Microsoft Security Bulletin Summary für April 2008

Neue Software, Treiber oder BIOS-Versionen findet ihr hier
[ News about software, drivers and bios can be found here ]
Antworten
Benutzeravatar
doelf
Moderator
Moderator
Beiträge: 34722
Registriert: 12 Feb 2004, 23:29
Wohnort: Alsdorf
Kontaktdaten:

Microsoft Security Bulletin Summary für April 2008

Beitrag von doelf » 08 Apr 2008, 18:20

Wie angekündigt hat Microsoft heute acht Sicherheits-Updates für Windows, den Internet Explorer und seine Office Software veröffentlicht. Fünf dieser Patches schließen kritische Sicherheitslücken, sechs der Schwachstellen erlauben das Einschleusen und Ausführen von Schadprogrammen durch Angreifer.

Hier nun alle neuen Security Bulletins in der Übersicht:
* Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183) - Kritisch
Betroffene Software: Office
Beschreibung: This security update resolves a privately reported vulnerability in Microsoft Office Project that could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

* Vulnerabilities in GDI Could Allow Remote Code Execution (948590) - Kritisch
Betroffene Software: Windows
Beschreibung: This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted EMF or WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

* Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338) - Kritisch
Betroffene Software: Windows
Beschreibung: This security update resolves a privately reported vulnerability in the VBScript and JScript scripting engines in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

* Security Update of ActiveX Kill Bits (948881) - Kritisch
Betroffene Software: Windows, Internet Explorer
Beschreibung: This security update resolves one privately reported vulnerability for a Microsoft product. This update also includes a kill bit for the Yahoo! Music Jukebox product. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

* Microsoft Security Bulletin MS08-024 - Kritisch
Betroffene Software: Windows, Internet Explorer
Beschreibung: This security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

* Vulnerability in DNS Client Could Allow Spoofing (945553) - Wichtig
Betroffene Software: Windows
Beschreibung: This security update resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS clients and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations.

* Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693) - Wichtig
Betroffene Software: Windows
Beschreibung: This security update resolves a privately reported vulnerability in the Windows kernel. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

* Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032) - Wichtig
Betroffene Software: Office
Beschreibung: This security update resolves privately reported vulnerabilities in Microsoft Office Visio that could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Quelle: http://www.update.microsoft.com/

Antworten