Critical Product Vulnerability - November 2008 Microsoft Security Bulletin Release

[Dr.Melzer 191]

Gestern Abend wurden die Microsoft Security Bulletins für November 2008 veröffentlicht. Die Veröffentlichung der Bulletins ersetzt die Bulletin Advance Notification, die erstmalig am 04.09.08 veröffentlicht wurde.

 

Weitere Infos findet Ihr unten und auch online auf: Microsoft Security Bulletin Summary für November 2008 (dt.)

 

Am Mittwoch, den 12. November 2008 um 20:00 Uhr (MEZ) führt Microsoft einen englischsprachigen Webcast durch, um Kundenfragen zu diesen Bulletins zu beantworten. Registriert Euch jetzt für das Security Bulletin-Webcast im November. Im Anschluss steht dieser Webcast auf Anfrage zur Verfügung. Weitere Informationen dazu findet Ihr unter Microsoft Security Bulletin Zusammenfassungen und Webcasts.

[Dr.Melzer 191]

What is the purpose of this alert?

This alert provides you with an overview of the new security bulletins being released on November 11, 2008. Security bulletins are released monthly to resolve critical problem vulnerabilities.

 

New Security Bulletins:

Microsoft is releasing the following two new security bulletins for newly discovered vulnerabilities:

 

Bulletin Number Maximum Severity Affected Products Impact

MS08-068 Important Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. Remote Code Execution

MS08-069 Critical Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008. Microsoft Office 2003, Word Viewer 2003, 2007 Office System, Compatibility Pack for Office 2007 File Formats, Expression Web, Office SharePoint Server 2007, and Office Groove Server 2007. Remote Code Execution

 

Summaries for these new bulletins may be found at the following pages:

Microsoft Security Bulletin Summary for November 2008.

 

Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here: The Microsoft Windows Malicious Software Removal Tool helps remove specific prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows XP, or Windows 2000.

 

High-Priority Non-Security Updates

High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU) or Windows Server Update Services (WSUS) will be detailed in the following KB Article: Description of Software Update Services and Windows Server Update Services changes in content for 2008.

 

PUBLIC BULLETIN WEBCAST

Microsoft will host a Webcast to address customer questions on these bulletins:

Title: Information about Microsoft November Security Bulletins (Level 200)

Date: Wednesday, November 11, 2008 11:00 A.M. Pacific Time (U.S. & Canada)

URL: TechNet Webcast: Information About Microsoft November Security Bulletins (Level 200).

[Dr.Melzer 191]

NEW SECURITY BULLETIN TECHNICAL DETAILS

 

In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit Microsoft Support Lifecycle.

 

Bulletin Identifier Microsoft Security Bulletin MS08-069

Bulletin Title Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)

Executive Summary This security update resolves several vulnerabilities in Microsoft XML Core Services. The most severe vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Severity Rating This security update is rated Critical for Microsoft XML Core Services 3.0 and Important for Microsoft XML Core Services 4.0, Microsoft XML Core Services 5.0, and Microsoft XML Core Services 6.0.

Impact of Vulnerability Remote Code Execution

Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Affected Software Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008. Microsoft Office 2003, Word Viewer 2003, 2007 Office System, Compatibility Pack for Office 2007 File Formats, Expression Web, Office SharePoint Server 2007 and Office Groove Server 2007. For more information, see the Affected Software section of the bulletin at the link below.

Restart Requirement The update may require a restart.

Removal Information Removal details vary depending on which update is being installed. For specifics see the Security Update Deployment section of the bulletin at the link below.

Bulletins Replaced by This Update MS07-042

Full Details: Microsoft Security Bulletin MS08-069 – Critical: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)

 

 

 

Bulletin Identifier Microsoft Security Bulletin MS08-068

Bulletin Title Vulnerability in SMB Could Allow Remote Code Execution (957097)

Executive Summary This security update resolves a publicly disclosed vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerability could allow remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Severity Rating This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Moderate for all supported editions of Windows Vista and Windows Server 2008.

Impact of Vulnerability Remote Code Execution

Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Affected Software Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008. For more information, see the Affected Software section of the bulletin at the link below.

Restart Requirement The update requires a restart.

Removal Information • On Windows 2000, Windows XP, and Windows Server 2003: Use the Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.

• On Windows Vista and Widows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.

Bulletins Replaced by This Update • MS06-030 for Windows 2000

• MS05-011 for Windows XP SP2

• None for all others

Full Details: Microsoft Security Bulletin MS08-068 – Important: Vulnerability in SMB Could Allow Remote Code Execution (957097)

[Dr.Melzer 191]

MICROSOFT SECURITY INTELLIGENCE REPORT

 

The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows users, and some of the busiest online services on the Internet, this report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated data on privacy and breach notifications.

 

The fifth volume of the report covering January through June 2008 is now available: Microsoft Malware Protection Center - Security Intelligence Report.

 

Security Intelligence Report (SIR) Webcasts:

 

IT Manager Webcast: Microsoft Security Intelligence Report 5:

Latest Trends in Vulnerabilities, Exploits, and Malicious Software (Level 200)

Wednesday, November 12, 2008 1:00 PM Pacific Time (US & Canada)

IT Manager Webcast: Microsoft Security Intelligence Report 5: Latest Trends in Vulnerabilities, Exploits, and Malicious Software (Level 200)

 

TechNet Webcast: Microsoft Security Intelligence Report 5:

Latest Trends in Vulnerabilities, Exploits, and Malicious Software (Level 200)

Friday, November 14, 2008 9:30 AM Pacific Time (US & Canada)

TechNet Webcast: Microsoft Security Intelligence Report 5: Latest Trends in Vulnerabilities, Exploits, and Malicious Software (Level 200)

 

VULNERABILITY EXPLOITABILITY INDEX

 

How do I use this table?

 

Use this table to learn about the likelihood of functioning exploit code being released within 30 days of security bulletin release, for each of the security updates that you may need to install. You should review each of the assessments below, in accordance with your specific configuration, in order to prioritize your deployment. For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index.

 

Bulletin ID Bulletin Title CVE ID Exploitability Index Assessment Key Notes

MS08-068

Vulnerability in SMB Could Allow Remote Code Execution (957097)

CVE-2008-4037

1 - Consistent exploit code likely

Exploit code is currently public for this vulnerability on Windows XP.

MS08-069

Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)

CVE-2008-4029

1 - Consistent exploit code likely

Exploit code for information disclosure is likely as this can be used in cross-domain attacks.

MS08-069

Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)

CVE-2007-0099

2 - Inconsistent exploit code likely

This vulnerability involves a race condition in loading XML files. Therefore, it is difficult to exploit consistently.

MS08-069

Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)

CVE-2008-4033

2 - Inconsistent exploit code likely

 

 

REGARDING INFORMATION CONSISTENCY

 

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.

 

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

 

Thank you,

 

Microsoft CSS Security Team