Microsoft Security Bulletin(s) for December 9 2008

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx

Critical (6 )

Microsoft Security Bulletin MS08-071 – Critical
Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
http://www.microsoft.com/technet/security/Bulletin/ms08-071.mspx

Microsoft Security Bulletin MS08-075 – Critical
Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)
http://www.microsoft.com/technet/security/Bulletin/ms08-075.mspx

Microsoft Security Bulletin MS08-073 - Critical
Cumulative Security Update for Internet Explorer (958215)
http://www.microsoft.com/technet/security/bulletin/ms08-073.mspx

Microsoft Security Bulletin MS08-070 - Critical
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
http://www.microsoft.com/technet/security/Bulletin/ms08-070.mspx

Microsoft Security Bulletin MS08-072 - Critical
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
http://www.microsoft.com/technet/security/bulletin/ms08-072.mspx

Microsoft Security Bulletin MS08-074 - Critical
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
http://www.microsoft.com/technet/security/bulletin/ms08-074.mspx

Important (2)

Microsoft Security Bulletin MS08-077 - Important
Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
http://www.microsoft.com/technet/security/bulletin/ms08-077.mspx

Microsoft Security Bulletin MS08-076 – Important
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update (http://www.windowsupdate.com/) and Office Update (http://office.microsoft.com/OfficeUpdate/) or Microsoft Update (http://update.microsoft.com/microsoftupdate) websites. You may also get the updates thru Automatic Updates (http://www.microsoft.com/athome/security/update/bulletins/automaticupdates.mspx) functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA (http://www.microsoft.com/technet/security/tools/mbsahome.mspx).

TechNet Webcast: Information About Microsoft December Security Bulletins (Level 200)
Event ID: 1032374647

Language(s): English.
Product(s): Security.
Audience(s): IT Professional.

Duration: 60 Minutes
Start Date: Wednesday, December 10, 2008 11:00 AM Pacific Time (US & Canada)

Event Overview

On December 9, 2008, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the December security bulletins. The intent of this webcast is to address your concerns. Therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from our security experts.

Presenters: Christopher Budd, Security Response Communications Lead, Microsoft Corporation and and Adrian Stone, Lead Security Program Manager, Microsoft Corporation



Register now for the December security bulletin webcast (http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032374647).

Malicious Software Removal Tool
Published: January 11, 2005 | Updated: December 9, 2008

New Additions
We have added detection and cleaning capabilities for the following malicious software:

• FakeXPA
http://www.microsoft.com/security/portal/Entry.aspx?name=Trojan%3aWin32%2fFakeXPA

• Yektel
http://www.microsoft.com/security/portal/Entry.aspx?name=Trojan%3aWin32%2fYektel.A

Microsoft Security Advisory (960906)
Vulnerability in WordPad Text Converter Could Allow Remote Code Execution
Published: December 9, 2008

Microsoft is investigating new reports of a vulnerability in the WordPad Text Converter for Word 97 files on Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Windows XP Service Pack 3, Windows Vista, and Windows Server 2008 are not affected as these operating systems do not contain the vulnerable code.

Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. Additionally, as the issue has not been publicly disclosed broadly, we believe the risk at this time to be limited.

We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.

Customers who believe that they have been attacked can obtain security support at Get security support and should contact the national law enforcement agency in their country. Customers in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at Internet Crime Complaint Center.

Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.

Mitigating Factors:

• This issue does not affect Windows XP Service Pack 3, Windows Vista, and Windows Server 2008.

• An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

• The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message.

• When Microsoft Office Word is installed, Word 97 documents are by default opened using Microsoft Office Word, which is not affected by this vulnerability. However, an attacker could rename a malicious file to have a Windows Write (.wri) extension, which would still invoke WordPad. This file type can be blocked at the Internet perimeter.
http://www.microsoft.com/technet/security/advisory/960906.mspx

Microsoft Security Bulletin MS08-052 – Critical
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
Published: September 9, 2008 | Updated: December 9, 2008

Revisions
• V1.0 (September 9, 2008 Bulletin published.

