August 2008 - Posts
If you haven't updated your Windows version yet, then it's time to do this now. You'll be busy for a few moments because on August 12th, Microsoft released no less than 11 updates/patches. Can be more depending on your configuration. Of the 11 patches 6 of them are classified as "critical" and 5 are "important".
Critical:
- MS08-046 - Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)
- MS08-045 - Cumulative Security Update for Internet Explorer (953838)
- MS08-041 - Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
- MS08-043 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
- MS08-051 - Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)
- MS08-044 - Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)
Important:
- MS08-047 - Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)
- MS08-049 - Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
- MS08-048 - Security Update for Outlook Express and Windows Mail (951066)
- MS08-050 - Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)
- MS08-042 - Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)
A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.
You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086.
Support:
See also MSRC blog: August 2008 Monthly Bulletin Release
No need to tell you what to do... move your mouse to: Microsoft Update to see if you have to get a few patches...
Happy Friday...
On August 12 Microsoft plans to release 12 security updates, which affect Microsoft Windows as well as Microsoft Office software. There will be 7 "critical" and 5 "important" updates.
Related links;
To receive automatic notifications subscribe to Microsoft Technical Security Notifications.
Not only the Olympic games have started, but also the malware games related to the Olympics. One of the latest is that if you receive an attachment named as: "ioc_guidelines_for_persons_accredited_at_the_xxix_olympiad.pdf" then delete this immediately. If you open it then it could execute a malicious JavaScript that exploits a patched Adobe Reader vulnerability. And it follows to install a backdoor detected as BackDoor-DMG.
McAfee has named this one: "Exploit-PDF.b"; for more detailed information about it check this article: Exploit-PDF.b.
Aliases:
If you do not have Adobe Reader version 9 installed, then you can download it from the Adobe Download. Unfortunately it comes with Adobe AIR, which you can uninstall through Windows "Add/Remove Programs". Also, during the installation process you might want to uncheck the option to install the Google toolbar.
Few days ago McAfee released a new version of their VirusScan Scan Engine. So far only for corporate versions like VSE8.0i and/or VSE8.5i.
You can download it from the McAfee Enterprise download site.