JPCERT-AT-2008-0015
                                                             JPCERT/CC
                                                            2008-08-13

                  <<< JPCERT/CC Alert 2008-08-13 >>>

                August 2008 Microsoft Security Bulletin
                   (including six critical patches)

             http://www.jpcert.or.jp/at/2008/at080015.txt

I. Overview

  Microsoft has released its security bulletin summary for August
2008, which contains six security updates with severity rating 
"Critical".

  A remote attacker could use these vulnerabilities to cause a denial
of service or execute arbitrary code.

  For further information about these vulnerabilities, refer to the
following URLs.

    Microsoft Security Bulletin Summary for August 2008
    http://www.microsoft.com/technet/security/bulletin/ms08-aug.mspx

  Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
reported in the Microsoft Security Advisory (955179) in July 2008 was
solved in MS08-041.

    Microsoft Security Advisory (955179) 
    http://www.microsoft.com/technet/security/advisory/955179.mspx

  [Critical Security Update]

    MS08-041
    Vulnerability in the ActiveX Control for the Snapshot Viewer for
      Microsoft Access Could Allow Remote Code Execution (955617)
    http://www.microsoft.com/technet/security/bulletin/MS08-041.mspx

    MS08-043
    Vulnerabilities in Microsoft Excel Could Allow Remote Code 
      Execution (954066)
    http://www.microsoft.com/technet/security/bulletin/MS08-043.mspx

    MS08-044
    Vulnerabilities in Microsoft Office Filters Could Allow Remote 
      Code Execution (924090)
    http://www.microsoft.com/technet/security/bulletin/MS08-044.mspx

    MS08-045
    Cumulative Security Update for Internet Explorer (953838) 
    http://www.microsoft.com/technet/security/bulletin/MS08-045.mspx

    MS08-046
    Vulnerability in Microsoft Windows Image Color Management System
      Could Allow Remote Code Execution (952954)
    http://www.microsoft.com/technet/security/bulletin/MS08-046.mspx

    MS08-051
    Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code
      Execution (949785)
    http://www.microsoft.com/technet/security/bulletin/MS08-051.mspx


II. Solution

  Use means such as Microsoft Update or Windows Update to apply the
security updates immediately.

    Microsoft Update
    https://www.update.microsoft.com/

    Windows Update
    https://windowsupdate.microsoft.com/

    Office Update
    http://office.microsoft.com/en-us/officeupdate/default.aspx


III. References

    Microsoft Security Bulletin Summary for August 2008
    http://www.microsoft.com/technet/security/bulletin/ms08-aug.mspx

    Technical Cyber Security Alert TA08-225A
    Microsoft Updates for Multiple Vulnerabilities
    http://www.us-cert.gov/cas/techalerts/TA08-225A.html

    US-CERT Vulnerability Note (search for ms08-aug)
    http://www.kb.cert.org/vuls/byid?searchview&query=ms08-aug

    US-CERT Vulnerability Note VU#309739
    Microsoft Color Management System (MSCMS) module remote code 
      execution
    http://www.kb.cert.org/vuls/id/309739

    US-CERT Vulnerability Note VU#837785
    Microsoft Office Snapshot Viewer ActiveX control race condition
    http://www.kb.cert.org/vuls/id/837785


  If you have any information you could provide regarding this alert,
please contact us.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600  FAX: 03-3518-4602
http://www.jpcert.or.jp/