Microsoft Security Bulletin

December 18, 2008 at 7:07 pm

I try not to take up your time by posting for the sake of posting to this blog – but this is something you should be considering! Local, national and international media interest adds clout to the importance of this update.
Hope its helpful.
Regards
JIM
Abstract

Please find below a level 3 critical product vulnerability alert email, the 17thDecember Microsoft Security Bulletin Release from the Microsoft CSS Security Team.

—————————————————————————

Background

What is the purpose of this alert?

 

This alert is to provide you with an overview of the new security bulletin being released (out-of-band) on December 17, 2008. Microsoft has released security bulletin MS08-078, Security Update for Internet Explorer (960714), to address a vulnerability in all currently supported versions of Internet Explorer . This security update was released outside of the usual monthly security bulletin release cycle in an effort to protect customers.

—————————————————————————

Executive Summary

This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by modifying the way Internet Explorer validates data binding parameters and handles the error resulting in the exploitable condition.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 961051.

—————————————————————————

Recommendations

 

Microsoft recommends customers prepare their systems and networks to apply this security bulletin immediately once released to help ensure that their computers are protected from attempted criminal attacks. For more information about security updates, visit http://www.microsoft.com/protect.

—————————————————————————

New Security Bulletin Technical Details

 

Identifier

MS08-078

Severity Rating

This security update is rated Critical for Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 SP1,  and Internet Explorer 7.

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Affected Software

Internet Explorer 5.01 (Windows 2000), Internet Explorer 6 (Windows 2000), Internet Explorer 6 SP1 (Windows XP and Windows Server 2003), and Internet Explorer 7 (Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008).  For information about Internet Explorer 8 (Beta) please see the FAQ section of the bulletin.

Restart Requirement

The update will require a restart only if the required files are being used.  If this occurs, a message appears that advises you to restart.

Removal Information

·         For Windows 2000, Windows XP, Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility

·         For Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.

Bulletins Replaced by This Update

None.

Full Details:

http://www.microsoft.com/technet/security/bulletin/MS08-078.mspx

 

Public Bulletin Webcast

 

Microsoft will host two Webcasts to address customer questions on this Out-of-Band bulletin:

 

Title: Information About Microsoft December Out-of-Band Security Bulletin
Date: Wednesday, December 17, 2008 1:00 P.M. Pacific Time (U.S. & Canada)
URL:
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399448&Culture=en-US 

Title: Information About Microsoft December Out-of-Band Security Bulletin #2
Date: Thursday, December 18, 2008 11:00 A.M. Pacific Time (U.S. & Canada)
URL: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399449&Culture=en-US

 

Regarding Information Consistency

 

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.

 

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

 

Thank you,

 

Microsoft CSS Security Team

Advertisements

Entry filed under: expression web.

Expression web and asp.net controls. ASPX links not working?


Calendar

December 2008
M T W T F S S
« May   May »
1234567
891011121314
15161718192021
22232425262728
293031  

Most Recent Posts


%d bloggers like this: