JPCERT-AT-2008-0007
                                                             JPCERT/CC
                                                            2008-05-14


                 <<< JPCERT/CC Alert 2008-05-14 >>>

                 May 2008 Microsoft Security Bulletin
                  (including three critical patches)

             http://www.jpcert.or.jp/at/2008/at080007.txt

I. Overview

  Microsoft has released its security bulletin summary for May 2008,
which contains three security updates with severity rating "Critical".

  A remote attacker could use these vulnerabilities to cause a denial
of service or execute arbitrary code.


    Microsoft Security Bulletin Summary for May 2008
    http://www.microsoft.com/technet/security/bulletin/ms08-may.mspx

  For further information about these vulnerabilities, refer to the
following URLs.

  [Critical Security Update]

    MS08-026
    Vulnerabilities in Microsoft Word Could Allow Remote Code 
      Execution (951207)
    http://www.microsoft.com/technet/security/bulletin/MS08-026.mspx

    MS08-027
    Vulnerability in Microsoft Publisher Could Allow Remote Code 
      Execution (951208)
    http://www.microsoft.com/technet/security/bulletin/MS08-027.mspx 

    MS08-028
    Vulnerability in Microsoft Jet Database Engine Could Allow Remote
      Code Execution (950749)
    http://www.microsoft.com/technet/security/bulletin/MS08-028.mspx 


II. Solution

  Use means such as Microsoft Update or Windows Update to apply the
security updates immediately.

    Microsoft Update
    https://www.update.microsoft.com/

    Windows Update
    https://windowsupdate.microsoft.com/

    Office Update
    http://office.microsoft.com/en-us/officeupdate/default.aspx


  If a Windows XP SP2 user selects the application method "Express" to
run Microsoft Update, only Windows XP SP3 will be displayed as a
high-priority update. To apply security updates without applying
Windows XP SP3, select the application method "Custom".

III. References

    Microsoft Security Bulletin Summary for May 2008
    http://www.microsoft.com/technet/security/bulletin/ms08-may.mspx

    Technical Cyber Security Alert TA08-134A
    Microsoft Updates for Multiple Vulnerabilities
    http://www.us-cert.gov/cas/techalerts/TA08-134A.html

    US-CERT Vulnerability Note (search for ms08-may)
    http://www.kb.cert.org/vuls/byid?searchview&query=ms08-may

    US-CERT Vulnerability Note
    Microsoft Office Project vulnerable to remote code execution via
      specially crafted Project file
    http://www.kb.cert.org/vuls/id/155563

    US-CERT Vulnerability Note VU#543907
    Microsoft Office fails to properly handle specially crafted Rich 
      Text Format files
    http://www.kb.cert.org/vuls/id/543907

    US-CERT Vulnerability Note VU#936529
    Microsoft Jet Engine stack buffer overflow
    http://www.kb.cert.org/vuls/id/936529

  If you have any information you could provide regarding this alert,
please contact us.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600  FAX: 03-3518-4602
http://www.jpcert.or.jp/