JPCERT-AT-2008-0022
JPCERT/CC
2008-12-10
<<< JPCERT/CC Alert 2008-12-10 >>>
December 2008 Microsoft Security Bulletin
(including six critical patches)
http://www.jpcert.or.jp/at/2008/at080022.txt
I. Overview
Microsoft has released its security bulletin summary for December
2008, which contains six security updates with severity rating
"Critical".
A remote attacker could use these vulnerabilities to cause a denial
of service or execute arbitrary code.
For further information about these vulnerabilities, refer to the
following URLs.
Microsoft Security Bulletin Summary for December 2008
http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx
[Critical Security Update]
MS08-070
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files
(ActiveX Controls) Could Allow Remote Code Execution (932349)
http://www.microsoft.com/technet/security/bulletin/MS08-070.mspx
MS08-071
Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
http://www.microsoft.com/technet/security/bulletin/MS08-071.mspx
MS08-072
Vulnerabilities in Microsoft Office Word Could Allow Remote Code
Execution (957173)
http://www.microsoft.com/technet/security/bulletin/MS08-072.mspx
MS08-073
Cumulative Security Update for Internet Explorer (958215)
http://www.microsoft.com/technet/security/bulletin/MS08-073.mspx
MS08-074
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code
Execution (959070)
http://www.microsoft.com/technet/security/bulletin/MS08-074.mspx
MS08-075
Vulnerabilities in Windows Search Could Allow Remote Code
Execution (959349)
http://www.microsoft.com/technet/security/bulletin/MS08-075.mspx
Visual Basic 6.0 Runtime components handled in MS08-070 may have
been redistributed with applications. Product developers who have
developed applications using the vulnerable Runtime components should
consider redistributing the applications with the corrected runtime
components.
II. Solution
Use means such as Microsoft Update or Windows Update to apply the
security update immediately.
Microsoft Update
https://update.microsoft.com/
Windows Update
https://windowsupdate.microsoft.com/
Office Update
http://office.microsoft.com/en-us/officeupdate/default.aspx
III. References
Microsoft Security Bulletin Summary for December 2008
http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx
US-CERT Technical Cyber Security Alert TA08-344A
Microsoft Updates for Multiple Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA08-344A.html
US-CERT Vulnerability Note (search for ms08-dec)
http://www.kb.cert.org/vuls/byid?searchview&query=ms08-dec
Japan Security Team
http://blogs.technet.com/jpsecurity/archive/2008/12/10/3165894.aspx
MS08-070
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files
(ActiveX Controls) Could Allow Remote Code Execution
http://support.microsoft.com/kb/932349
If you have any information you could provide regarding this alert,
please contact us.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600 FAX: 03-3518-4602
Top