Microsoft updates : Internet Storm Center ratings : A secure democratic Net is a fundamental right

concours

contact me

Contact mailforlen

Syndicate this site (rss)

Syndicate this site (XML)

Get this by mail

Recent Posts

Categories

search belsec

translate this blog

Toolz, links, books

My pix albums

Archives

Copyright

You can republish and link parts of what you find (not the whole thing) to whatever you find here - except the comix that you have to ask me - as long as you don't ask money for it and attribute it with a link.Made For Adsense sites have no rights.

Disclaimer

This blog and all of its links and other projects are my personal projects that have nothing to do with my real job or with any other organisation. This means that any opinion published here is NOT an opinion of any employer or organisation I work with. THis is my personal space of democratic freedom of speech to stimulate an open debate and to fight effectively cybercrime and promote cybersecurity in all of its aspects. The fact that thousands of links are made available as 'Open Intelligence' does not mean that this author agrees with them or is responsable for the legality of them.

« Tokenattacks possible against IIS with full rights | HomePage | ALERT ORACLE SECURITY PATCHES »

10/15/2008

Microsoft updates : Internet Storm Center ratings

#	Affected	Contra Indications	Known Exploits	Microsoft rating	ISC rating^(*)
#	Affected	Contra Indications	Known Exploits	Microsoft rating	clients	servers
MS08-056	Cross site scripting (XSS) in the way Office XP SP3 handles the dialog window for the content-disposition:download and the cdo: protocol.
MS08-056	Office CVE-2008-4020	KB 957699	No publicly known exploits	Moderate	Important	Less Urgent
MS08-057	Multiple vulnerabilities in Excel lead to random code execution. This also affect sharepoint server. Replaces MS08-043.
MS08-057	Office CVE-2008-4019 CVE-2008-3471 CVE-2008-3477	KB 956416	No publicly known exploits	Critical	Critical	Critical (**)
MS08-058	Multiple vulnerabilities in MSIE lead to random code execution and or information leaks. Replaces MS08-045.
MS08-058	IE CVE-2008-2947 CVE-2008-3472 CVE-2008-3473 CVE-2008-3474 CVE-2008-3475 CVE-2008-3476	KB 956390	CVE-2008-2947 is publicly known	Critical	Critical	Important
MS08-059	RPC requests can bypass authentication and lead to random code execution.
MS08-059	Host Integration Server (HIS) CVE-2008-3466	KB 956695	No publicly known exploits	Critical	Important	Critical
MS08-060	A buffer overflow in the LDAP services allows random code execution. LDAP over SSL is also afected. Replaces MS08-035.
MS08-060	Windows active directory CVE-2008-4023	KB 957280	No publicly known exploits	Critical	N/A	Critical
MS08-061	Multiple vulnerabilities in the windows kernel allow privilege escalation. Replaces MS08-025.
MS08-061	Windows kernel CVE-2008-2250 CVE-2008-2251 CVE-2008-2252	KB 954211	No publicly known exploits	Important	Important	Important (***)
MS08-062	An Interger overflow in IPP allows random code execution to authenticated users.
MS08-062	Windows internet printing (IIS) CVE-2008-1446	KB 953155	Actively exploited in targeted attacks	Important	Less Urgent (****)	Critical
MS08-063	Crafted filenames lead to random code execution in the SMB protocol. Replaces MS06-063.
MS08-063	Windows file sharing CVE-2008-4038	KB 957095	No publicly known exploits	Important	Important	Critical
MS08-064	An integer overflow allows privilege escalation. Replaces MS07-066, MS07-022 and Advisory 932596.
MS08-064	Windows virtual address descriptor CVE-2008-4036	KB 956841	No publicly known exploits	Important	Important	Important
MS08-065	An input validation failure in an RPC of MSQS allows random code execution.
MS08-065	Windows 2000 message queuing CVE-2008-3479	KB 951071	No publicly known exploits	Important	Important	Important
MS08-066	An input validation failure allows privilege escalation.
MS08-066	Windows ancillary function driver CVE-2008-3464	KB 956803	No publicly known exploits	Important	important	Less Urgent (***)
Advisory 956391	Killbits for 3rd party (Microgaming, System Requirements Lab, PhotostockPro) as well as Microsoft ActiveX controls mentioned in MS02-044, MS08-017, MS08-041 and MS08-052.
Advisory 956391	IE Active X killbits	KB 956391		-	Critical	Important

10:03 | Permalink | Comments (0) | Email this | | del.icio.us | | Digg! Digg | Facebook

Post a comment