• On The Insider: Miley Cyrus in Sex and the City 2

Security

Read all 'Microsoft XML Core Services' posts in Security
November 11, 2008 10:59 AM PST

Microsoft fixes four flaws with two patches

by Robert Vamosi
  • 11 comments
Share

Microsoft on Tuesday released its November 2008 security bulletin, including one patch rated "critical."

The critical bulletin affects Microsoft XML Core Services and Internet Explorer, while the "important" bulletin affects Microsoft Server Message Block (SMB) Protocol. Both affect all versions of Windows. Starting last month, Microsoft is sharing the technical details of new vulnerabilities to give software developers a chance to update affected products before the public announcement. Microsoft is including within each bulletin an "exploitability index" to help system administrators prioritize the patches. All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS08-068: Important

Exploitability index: 1. Microsoft recommends that customers apply the update at the earliest opportunity. Titled "Vulnerability in SMB Could Allow Remote Code Execution (957097)", this bulletin is important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and moderate for all supported editions of Windows Vista and Windows Server 2008. This bulletin addresses the vulnerability detailed in CVE-2008-4037. Microsoft says an attacker "who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights."

MS08-069: Critical

Exploitability index: 1-2. Microsoft recommends that customers apply this update immediately. Titled "Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)", this bulletin is rated critical for Microsoft XML Core Services 3.0 and important for Microsoft XML Core Services 4.0, Microsoft XML Core Services 5.0, and Microsoft XML Core Services 6.0. This bulletin replaces MS07-042 and addresses the three vulnerabilities detailed in CVE-2007-0099, CVE-2008-4029, and CVE-2008-4033. Microsoft says that "the most severe vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer."

Topics:
Vulnerabilities and attacks,
News
Tags:
security,
Microsoft,
Patch Tuesday,
Microsoft XML Core Services
Share:
Digg
Del.icio.us
Reddit
  • prev
  • 1
  • next
advertisement

The yogurt makers of tech: Gadgets to avoid

Don't buy these one-trick ponies--unless you like gizmos that gather dust.

Google wants to unclog Net's DNS plumbing

The Net giant, ever eager for a faster Internet, debuts its Google Public DNS service. With it, Google could become even more central to the Net.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

Most Discussed



advertisement
Click Here

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET