ITSS-Advisory : MEDIUM : Microsoft : XML Core Services and SMB : Remote Code Execution

THREAT LEVEL
============
Medium.

INFORMATION
===========
Microsoft released two bulletins in the scheduled November publication.

MS08-069 - Vulnerabilities in Microsoft XML Core Services
---------------------------------------------------------
Rating: Critical
Impact: Remote Code Execution
Link: http://www.microsoft.com/technet/security/Bulletin/MS08-069.mspx
Known Issues: http://support.microsoft.com/kb/955218
Affected: A wide range of Microsoft Operating Systems versions and
Microsoft Office components.
Not Affected:
- Microsoft Office versions: 2000 SP3, XP SP3,
- Microsoft Office SharePoint Portal Server versions: 2001 SP3, 2003 SP3
- Microsoft Excel Viewer 2003 Service Pack 3

MS08-068 - Vulnerability in SMB
-------------------------------
Rating: Important
Impact: Remote Code Execution
Link: http://www.microsoft.com/technet/security/Bulletin/MS08-068.mspx
Known Issues: None
Affected:
- Windows versions: 2000 SP4, XP SP2, XP SP3, XP x64, XP x64 SP2
- Windows Server 2003 versions: SP1, SP2, x64, x64 SP2, Itanium SP1, Itanium SP2
- Windows Vista versions: Vista, SP1, x64, x64 SP1
- Windows Server 2008 versions: 32-bit, x64-based, Itanium

ACTION
======
Administrators of affected computers are advised to review the
bulletins, test and apply relevant updates.

Computers in the testbed will have the patches applied immediately,
and their performance will be monitored. The effects of the patch
on these computers will be sent to its-announce@unimelb.edu.au by
early afternoon on Fri 14 Nov 2008.