Alas Seven of the releases cover issues rated as Critical by Microsoft and a single issue rated as Important. The issues cover a range of products including old favorites such as Windows, Internet Explorer and Office.

 

The first of the Critically rated issues is MS08-070, this issue is a remotely exploitable vulnerability within  Microsoft Visual Basic ActiveX Controls that are included in a range of products from Visual Basic 6, Visual Studio .NET 2002/2003, various versions of FoxPro and Microsoft Office components Frontpage 2003 and Project 2003 and Project 2007. The actual vulnerabilities are in a range of ActiveX controls included with this products. The issues include the following, the majority of which would be exploitable within the context of the currently logged in user at the time of exploitation.

• Winsock Control Heap Overrun Vulnerability - An integer-overflow condition within the ActiveX control that would allow an attacker to influence a copy in heap memory resulting in memory corruption. 
• FlexGrid, Hierarchical FlexGrid, Charts and DataGrid Controls Memory Corruption Vulnerabilities - An error in the ActiveX control that could allow an attacker to corrupt system memory, resulting in an exploitable condition.
• Windows Common AVI Parsing Overflow Vulnerability - An error in the ActiveX control when parsing a maliciously crafted AVI file that could allow an attacker to create a memory corruption issue that could lead to execution of arbitrary code. 
• Masked Edit Control Memory Corruption Vulnerability - Because of insufficient validation of property values in the ActiveX control, an attacker can corrupt stack-based memory that could allow the execution of arbitrary code. According to Symantec they discovered that this issue was being exploited in the wild as far back as August.

The next Critically rated issue is MS08-071,address twoes vulnerabilities affecting Microsoft Windows GDI implementation; one of the two issues is rated 'Critical'. Successful exploitation of these issues can allow arbitrary remote code to run in the context of the user running the affected application. The issue affects all versions of Windows from Windows 2000 to Windows 2008 and Windows Vista for both 32-bit and 64-bit platforms. Both issues are Overflow condition issues, one an Integer Overflow the other a Heap Overflow and both in the handling of Windows Metafile Format (WMF files).

 

Then we have MS08-072, this bulletin is to address a total of eight vulnerabilities affecting both Microsoft Word and Microsoft Outlook. The issue is rated Critical for Office 2000 and Outlook 2007 and rated as important for all other versions of Office including Office for the Mac. The issues covered by this bulletin include:

• Word Memory Corruption Vulnerability - CVE-2008-4024
• Word RTF Object Parsing Vulnerability - CVE-2008-4025
• Word Memory Corruption Vulnerability - CVE-2008-4026
• Word RTF Object Parsing Vulnerability - CVE-2008-4027
• Word RTF Object Parsing Vulnerability - CVE-2008-4030
• Word RTF Object Parsing Vulnerability - CVE-2008-4028
• Word RTF Object Parsing Vulnerability - CVE-2008-4031
• Word Memory Corruption Vulnerability - CVE-2008-4837

However, the only reason some versions are rated important or not is determined by if the product in question by default prompts users before opening a downloaded file, which effectively adds a layer of user interaction. Therefore it is recommended that the Microsoft rating of Important is ignored for this issue and it is treated as Critical for all Office products as most people after normal use would have disabled the prompting for these files.

 

Our next bulletin is MS08-073, this attempts to address a number of issues within Internet Explorer. The issues are rated as Critical for Internet Explorer 5.0, 6.0 and 7.0, although Microsoft have rated some Internet Explorer configurations as being a moderate risk, however it is advised to ignore this and treat it as Critical. The bulletin covers four issues, these issues would involve client-side attacks. In all cases, an attacker would entice a victim into visiting a malicious site to trigger the vulnerabilities. The issues include:

• Parameter Validation Memory Corruption Vulnerability - CVE-2008-4258
• HTML Objects Memory Corruption Vulnerability - CVE-2008-4259
• Uninitialized Memory Corruption Vulnerability - CVE-2008-4260 
• HTML Rendering Memory Corruption Vulnerability - CVE-2008-4261

Now on to MS08-074, this bulletin covers multiple vulnerabilities affecting Microsoft Office Excel. An attacker can exploit these vulnerabilities to ultimately execute arbitrary code on a victim's computer. They cover versions of Excel from Office 2000 through to Office 2007 and Office for the Mac and also include the ‘Viewer’ versions of these applications. The issues include:

• Microsoft Excel Malformed Object Handling Remote Code Execution Vulnerability - This issue is triggered when a specially crafted Excel file is opened by Excel 2000 and can allow the execution of arbitrary code in the context of the logged in user.
• Microsoft Excel Formula Handling Remote Code Execution Vulnerability - Again another issue where Excel when opening a specially crafted file can be exploited to run arbitrary code. The vulnerability occurs because a pointer is corrupted when the routines that parse Excel formulas try to parse a specially crafted Excel formula. This particular issue affects all versions of Excel included with all versions of Office.
• Microsoft Excel Global Array Memory Corruption Vulnerability - Yet more parsing problems when opening a specially crafted Excel file. The vulnerability stems from stack memory corruption that occurs when specially crafted Excel records are loaded into memory. This particular issue affects all versions of Excel included with all versions of Office and allows the execution of arbitrary code in the context of the logged in user.

The next bulletin is MS08-075, this bulletin covers a two issues with Microsoft Windows Search, the issues affect Windows Vista and Windows 2008 on both 32-bit and 64-bit systems. Both allow execution of arbitrary code in the context of the logged in user.

 

Next we have MS08-076, this addresses two separate vulnerabilities affecting Microsoft Media Components. Affected versions range from Windows Media Components 6.4 through to Windows Media Components 11 for both 32-bit and 64-bits systems and Windows Media Services included with Windows 2000 Server, Windows 2003 and Windows 2008.

 

The final bulletin from Microsoft is MS08-077, this covers a number of issues within Sharepoint and is rated by Microsoft as Important. The issue covered is an elevation of privilege vulnerability in Microsoft Office SharePoint Server 2007 and Microsoft Office SharePoint Server 2007 Service Pack 1. The vulnerability can allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site.

 

As is usual for this time of the month, remember to get all the updates installed for all systems. It is advised as usual to ignore the rating and just install all the updates as if your life depended on it. 

 

As a side note is seems there is some active exploitation of a previously unknown Internet Explorer 7.0 vulnerability, initially targeted at Windows users in China. The issue is being exploited in the traditional drive by manner and is potentially exploiting an issue in the XML parsing mechanisms within Internet Explorer 7.0. So it may be a good idea to keep an eye out for this issue and potentially an out of band patch from Microsoft.