Security 10809 Published by

Microsoft published the Microsoft Security Bulletin Summary for September 2008:



1) Bulletin Identifier
Microsoft Security Bulletin MS08-054


Bulletin Title
Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)

Executive Summary
This security update resolves a privately reported vulnerability in Windows Media Player that could allow remote code execution when a specially crafted audio file is streamed from a Windows Media server. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating
Critical

Impact of Vulnerability
Remote Code Execution

Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update does not require a restart.

Affected Software
Microsoft Windows. For more information, see the Affected Software and Download Locations section.

2) Bulletin Identifier
Microsoft Security Bulletin MS08-052


Bulletin Title
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)

Executive Summary
This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating

Critical
Impact of Vulnerability

Remote Code Execution
Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.

Affected Software
Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, Visual Studio. For more information, see the Affected Software and Download Locations section.

3) Bulletin Identifier
Microsoft Security Bulletin MS08-053


Bulletin Title
Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)

Executive Summary
This security update resolves a privately reported vulnerability in Windows Media Encoder 9 Series. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating
Critical

Impact of Vulnerability
Remote Code Execution

Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.

Affected Software
Microsoft Windows. For more information, see the Affected Software and Download Locations section.

4) Bulletin Identifier
Microsoft Security Bulletin MS08-055


Bulletin Title
Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)

Executive Summary
This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating
Critical

Impact of Vulnerability
Remote Code Execution

Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. Mostly, the update does not require a restart.
Affected Software

Microsoft Office. For more information, see the Affected Software and Download Locations section.