Microsoft patches Vista, Windows Server 2008, IE

Microsoft patches Vista, Windows Server 2008, IE

Summary: Microsoft delivered 10 patches including six critical ones on Tuesday. Among the critical patches for Vista, Windows Server 2008 and Internet Explorer.

SHARE:

Microsoft delivered 10 patches including six critical ones on Tuesday. Among the critical patches for Vista, Windows Server 2008 and Internet Explorer.

Critical patches by the CVEs:

CVE-2008-0083: Covers Windows Vista and Windows Server 2008. Microsoft says:

"A remote code execution vulnerability exists in the way that the VBScript and JScript scripting engines decode script in Web pages. This vulnerability could allow remote code execution if a user opened a specially crafted file or visited a Web site that is running specially crafted script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

Symantec flagged the vulnerability.

CVE-2008-1086: This patch covers ActiveX Kill Bits flaws and is necessary for Windows 2000, XP (various flavors), Windows Server 2003 (various flavors), Vista and Windows Server 2008. Microsoft says:

"A remote code execution vulnerability exists in the ActiveX control hxvz.dll. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user."

iDefense VCP found the vulnerability.

CVE-2008-1085: Microsoft says:

"A remote code execution vulnerability exists in Internet Explorer because of the way that it processes data streams. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user."

IE 6 and 7 are primarily impacted on multiple platforms, notably Vista and Server 2008. Secunia found the vulnerability.

CVE-2008-1088: Microsoft says: A remote code execution vulnerability exists in the way Microsoft Project handles specially crafted Project files. An attacker could exploit the vulnerability by sending a malformed file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site.

The National Cyber Security Center, The Republic of Korea found the vulnerability, which impacts Microsoft Project Server 2003, 2007, Portfolio Server 2007 and Project Server 2007.

CVE-2008-1083, CVE-2008-1087 are vulnerabilities that exist in the way GDI handles integer and filename parameters, respectively in EMF image files. Researchers at iDefense Labs, Zero Day Initiative and SkyRecon flagged these flaws.

Topics: Windows, Browser, Microsoft, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

18 comments
Log in or register to join the discussion
  • Whoa!!

    Symantec actually found a vulnerability?? Does this mean they are still on top of things? Still relevant? I thought these would all have been found by guys named Sergei or Ivan, somewhere in Europe...or maybe by some former M$ employee who spends all his free time "double-checking the former employer's warez". This is just a shocker!
    Techboy_z
  • What's new?

    Windows is like an innertube in the tire on a 1928 Model A. You have to patch it or blow it up continuously.
    Ole Man
    • What is the name of the perfect OS you're using? (nt)

      .
      ye
  • RE: Microsoft patches Vista, Windows Server 2008, IE

    But will any of them help my wireless work reliably?
    edallan
  • notably Vista and Server 2008"

    IE 6 and 7 are primarily impacted on multiple platforms,
    PB_z
  • IE patch: "notably Vista and Server 2008" ??

    [oops, hit Enter too early before]

    Exactly what about the IE patch is makes it "notable" for Vista/Server 2008 compared to other platforms?
    PB_z
  • RE: Microsoft patches Vista, Windows Server 2008, IE

    Word 2003 Stopped Working after these updates on my Vista Business Notebook?
    ndeards
  • RE: Microsoft patches Vista, Windows Server 2008, IE

    XP/3 only 1 patch to update Outlook 2003 Junk Mail. Nothing for XP
    sykandtyed
  • I downloaded the ultimate patch.

    It came as a .iso of about 690mb. Burned it to CD and rebooted. At the end I had my wallpaper and documents and my system was faster. Ubuntu it was called. They say it doesn't need AV and patches are optional. Also Frozen Bubble rocks.
    weex
    • Did you update Ubuntu after you installed it?

      The updates will take quite a while to download and install for Ubuntu. There were a couple hundred last time I looked. So don't think you did good with Ubuntu for updates...
      Narg
  • Where's the Visa SP1 patch?

    When are they going to send Visa SP1 to all the rest of us? The ones that didn't pass the first release because we may have an old driver running our old stand-alone external backup disk?
    mietz
    • You can use the full SP1 installer. (nt)

      .
      ye
    • Get the SP1 installer

      But make sure you're aware of what will cause conflicts.
      I'd make sure the particular vendors have released new drivers for that stuff before you install SP1.
      tikigawd
  • Full SP1 is L-a-r-g-e

    I know I can, But the size is, what 10 times larger? Even with DSL it would take hours to download.
    mietz
    • It's 434MB for the 32 bit version.

      At a speed of 1.5Mbps it would take 40 minutes. Even if your DSL isn't capable of this speed it will still take a lot less time than waiting you've already done.
      ye
    • SP1 is not THAT large...

      SP1 only downloads what it needs to when initiated from the Windows Update process. It downloaded in only about 10 mins on my slow DSL connection.
      Narg
    • You know...

      You can leave your computer downloading overnight while you sleep if it's such a hassle for you.
      tikigawd
  • RE: Microsoft patches Vista, Windows Server 2008, IE

    When is Microsoft planning to update Office 2007. Excel has more bugs than a year old fruitcake.
    rgmorris