: skip to content : Home : Uni : Students : Research : Community : News : Events
150 years of Achievement: image of university student
Faculties : A-Z Directory : Library
  • IT Security Links
    • University IT Security Alerts
-----------

ITSS-Advisory : MEDIUM : Microsoft : Various Products : Various Issues

THREAT LEVEL
============
Medium.

INFORMATION
===========
Microsoft has released 11 bulletins in its scheduled monthly update
for October 2008. They are summarised as follows:

MS08-066 - Vulnerability in Microsoft Ancillary Function Driver
---------------------------------------------------------------
Rating: Important
Impact: Elevation of Privilege
Link: http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx
Known Issues: http://support.microsoft.com/kb/956803
Affected:
- Windows XP versions: SP2, SP3, Pro x64, Pro x64 SP2
- Windows Server 2003 versions: SP1, SP2, x64, x64 SP2, Itanium SP1, Itanium SP2
Not Affected:
- Microsoft Windows 2000 Service Pack 4
- Windows Vista versions: Vista, Vista SP1, x64, x64 SP1
- Windows Server 2008 versions: 32-bit, x64-based, Itanium-based

MS08-065 - Vulnerability in Message Queuing
-------------------------------------------
Rating: Important
Impact: Remote Code Execution
Link: http://www.microsoft.com/technet/security/Bulletin/MS08-065.mspx
Known Issues: None
Affected: Windows 2000 SP4
Not Affected:
- Windows XP versions: SP2, SP3, x64, x64 SP2
- Windows Server 2003 versions: SP1, SP2, x64, x64 SP2, Itanium SP1, Itanium SP2
- Windows Vista versions: Vista, Vista SP1, x64, x64 SP1
- Windows Server 2008 versions: 32-bit, x64-based, Itanium-based

MS08-064 - Vulnerability in Virtual Address Descriptor Manipulation
-------------------------------------------------------------------
Rating: Important
Impact: Elevation of Privilege
Link: http://www.microsoft.com/technet/security/Bulletin/MS08-064.mspx
Known Issues: None
Affected:
- Windows XP versions: SP2, SP3, x64, x64 SP2
- Windows Server 2003 versions: SP1, SP2, x64, x64 SP2, Itanium SP1, Itanium SP2
- Windows Vista versions: Vista, Vista SP1, x64, x64 SP1
- Windows Server 2008 versions: 32-bit, x64-based, Itanium-based
Not Affected: Windows 2000 Service Pack 4

MS08-063 - Vulnerability in SMB
-------------------------------
Rating: Important
Impact: Remote Code Execution
Link: http://www.microsoft.com/technet/security/Bulletin/MS08-063.mspx
Known Issues: None
Affected:
- Windows XP versions: SP2, SP3, x64, x64 SP2
- Windows Server 2003 versions: SP1, SP2, x64, x64 SP2, Itanium SP1, Itanium SP2
- Windows Vista versions: Vista, Vista SP1, x64, x64 SP1
- Windows Server 2008 versions: 32-bit, x64-based, Itanium-based
- Windows 2000 Service Pack 4

MS08-062 - Vulnerability in Windows Internet Printing Service
-------------------------------------------------------------
Rating: Important
Impact: Remote Code Execution
Link: http://www.microsoft.com/technet/security/Bulletin/MS08-062.mspx
Known Issues: None
Affected:
Affected:
- Windows XP versions: SP2, SP3, x64, x64 SP2
- Windows Server 2003 versions: SP1, SP2, x64, x64 SP2, Itanium SP1, Itanium SP2
- Windows Vista versions: Vista, Vista SP1, x64, x64 SP1
- Windows Server 2008 versions: 32-bit, x64-based, Itanium-based
- Windows 2000 Service Pack 4

MS08-061 - Vulnerabilities in Windows Kernel
--------------------------------------------
Rating: Important
Impact: Elevation of Privilege
Link: http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx
Known Issues: http://support.microsoft.com/kb/954211
Affected:
- Windows XP versions: SP2, SP3, x64, x64 SP2
- Windows Server 2003 versions: SP1, SP2, x64, x64 SP2, Itanium SP1, Itanium SP2
- Windows Vista versions: Vista, Vista SP1, x64, x64 SP1
- Windows Server 2008 versions: 32-bit, x64-based, Itanium-based
- Windows 2000 Service Pack 4

MS08-060 - Vulnerability in Active Directory
--------------------------------------------
Rating: Critical
Impact: Remote Code Execution
Link: http://www.microsoft.com/technet/security/Bulletin/MS08-060.mspx
Known Issues: None
Affected: Windows 2000 Service Pack 4
Not Affected:
- Windows XP versions: SP2, SP3, x64, x64 SP2
- Windows Server 2003 versions: SP1, SP2, x64, x64 SP2, Itanium SP1, Itanium SP2
- Windows Vista versions: Vista, Vista SP1, x64, x64 SP1
- Windows Server 2008 versions: 32-bit, x64-based, Itanium-based

MS08-059 - Vulnerability in Host Integration Server RPC Service
---------------------------------------------------------------
Rating: Critical
Impact: Remote Code Execution
Link: http://www.microsoft.com/technet/security/Bulletin/MS08-059.mspx
Known Issues: None
Affected:
- Microsoft Host Integration Server 2000 versions: SP2, Administrator Client
- Microsoft Host Integration Server 2004 versions: Server, Server SP1, Client, Client SP1
- Microsoft Host Integration Server 2006 versions: 32-bit, x64-based

MS08-058 - Cumulative Security Update for Internet Explorer
-----------------------------------------------------------
Rating: Critical
Impact: Remote Code Execution, Information Disclosure
Link: http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx
Known Issues: None
Affected: Internet Explorer versions: 5.01, 6 SP1, 6, 7

MS08-057 - Vulnerabilities in Microsoft Excel
---------------------------------------------
Rating: Critical
Impact: Remote Code Execution
Link: http://www.microsoft.com/technet/security/Bulletin/MS08-057.mspx
Known Issues: None
Affected:
- Excel Versions: 2000 SP3, 2002 Sp3, 2003 SP2, 2003 SP3, 2007, 2007 SP1
- Excel Viewer versions: 2003, 2003 SP3, Excel viewer
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats and SP1
- Microsoft Office SharePoint Server 2007 versions: SP1, x64, x64 SP1
- Microsoft Office for Mac versions: 2004, 2008
- Open XML File Format Converter for Mac
Not Affected:
- Microsoft Works versions: 8.0, 8.5, 9.0
- Microsoft Works Suite 2005, 2006
- Microsoft Office SharePoint Server 2003 Service Pack 3

MS08-056 - Vulnerability in Microsoft Office
--------------------------------------------
Rating: Moderate
Impact: Information Disclosure
Link: http://www.microsoft.com/technet/security/Bulletin/MS08-056.mspx
Known Issues: None
Affected: Microsoft Office XP Service Pack 3
Not Affected:
- Microsoft Office 2000 SP 3
- Microsoft Office 2003 versions: SP2, SP3
- 2007 Microsoft Office System and SP1
- Microsoft Office Excel/PowerPoint/Word Viewer 2003
- Excel/PowerPoint/Word Viewer 2003 Service Pack 3
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats and SP1
- Microsoft Works versions: 8.0, 8.5, 9.0
- Microsoft Works Suite versions: 2005, 2006
- Microsoft Office for Mac versions 2004, 2008

ACTION
======
Administrators of affected computers are advised to review the bulletins, test and apply relevant updates.

Computers in the testbed will have the patches applied immediately, and their performance will be monitored. The

effects of the patch on these computers will be sent to its-announce@unimelb.edu.au by early afternoon on Fri 17

October 2008.
top of page

Contact Us : Disclaimer & Copyright : Privacy