The new set of updates released by Microsoft during its
Patch Tuesday managed to fix a series of critical vulnerabilities. Out of the
total of 26 patches, six are tagged as critical and another five as important.
All six critical vulnerabilities are linked to severe risks for
Excel, Internet Explorer, Access and Microsoft Office.
The first, MS08-041, also called "Vulnerability in the
ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote
Code Execution (955617)," affects Snapshot Viewer for Microsoft Access, Microsoft
Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access
2003.
MS08-042, titled "Vulnerability in Microsoft Word Could
Allow Remote Code Execution (955048)," targets Microsoft Word 2002 and
Microsoft Word 2003, and could allow attackers to take complete control of a
system, installing programs and changing or deleting data.
MS08-043, titled "Vulnerabilities in Microsoft Excel
Could Allow Remote Code Execution (954066)," affects a significant number
of programs and applications, including Microsoft’s Office Excel 2000 Service Pack
3, PowerPoint 2007 File Formats Service Pack 1, Microsoft Office SharePoint
Server 2007, Excel Viewer 2003 Service Pack 3, Excel 2007 Service Pack 1 and Microsoft
Office Compatibility Pack for Word.
MS08-044, called "Vulnerabilities in Microsoft Office
Filters Could Allow Remote Code Execution (924090)," affects Microsoft
Office 2000 and is also linked to other releases such as Microsoft Office 2003
Service Pack 2, Microsoft Office Converter Pack and Microsoft Works 8.
MS08-045, "Cumulative Security Update for Internet
Explorer (953838)," affects all supported versions of Internet Explorer.
MS08-046, "Vulnerability in Microsoft Windows Image
Color Management System Could Allow Remote Code Execution (952954),"
affects Windows XP, Windows Server 2003 and Microsoft Windows 2000. The company
explained that an attacker exploiting this vulnerability could easily take
control of a system, permitting any sort of action.
Besides these critical vulnerabilities, there are also the
five tagged as important. The first, MS08-047, titled "Vulnerability in
IPsec Policy Processing Could Allow Information Disclosure (953733),"
targets all versions of Windows Vista and Windows Server 2008. Microsoft
explained that this vulnerability cannot be used to directly execute codes, but
it can help with collecting the information needed to compromise a system.
MS08-048, "Security Update for Outlook Express and
Windows Mail (951066)," affects Windows XP and Windows Vista but it can
also be linked to Windows Server 2003 and Windows Server 2008.
MS08-049, "Vulnerabilities in Event System Could Allow
Remote Code Execution (950974)," affects Windows Server 2008, Windows XP,
Windows Server 2003 and Windows 2000. It can be used to take control of a
system and install programs, view or delete data and take any wanted action,
under full administrative rights.
MS08-050, "Vulnerability in VBScript and JScript
Scripting Engines Could Allow Remote Code Execution (944338)," affects Windows
Messenger 4.7 and Windows Messenger 5.1 and it also addresses all supported editions
of Microsoft Windows 2000 and Windows XP, allowing access to the user’s contacts,
also allowing audio and video chats without the users permission, in other
words, the attacker could easily impersonate the targeted user.
MS08-051, "Vulnerabilities in Microsoft PowerPoint
Could Allow Remote Code Execution (949785)," targets Microsoft Office
PowerPoint 2000 and allows just as many of the vulnerabilities listed above the
complete access to a user’s system.
