CERT-In Advisory CIAD-2008-34
Multiple Vulnerabilities in Microsoft Windows Explorer, Exchange Server, SQL Server and Windows Domain Name System (DNS)
Original issue date:
July 10, 2008
Systems Affected
- Windows 2000
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Microsoft Exchange Server
- Microsoft SQL Server
- Microsoft Data Engine
Overview
Multiple vulnerabilities have been reported in various Microsoft products and components such as Microsoft SQL Server,
Microsoft Exchange Server, Windows DNS and Windows Explorer.
Description
The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:
| Microsoft Security Bulletin |
Severity |
CERT-In Vulnerability Notes |
| MS08-037: Vulnerabilities in DNS Could Allow Spoofing |
Medium |
CIVN-2008-100:
Microsoft Windows DNS Spoofing Vulnerabilities |
| MS08-038: Vulnerability in Windows Explorer Could Allow Remote Code Execution |
Medium |
CIVN-2008-101: Microsoft Windows Explorer Saved Search Vulnerability |
| MS08-039: Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege |
Medium |
CIVN-2008-102: Microsoft Outlook Web Access for Exchange Server XSS Vulnerabilities |
| MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege |
Medium |
CIVN-2008-103: Microsoft SQL server Elevation of Privilege Vulnerabilities
|
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin July 2008
http://www.microsoft.com/technet/security/bulletin/ms08-jul.mspx
Vendor Information
Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms08-jul.mspx
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