• V2.0 (September 12, 2008 Bulletin updated to add Microsoft Office Project 2002 Service Pack 2, all Office Viewer software for Microsoft Office 2003, and all Office Viewer software for 2007 Microsoft Office System as Affected Software. Details for this bulletin revision are provided in the "Why was this bulletin revised on September 12, 2008?" entry in the Frequently Asked Questions (FAQ) Related to this Security Update section.

• V2.1 (September 17, 2008 Changed references to Microsoft Office Project 2002 Service Pack 2 as affected software to Microsoft Office Project 2002 Service Pack 1. This is a name change only. There were no changes to the binaries or detection.

• V2.2 (October 29, 2008 Added an FAQ entry concerning a printing issue with Microsoft SQL Server 2005 Reporting Services and removed Visio Viewer from Affected Software, including other minor changes. For more details, please see the entry in the Frequently Asked Questions (FAQ) Related to this Security Update section.

• V3.0 (December 9, 2008 Added Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1, Microsoft Expression Web and Microsoft Expression Web 2, and Microsoft Office Groove 2007 and Microsoft Office Groove 2007 Service Pack 1 as Affected Software. Also detailed a detection change for Microsoft SQL Server 2005 Service Pack 2 in the "Why was this bulletin revised on December 9, 2008?" entry in the Frequently Asked Questions (FAQ) Related to this Security Update section.

http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx

December 2008 Security Release ISO Image
Brief Description
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on December 9th, 2008.

http://www.microsoft.com/downloads/details.aspx?FamilyID=a72bf06d-d755-445c-adc5-3b9561406aa4&DisplayLang=en

Hi this is Christopher Budd,
-{ Quote: "I wanted to give you a quick update on a couple of new things today related to Microsoft Security Advisory 961051.http://www.microsoft.com/technet/security/advisory/961051.mspx
We’ve made another revision to the advisory today. Our research teams are working around the clock to help identify better, more effective workarounds to give customers more options to evaluate and we’ve updated the advisory with the latest information from their research.
We’ve also posted some additional details and information on the Security Vulnerability Research and Defense blog.http://blogs.technet.com/swi/
This includes a Vista-specific workaround as well as additional information to help your analysis of the different workaround options.
Based on customer questions, we’ve made changes in the advisory to help make clearer that each of the multiple workarounds outlined provides effective protections against the known attacks. Applying any one of these workarounds by themselves effective, however, we are providing multiple workarounds in the advisory to give you as many options to evaluate for your organization as possible.
That said, the recommendation that we made yesterday still holds: evaluate applying a combination of workarounds that both sets the Internet Explorer security settings to High and blocks access to OLEDB32.dll. We have outlined three different options for blocking access to OLEDB32.dll: any one of them is sufficient to use in combination with setting the Internet Explorer security settings to High to provide protections. Our research has shown that this combination provides the most effective protections against the current attacks and possible future attacks.
Our work continues around developing a security update as well as our ongoing monitoring of the threat environment. Our teams are continuing their research into workarounds and as we confirm new information, we will continue to post updates in the security advisory or the MSRC weblogs.
Christopher" }-

Microsoft Security Bulletin MS08-070 - Critical
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
Published: December 9, 2008 | Updated: December 15, 2008

Revisions
• V1.0 (December 9, 2008 Bulletin published.

• V1.1 (December 15, 2008 Added an entry in the section, Frequently asked questions (FAQ) related to this security update, announcing that Microsoft has released a cumulative update for Microsoft Visual Basic 6.0 Service Pack 6 (KB957924) that includes the update for Microsoft Visual Basic 6.0 Runtime Extended Files (KB926857) provided in this bulletin. This is an informational change only. There were no changes to the security update binaries in this bulletin

http://www.microsoft.com/technet/security/bulletin/ms08-070.mspx

-{ Quote: "Hi this is Christopher Budd," }-
Microsoft Security Advisory (961051)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: December 10, 2008 | Updated: December 15, 2008

Revisions:

• December 10, 2008: Advisory published

• December 11, 2008: Revised to include Microsoft Internet Explorer 5.01 Service Pack 4, Internet Explorer 6 Service Pack 1, Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 as potentially vulnerable software. Also added more workarounds.

