Well yesterday saw Microsoft release their month batch of security updates. We have Eleven patches and one security advisory for the day.

 

For this months update we have Four Critically rated vulnerabilities, Six rated as Important and one rated as Moderate. The first of our critically rated issues is MS08-059, this is probably the most serious of the issues released yesterday. The issue is a vulnerability in Host Integration Server SNA RPC Service that could allow remote code execution. An attacker could exploit the vulnerability by constructing a specially crafted RPC request. This issue is listed as CVE-2008-3466. It affects Microsoft Host Integration Server 2000 through 2006 for both 32-bit and 64-bit platforms.

Next up we have MS08-060, this issue is a vulnerability in Microsoft Active Directory that could allow remote code execution. This issue only affects Windows 2000 Server installations of Active Directory and is as a result of a memory corruption vulnerability when handling an LDAP or LDAPS request. Successful exploitation could allow an attacker to take control of an affected system and potentially the Domain associated with the Active Directory installation.

Next we have MS08-058, here we have an update for Internet Explorer that corrects Six seperate issues within Internet Explorer releases. The issues addressed affect all Internet Explorer releases from IE 5.01 to IE 7. The issues identified in this patch are:

CVE-2008-3472 has a public exploit available as well as one for CVE-2008-3473, CVE-2008-2947.

The last of our critically rated issues is MS08-057, this patch affects all releases of Microsoft Excel and addresses three different issues, all of which seem to be file or object parsing issues that could result in code execution. The issues identified in this patch include:

Of the Important rated security issues the following would be ones to look at ensuring that the patches are installed based real risk, would be MS08-063 and MS08-065. 

MS08-063 is a remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol handles specially crafted file names. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Although Microsoft rate this as Important because in their view the default configuration of a disk share requires authentication, this however is in the real world not always the case. This issue should really be rated critical as in many environments this could be used for privilege escalation for existing users, or be exploited by those with anonymous access. This issue has been given the CVE of CVE-2008-4038 and affects ALL versions of the Windows platform.

Then we have MS08-065, this is another RPC issue this time within the Message Queuing Service in Windows 2000 SP4. The issue is a heap overflow that could be exploited by an attacker to gain SYSTEM level control of an affected system. Microsoft deem this one Important as the Message Queuing Service is not installed by default, if you have this service enabled on Windows 2000 then you really need to consider this issue Critical.

As per usual the recommendation is to install ALL the fixes released by Microsoft, do not cherry pick the ones just rated as Critical, install everything to ensure that you are protected against all the threats created by these vulnerabilities. For the full update on the fixes released by Microsoft you can see the full list of bulletins here.