[Jochen]

gestern Abend wurden die Microsoft Security Bulletins für Dezember 2008 veröffentlicht. Die Veröffentlichung der Bulletins ersetzt die Bulletin Advance Notification, die erstmalig am 04.12.08 veröffentlicht wurde.

Weitere Infos findet Ihr unten und auch online auf: http://www.microsoft.com/germany/tec.../ms08-dec.mspx (dt.)

Am Mittwoch, den 10. Dezember 2008 um 20:00 Uhr (MEZ) führt Microsoft einen englischsprachigen Webcast durch, um Fragen zu diesen Bulletins zu beantworten. Registriert Euch jetzt für den Security Bulletin-Webcast im Dezember<http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032374647>. Im Anschluss steht dieser Webcast auf Anfrage zur Verfügung. Weitere Informationen dazu findet Ihr unter Microsoft Security Bulletin Zusammenfassungen und Webcasts.<http://www.microsoft.com/technet/security/bulletin/summary.mspx>

_______________________________

What is the purpose of this alert?
This alert is to provide you with an overview of the new security bulletins being released on December 9, 2008. Security bulletins are released monthly to resolve critical problem vulnerabilities.

New Security Bulletins:

Microsoft is releasing the following eight (8) new security bulletins for newly discovered vulnerabilities:

Bulletin ID Bulletin Title and Executive Summary Maximum Severity Rating Vulnerability Impact Affected Software Restart Requirement
MS08-070<http://www.microsoft.com/technet/security/bulletin/MS08-070.mspx> Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) Critical Remote Code Execution Microsoft Developer Tools and Software, Microsoft Office Requires restart
MS08-071<http://www.microsoft.com/technet/security/bulletin/MS08-071.mspx> Vulnerabilities in GDI Could Allow Remote Code Execution (956802) Critical Remote Code Execution Microsoft Windows Requires restart
MS08-072<http://www.microsoft.com/technet/security/bulletin/MS08-072.mspx> Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) Critical Remote Code Execution Microsoft Office May require restart
MS08-073<http://www.microsoft.com/technet/security/bulletin/MS08-073.mspx> Cumulative Security Update for Internet Explorer (958215) Critical Remote Code Execution Microsoft Windows, Internet Explorer Requires restart
MS08-074<http://www.microsoft.com/technet/security/bulletin/MS08-074.mspx> Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) Critical Remote Code Execution Microsoft Office May require restart
MS08-075<http://www.microsoft.com/technet/security/bulletin/MS08-075.mspx> Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) Critical Remote Code Execution Microsoft Windows Requires restart
MS08-076<http://www.microsoft.com/technet/security/bulletin/MS08-076.mspx> Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) Important Remote Code Execution Microsoft Windows May require restart
MS08-077<http://www.microsoft.com/technet/security/bulletin/MS08-077.mspx> Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) Important
Elevation of Privilege Microsoft Office, Microsoft Server Software May require restart

Summaries for these new bulletins may be found at the following pages:
http://www.microsoft.com/technet/sec.../MS08-Dec.mspx.

Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here: http://support.microsoft.com/?kbid=890830.

High-Priority Non-Security Updates

High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU) or Windows Server Update Services (WSUS) will be detailed in the following KB Article: http://support.microsoft.com/?id=894199.

Public Bulletin Release Webcast

Microsoft will host a Webcast to address customer questions on these bulletins:

Title: Information about Microsoft December Security Bulletins (Level 200)
Date: Wednesday, December 10th, 2008 11:00 AM Pacific Time (US & Canada)
URL: http://msevents.microsoft.com/CUI/We...tID=1032374647.

New Security Bulletin Technical Details

In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit Microsoft Support Lifecycle<http://support.microsoft.com/lifecycle/>.

Bulletin Identifier Microsoft Security Bulletin MS08-070
Bulletin Title Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
Executive Summary This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities could allow remote code execution if a user browsed a Web site that contains specially crafted content.

The security update addresses the vulnerabilities by improving validation and error handling within the ActiveX controls.
Severity Ratings and Affected Software This security update is rated Critical for supported components of the Microsoft Visual Basic 6.0 Runtime Extended Files; all supported editions of Microsoft Visual Studio .NET 2002, Microsoft Visual Studio .NET 2003, Microsoft Visual FoxPro 8.0, Microsoft Visual FoxPro 9.0, Microsoft Office Project 2003, Microsoft Office Project 2007; and the Chinese Simplified (China), Chinese Pan (Hong Kong), Chinese Traditional (Taiwan), and Korean versions of Microsoft Office FrontPage 2002.
Impact of Vulnerability Remote Code Execution
Vulnerability Identifiers CVE-2008-4253: FlexGrid Control Memory Corruption Vulnerability
CVE-2008-4254: Hierarchical FlexGrid Control Memory Corruption Vulnerability
CVE-2008-4255: Windows Common AVI Parsing Overflow Vulnerability
CVE-2008-4252: DataGrid Control Memory Corruption Vulnerability
CVE-2008-4256: Charts Control Memory Corruption Vulnerability
CVE-2008-3704: Masked Edit Control Memory Corruption Vulnerability
Known Issues Any issue on pertaining to this bulletin that is discovered and verified will be documented in Microsoft Knowledge Base Article 932349<http://support.microsoft.com/kb/932349>. The article would also document recommended solutions for any new issues as they are verified.
Restart Requirement Requires restart
Removal Information Removal steps vary depending on which update is installed. Please see the Security Update Deployment section of the bulletin at the link below for specific details.
Bulletins Replaced by This Update None
Full Details: http://www.microsoft.com/technet/sec.../MS08-070.mspx


