Dec 2008: Microsoft Security Bulletin: MS08-078

As predicted in the regular monthly Security Bulletins summary earlier this month, Microsoft has issued a supplemental update just for Internet Explorer. The good news is that the additional Security Bulletin still leaves the total for 2008 between 70 and 80 so it doesn’t impact the winners of last year’s poll.

For the second time in three months, a critical flaw required urgent patching. Internet Explorer has been impacted by a zero-day exploit circulating in the wild which could download malicious Trojans to vulnerable systems.

This is what Microsoft Security Bulletin MS08-078 has to say about the update:

This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.This security update is rated Critical for Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, and Internet Explorer 7. For information about Internet Explorer 8 Beta 2, please see the section, Frequently Asked Questions (FAQ) Related to This Security Update. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by modifying the way Internet Explorer validates data binding parameters and handles the error resulting in the exploitable condition. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection under the next section, Vulnerability Information.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 961051.

It is important to note that this update for Internet Explorer is not cumulative. You should first apply the most recent cumulative update (MS08-073) before applying this update.

Take a look at the Security Bulletin and follow the link to get the necessary patches to protect your system from exploits targeted at this vulnerability.

Microsoft Security Bulletin MS08-078
Security Update for Internet Explorer
Microsoft Criticality: Critical

Tags: 2008 by Tony Bradley
Comments Off

December 2008

To view a summary of the December 2008 bulletins, visit Microsoft Security Bulletin Summary for December, 2008. Click the links below to view the individual Microsoft Security Bulletins and to download any patches that might be required for your system. You can also visit Windows Update to automatically determine what patches or updates your system needs.

1. MS08-070

Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution
Criticality: Critical

2. MS08-071

Vulnerabilities in GDI Could Allow Remote Code Execution
Criticality: Critical

3. MS08-072

Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution
Criticality: Critical

4. MS08-073

Cumulative Security Update for Internet Explorer
Criticality: Critical

5. MS08-074

Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution
Criticality: Critical

6. MS08-075

Vulnerabilities in Windows Search Could Allow Remote Code Execution
Criticality: Critical

7. MS08-076

Vulnerabilities in Windows Media Components Could Allow Remote Code Execution
Criticality: Important

8. MS08-077

Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege
Criticality: Important

Tags: 2008 by Tony Bradley
Comments Off