• December 12, 2008: Revised to correct operating systems that support Windows Internet Explorer 8 Beta 2. Also added more workarounds and a reference to Microsoft Security Advisory (954462).

• December 13, 2008: Revised to add the workaround, Disable XML Island functionality. Also, in a FAQ entry, clarified the list of recommended workarounds and added the blog post URL for recommended workarounds.

• December 15, 2008: Updated the workarounds, Disable XML Island functionality and Disable Row Position functionality of OLEDB32.dll.

http://www.microsoft.com/technet/security/advisory/961051.mspx

Microsoft Out-Of-Band Security Bulletin(s) for December 17, 2008
Microsoft Security Bulletin(s) for December 17, 2008

Published: December 9, 2008 | Updated: December 17, 2008

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s) out of band critacal update

Microsoft Security Bulletin MS08-078 - Critical
Security Update for Internet Explorer (960714)
Published: December 17, 2008

Version: 1.0

General Information
Executive Summary
This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, and Internet Explorer 7. For information about Internet Explorer 8 Beta 2, please see the section, Frequently Asked Questions (FAQ) Related to This Security Update. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by modifying the way Internet Explorer validates data binding parameters and handles the error resulting in the exploitable condition. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection under the next section, Vulnerability Information.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 961051
http://www.microsoft.com/technet/security/advisory/961051.mspx

http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx


Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB960714)
http://www.microsoft.com/downloads/details.aspx?FamilyID=69979d92-8d45-47fe-ac4c-c2f1f23cf1fb&DisplayLang=en

TechNet Webcast: Information About Microsoft December Out-of-Band Security Bulletin
Event ID: 1032399448


Language(s): English.
Product(s): Security.
Audience(s): IT Professional.


Duration: 60 Minutes
Start Date: Wednesday, December 17, 2008 1:00 PM Pacific Time (US & Canada)



Event Overview

On December 17, 2008, Microsoft will release an out-of-band security bulletin. Join us for a brief overview of the technical details of the security bulletin. The intent of this webcast is to address your concerns. Therefore, most of the webcast is devoted to attendees asking questions about the bulletin and getting answers from our security experts.

Presenters: Christopher Budd, Security Response Communications Lead, Microsoft Corporation, and Adrian Stone, Lead Security Program Manager, Microsoft Corporation


Register Online
Owing to the importance of this update 2 special webcast's will be broadcast so do please register if you wish to get involved. For December the 17th 1:00 PM Pacific Time web cast you can register here
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032399448&EventCategory=4&culture=en-US&CountryCode=US

And for Thursday the 18th webcast registration can be found here
Start Date: Thursday, December 18, 2008 11:00 AM Pacific Time (US & Canada)
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032399449&EventCategory=4&culture=en-US&CountryCode=US

Tuesday 12/23 Update: Microsoft Security Advisory 961040
-{ Quote: "Hello, Bill here,

I want to provide you with a quick update regarding our recently released security advisory.

In the advisory we provide a workaround to help customers protect themselves from attackers trying to exploit this vulnerability. Customers have told us that it’s helpful when we provide information and guidance on how to automate the deployment of workarounds, so we have taken this a step further and worked with the SQL Engineering Team to providing Enterprise and Business Users a script that applies the workaround on all running instances of SQL Server on the local computer. Essentially, the script iterates through the running instances of SQL Server and denies execute permissions on sp_replwritetovarbin to “public” on all the affected versions. You can find additional information on this script and how to use it in Knowledge Base Article 961040.
http://support.microsoft.com/kb/961040

I also want to bring to your attention an entry that was posted yesterday, and updated today, at the Security Vulnerability Research & Defense blog. The blog covers a number of technical details related to this vulnerability to help customers better understand the risks, mitigations, and attack surface of the vulnerability and how attackers might use it.

Lastly, I wanted to note that we are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers.

Bill Sisk" }-

http://blogs.technet.com/swi/