Bulletin Identifier Microsoft Security Bulletin MS08-071
Bulletin Title Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
Executive Summary This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.

The security update addresses the vulnerabilities by modifying the way GDI validates file size parameters and performs integer calculations to prevent overflow conditions.
Severity Ratings and Affected Software This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Impact of Vulnerability Remote Code Execution
Vulnerability Identifiers CVE-2008-2249: GDI Integer Overflow Vulnerability
CVE-2008-3465: GDI Heap Overflow Vulnerability
Known Issues Any issue on pertaining to this bulletin that is discovered and verified will be documented in Microsoft Knowledge Base Article 956802<http://support.microsoft.com/kb/956802>. The article would also document recommended solutions for any new issues as they are verified.
Restart Requirement Requires restart
Removal Information For this update installed on Windows 2000, Windows XP, or Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.

For this update installed on Windows Vista or Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced by This Update MS08-021
Full Details: http://www.microsoft.com/technet/sec.../MS08-071.mspx


Bulletin Identifier Microsoft Security Bulletin MS08-072
Bulletin Title Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
Executive Summary This security update resolves eight privately reported vulnerabilities in Microsoft Office Word and Microsoft Office Outlook that could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.

The security update addresses the vulnerability by modifying the way that Microsoft Office Word and Microsoft Office Outlook handle specially crafted Word and Rich Text Format (RTF) files.
Severity Ratings and Affected Software This security update is rated Critical for supported editions of Microsoft Office Word 2000 and Microsoft Office Outlook 2007. For supported editions of Microsoft Office Word 2002, Microsoft Office Word 2003, Microsoft Office Word 2007, Microsoft Office Compatibility Pack, Microsoft Office Word Viewer 2003, Microsoft Works 8, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac, this security update is rated Important.
Impact of Vulnerability Remote Code Execution
Vulnerability Identifiers CVE-2008-4031: Word RTF Object Parsing Vulnerability
CVE-2008-4030: Word RTF Object Parsing Vulnerability
CVE-2008-4025: Word RTF Object Parsing Vulnerability
CVE-2008-4026: Word Memory Corruption Vulnerability
CVE-2008-4027: Word RTF Object Parsing Vulnerability
CVE-2008-4028: Word RTF Object Parsing Vulnerability
CVE-2008-4837: Word Memory Corruption Vulnerability
CVE-2008-4024: Word Memory Corruption Vulnerability
Known Issues Any issue on pertaining to this bulletin that is discovered and verified will be documented in Microsoft Knowledge Base Article 957173<http://support.microsoft.com/kb/957173>. The article would also document recommended solutions for any new issues as they are verified.
Restart Requirement May require restart
Removal Information Removal steps vary depending on which update is installed. Please see the Security Update Deployment section of the bulletin at the link below for specific details.
Bulletins Replaced by This Update MS08-026, MS08-042, and MS08-057
Full Details: http://www.microsoft.com/technet/sec.../MS08-072.mspx


Bulletin Identifier Microsoft Security Bulletin MS08-073
Bulletin Title Cumulative Security Update for Internet Explorer (958215)
Executive Summary This security update resolves four privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.

The security update addresses these vulnerabilities by modifying the way that Internet Explorer validates parameters, handles the error resulting in the exploitable condition, and handles extra data when embedding objects in Web pages.
Severity Ratings and Affected Software This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on Microsoft Windows 2000; Internet Explorer 6 running on Windows XP; and Internet Explorer 7. For Internet Explorer 6 running on Windows Server 2003, this security update is rated Moderate.
Impact of Vulnerability Remote Code Execution
Vulnerability Identifiers CVE-2008-4260 : Uninitialized Memory Corruption Vulnerability
CVE-2008-4258 : Parameter Validation Memory Corruption Vulnerability
CVE-2008-4259 : HTML Objects Memory Corruption Vulnerability
CVE-2008-4261 : HTML Rendering Memory Corruption Vulnerability
Known Issues Any issue on pertaining to this bulletin that is discovered and verified will be documented in Microsoft Knowledge Base Article 958215<http://support.microsoft.com/kb/958215>. The article would also document recommended solutions for any new issues as they are verified.
Restart Requirement Requires restart
Removal Information For this update installed on Windows 2000, Windows XP, or Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.

