS08-061
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
CVE-2008-2250
CVE-2008-2252
Functioning exploit is most likely to be created for multiprocessor systems.
CVE-2008-2251
Triggering the vulnerability may be possible, but successful, functioning exploit code is very difficult to create.
MS08-062
Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
CVE-2008-1446
Consistent exploit code has been discovered in limited, targeted attacks. While the Internet Printing Protocol (IPP) service is enabled by default, access to this service using IIS also requires authentication by default on all platforms.
MS08-063
Vulnerability in SMB Could Allow Remote Code Execution (957095)
CVE-2008-4038
MS08-064
Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
CVE-2008-4036
MS08-065
Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)
CVE-2008-3479
While information disclosure might be possible, obtaining useful content from memory is not always possible. The memory corruption issue can be triggered, but remote code execution is difficult to gain.
MS08-066
Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
CVE-2008-3464
No Comments