Advisories

CERT-In Advisory CIAD-2008-0065

Multiple Vulnerabilities in Microsoft Windows, Microsoft Windows Search, Internet Explorer, Microsoft Visual Basic 6.0 Runtime Extended Files, Microsoft Office, Microsoft Office SharePoint Server and Microsoft Windows Media Components

Original Issue Date: December 11, 2008

Severity Rating: High

Systems Affected

Windows 2000
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Microsoft Internet Explorer
Microsoft Office
Microsoft Office SharePoint Server
Microsoft Visual Studio
Microsoft Windows Media Components

Overview

Multiple vulnerabilities have been reported in various Microsoft products and components such as Microsoft Windows, Microsoft Windows Search, Internet Explorer, Microsoft Visual Basic 6.0 Runtime Extended Files, Microsoft Office, Microsoft Office SharePoint Server and Microsoft Windows Media Components.

Description

The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:

Microsoft Security Bulletin	Severity	CERT-In Vulnerability Notes
MS08-070:Vulnerabilities in Visual Basic 6.0 Runtime Extended Files ActiveX Controls Could Allow Remote Code Execution	High	CIVN-2008-0183 Multiple Vulnerabilities Microsoft Visual Basic ActiveX Controls
MS08-071:Vulnerabilities in GDI Could Allow Remote Code Execution	High	CIVN-2008-0184 Multiple Vulnerabilities in Microsoft Windows GDI
MS08-072:Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution	High	CIVN-2008-0185 Microsoft Office Word Remote Code Execution
MS08-073.:Cumulative Security Update for Internet Explorer	High	CIVN-2008-0186 Multiple Vulnerabilities in Microsoft Internet Explorer
MS08-074:Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution	High	CIVN-2008-0187 Microsoft Office Excel Remote Code Execution
MS08-075:Vulnerabilities in Windows Search Could Allow Remote Code Execution	High	CIVN-2008-0188 Microsoft Windows Explorer Search Handling Vulnerabilities
MS08-076:Vulnerabilities in Windows Media Components Could Allow Remote Code Execution	Medium	CIVN-2008-0189 Microsoft Windows Media Components Vulnerabilities
MS08-077:Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege	Medium	CIVN-2008-0190 Microsoft Office SharePoint Server Security Bypass Vulnerability

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin December 2008
http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx

Vendor Information

Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India