For this update installed on Windows Vista or Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced by This Update MS08-058
Full Details: http://www.microsoft.com/technet/sec.../MS08-073.mspx


Bulletin Identifier Microsoft Security Bulletin MS08-074
Bulletin Title Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
Executive Summary This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.

This security update addresses these vulnerabilities by modifying the way that Microsoft Office Excel opens Excel files.
Severity Ratings and Affected Software This security update is rated Critical for all supported editions of Microsoft Office Excel 2000. For all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2007, Microsoft Office Compatibility Pack, Microsoft Office Excel Viewer, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac, this security update is rated Important.
Impact of Vulnerability Remote Code Execution
Vulnerability Identifiers CVE-2008-4264: File Format Parsing Vulnerability
CVE-2008-4265: File Format Parsing Vulnerability
CVE-2008-4266: Excel Global Array Memory Corruption Vulnerability
Known Issues Any issue on pertaining to this bulletin that is discovered and verified will be documented in Microsoft Knowledge Base Article 959070<http://support.microsoft.com/kb/959070>. The article would also document recommended solutions for any new issues as they are verified.
Restart Requirement May require restart
Removal Information Removal steps vary depending on which update is installed. Please see the Security Update Deployment section of the bulletin at the link below for specific details.
Bulletins Replaced by This Update MS08-057
Full Details: http://www.microsoft.com/technet/sec.../MS08-074.mspx


Bulletin Identifier Microsoft Security Bulletin MS08-075
Bulletin Title Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)
Executive Summary This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.

The security update addresses the vulnerabilities by modifying the way that Windows Explorer frees memory when saving Windows Search files and by modifying the way that Windows Explorer interprets parameters when parsing the search-ms protocol.
Severity Ratings and Affected Software The most severe vulnerability is rated Critical for all supported editions of Windows Vista and Windows Server 2008.
Impact of Vulnerability Remote Code Execution
Vulnerability Identifiers CVE-2008-4268: Windows Saved Search Vulnerability
CVE-2008-4269: Windows Search Parsing Vulnerability
Known Issues Any issue on pertaining to this bulletin that is discovered and verified will be documented in Microsoft Knowledge Base Article 959349<http://support.microsoft.com/kb/959349>. The article would also document recommended solutions for any new issues as they are verified.
Restart Requirement Requires restart
Removal Information Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced by This Update MS08-038
Full Details: http://www.microsoft.com/technet/sec.../MS08-075.mspx


Bulletin Identifier Microsoft Security Bulletin MS08-076
Bulletin Title Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
Executive Summary This security update resolves two privately reported vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The most severe vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

The security update addresses the first vulnerability by modifying the way that Windows Media authentication replies are validated. The security update addresses the second vulnerability by ensuring that Windows Media clients treat servers using ISATAP addresses as external.
Severity Ratings and Affected Software This security update is rated Important for Windows Media Player 6.4, Windows Media Format Runtime 7.1, Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, Windows Media Format Runtime 11, Windows Media Services 4.1, Windows Media Services 9 Series, and Windows Media Services 2008.
Impact of Vulnerability Remote Code Execution
Vulnerability Identifiers CVE-2008-3009: SPN Vulnerability
CVE-2008-3010: ISATAP Vulnerability
Known Issues Any issue on pertaining to this bulletin that is discovered and verified will be documented in Microsoft Knowledge Base Article 959807<http://support.microsoft.com/kb/959807>. The article would also document recommended solutions for any new issues as they are verified.
Restart Requirement This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.
Removal Information For this update installed on Windows 2000, Windows XP, or Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.

For this update installed on Windows Vista or Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced by This Update In the case of the Windows Media Services update on Windows Server 2003, MS07-068 is superseded.
Full Details: http://www.microsoft.com/technet/sec.../MS08-076.mspx


Bulletin Identifier Microsoft Security Bulletin MS08-077
Bulletin Title Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
Executive Summary This security update resolves a privately reported vulnerability. The vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack leading to elevation of privilege could result in denial of service or information disclosure.
Severity Ratings and Affected Software This security update is rated Important for all supported editions of Microsoft Office SharePoint Server 2007 and Microsoft Search Server 2008.
Impact of Vulnerability Elevation of Privilege
Vulnerability Identifiers CVE-2008-4032: Access Control Vulnerability
Known Issues Any issue on pertaining to this bulletin that is discovered and verified will be documented in Microsoft Knowledge Base Article 957175<http://support.microsoft.com/kb/957175>. The article would also document recommended solutions for any new issues as they are verified.
Restart Requirement May require restart
Removal Information This security update cannot be removed.
Bulletins Replaced by This Update MS07-059
Full Details: http://www.microsoft.com/technet/sec.../MS08-077.mspx

Regarding Information Consistency

We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft's security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft's web-based security content, the information in Microsoft's web-based security content is authoritative.

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

Thank you,

Microsoft CSS Security Team