CERT-In Advisory CIAD-2008-31
Vulnerabilities in Microsoft Windows Bluetooth, Internet Explorer, Speech API, DirectX, WINS, Active Directory and PGM
Original issue date:
June 12, 2008
Systems Affected
- Microsoft Windows 2000
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Internet Explorer
- DirectX
- Active Directory
Overview
Multiple Vulnerabilities have been reported in various Microsoft Windows systems such as Microsoft Windows Bluetooth, Internet Explorer, Speech API, DirectX, WINS, Active Directory and Pragmatic General Multicast.
Description
The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:
| Microsoft Security Bulletin |
Severity |
CERT-In Vulnerability Notes |
| MS08-030:Vulnerability in Bluetooth Stack Could Allow Remote Code Execution |
High |
CIVN-2008-77:
(Updated:June 20, 2008)
Microsoft Windows Bluetooth Stack Allows Remote Code Execution Vulnerability |
| MS08-031:Cumulative Security Update for Internet Explorer |
High |
CIVN-2008-78: Microsoft Internet Explorer Memory corruption and Information Disclosure Vulnerabilities |
| MS08-032: Cumulative Security Update of ActiveX Kill Bits |
Low |
CIVN-2008-79: Microsoft Windows Speech API Remote Code Execution |
| MS08-033:Vulnerabilities in DirectX Could Allow Remote Code Execution |
High |
CIVN-2008-80: Microsoft DirectX MJPEG Decoder and SAMI Format parsing vulnerabilities |
| MS08-034:Vulnerability in WINS Could Allow Elevation of Privilege |
Medium |
CIVN-2008-81: Microsoft WINS Elevation of Privilege Vulnerability |
| MS08-035:Vulnerability in Active Directory Could Allow Denial of Service |
Medium |
CIVN-2008-82:
Microsoft Active Directory Remote Denial of Service
|
| MS08-036:Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service |
Medium |
CIVN-2008-83: Microsoft Pragmatic General Multicast Denial of Service Vulnerabilities |
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin June 2008
http://www.microsoft.com/technet/security/bulletin/ms08-jun.mspx
Vendor Information
Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms08-jun.mspx
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
