JPCERT-AT-2008-0007
JPCERT/CC
2008-05-14
<<< JPCERT/CC Alert 2008-05-14 >>>
May 2008 Microsoft Security Bulletin
(including three critical patches)
http://www.jpcert.or.jp/at/2008/at080007.txt
I. Overview
Microsoft has released its security bulletin summary for May 2008,
which contains three security updates with severity rating "Critical".
A remote attacker could use these vulnerabilities to cause a denial
of service or execute arbitrary code.
Microsoft Security Bulletin Summary for May 2008
http://www.microsoft.com/technet/security/bulletin/ms08-may.mspx
For further information about these vulnerabilities, refer to the
following URLs.
[Critical Security Update]
MS08-026
Vulnerabilities in Microsoft Word Could Allow Remote Code
Execution (951207)
http://www.microsoft.com/technet/security/bulletin/MS08-026.mspx
MS08-027
Vulnerability in Microsoft Publisher Could Allow Remote Code
Execution (951208)
http://www.microsoft.com/technet/security/bulletin/MS08-027.mspx
MS08-028
Vulnerability in Microsoft Jet Database Engine Could Allow Remote
Code Execution (950749)
http://www.microsoft.com/technet/security/bulletin/MS08-028.mspx
II. Solution
Use means such as Microsoft Update or Windows Update to apply the
security updates immediately.
Microsoft Update
https://www.update.microsoft.com/
Windows Update
https://windowsupdate.microsoft.com/
Office Update
http://office.microsoft.com/en-us/officeupdate/default.aspx
If a Windows XP SP2 user selects the application method "Express" to
run Microsoft Update, only Windows XP SP3 will be displayed as a
high-priority update. To apply security updates without applying
Windows XP SP3, select the application method "Custom".
III. References
Microsoft Security Bulletin Summary for May 2008
http://www.microsoft.com/technet/security/bulletin/ms08-may.mspx
Technical Cyber Security Alert TA08-134A
Microsoft Updates for Multiple Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA08-134A.html
US-CERT Vulnerability Note (search for ms08-may)
http://www.kb.cert.org/vuls/byid?searchview&query=ms08-may
US-CERT Vulnerability Note
Microsoft Office Project vulnerable to remote code execution via
specially crafted Project file
http://www.kb.cert.org/vuls/id/155563
US-CERT Vulnerability Note VU#543907
Microsoft Office fails to properly handle specially crafted Rich
Text Format files
http://www.kb.cert.org/vuls/id/543907
US-CERT Vulnerability Note VU#936529
Microsoft Jet Engine stack buffer overflow
http://www.kb.cert.org/vuls/id/936529
If you have any information you could provide regarding this alert,
please contact us.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600 FAX: 03-3518-4602
http://www.jpcert.or.jp/
Top