JPCERT-AT-2008-0016
                                                             JPCERT/CC
                                                            2008-09-10

                  <<< JPCERT/CC Alert 2008-09-10 >>>

                September 2008 Microsoft Security Bulletin
                   (including four critical patches)

             http://www.jpcert.or.jp/at/2008/at080016.txt

I. Overview

  Microsoft has released its security bulletin summary for September
2008, which contains four security updates with severity rating 
"Critical".

  A remote attacker could use these vulnerabilities to cause a denial
of service or execute arbitrary code.

  For further information about these vulnerabilities, refer to the
following URLs.

    Microsoft Security Bulletin Summary for September 2008
    http://www.microsoft.com/technet/security/bulletin/ms08-sep.mspx


  [Critical Security Update]

    MS08-052
    Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
    http://www.microsoft.com/technet/security/bulletin/MS08-052.mspx

    MS08-053
    Vulnerability in Windows Media Encoder 9 Could Allow Remote Code
      Execution (954156)
    http://www.microsoft.com/technet/security/bulletin/MS08-053.mspx

    MS08-054
    Vulnerability in Windows Media Player Could Allow Remote Code 
      Execution (954154)
    http://www.microsoft.com/technet/security/bulletin/MS08-054.mspx

    MS08-055
    Vulnerability in Microsoft Office Could Allow Remote Code 
      Execution (955047)
    http://www.microsoft.com/technet/security/bulletin/MS08-055.mspx


II. Solution

  Use means such as Microsoft Update or Windows Update to apply the
security updates immediately.

    Microsoft Update
    https://www.update.microsoft.com/

    Windows Update
    https://windowsupdate.microsoft.com/

    Office Update
    http://office.microsoft.com/en-us/officeupdate/default.aspx


III. References

    Microsoft Security Bulletin Summary for September 2008
    http://www.microsoft.com/technet/security/bulletin/ms08-sep.mspx

    Technical Cyber Security Alert TA08-253A
    Microsoft Updates for Multiple Vulnerabilities
    http://www.us-cert.gov/cas/techalerts/TA08-253A.html

    US-CERT Vulnerability Note (search for ms08-sep)
    http://www.kb.cert.org/vuls/byid?searchview&query=ms08-sep

    US-CERT Vulnerability Note VU#996227
    Windows Media Encoder WMEX.DLL ActiveX Control buffer overflow
    http://www.kb.cert.org/vuls/id/996227



  If you have any information you could provide regarding this alert,
please contact us.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600  FAX: 03-3518-4602
http://www.jpcert.or.jp/

-----BEGIN PGP SIGNATURE-----

iQCVAwUBSMcjx4x1ay4slNTtAQitkwP8DATTutn7/a6zDmgYm0SIyOxTby9Ncwxw
xyrrpYB7QSD12RCX3pGrz8mkJk3aPDtWAoVO1pJQTwePt8TgqQKwhVhOoEB0tQOS
t808sEXzuikb04wkIjJaqvW6j0THu9IIeT4PiqWs640J695X8NZh/kZU8JaxhqwC
uXGjwf5mWJs=
=dECi
-----END PGP SIGNATURE-----