Microsoft Security Bulletins for

An information disclosure vulnerability exists in the way that SQL Server manages memory page reuse. An attacker with database operator access who successfully exploited this vulnerability could access customer data.

• Check Point Response
• Local access is required in order to exploit this vulnerability.

A vulnerability exists in the convert function in SQL Server that could allow an authenticated attacker to gain elevation of privilege. An attacker who successfully exploited this vulnerability could run code and take complete control of the system.

• Check Point Response

A vulnerability exists in SQL Server that could allow an authenticated attacker to gain elevation of privilege. An attacker who successfully exploited this vulnerability could run code and take complete control of the system.

• Check Point Response

A vulnerability exists in SQL Server that could allow an authenticated attacker to gain elevation of privilege. An attacker who successfully exploited this vulnerability could run code and take complete control of the system.

• Check Point Response

This is a cross-site scripting vulnerability in the affected versions of Outlook Web Access (OWA) for Exchange Server. Exploitation of the vulnerability could lead to elevation of privilege on individual OWA clients connecting to Outlook Web Access for Exchange Server. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted e-mail that would run malicious script from within an individual OWA client. If the malicious script is executed, the script would run in the security context of the user’s OWA session and could perform any action the user could perform such as reading, sending, and deleting e-mail as the logged-on user.

• Check Point Response
• Update Protection against Outlook Web Access Data Validation Cross-Site Scripting Vulnerability (MS08-039) Release Date:

This is a cross-site scripting vulnerability in the affected versions of Outlook Web Access (OWA) for Exchange Server. Exploitation of the vulnerability could lead to elevation of privilege on individual OWA clients connecting to Outlook Web Access for Exchange Server. To exploit the vulnerability an attacker would have to convince a user to open a specially crafted e-mail that would run malicious script from within an individual OWA client. The script would run in the security context of the user’s OWA session and could perform any action the user could perform, such as reading, sending, and deleting e-mail as the logged-on user.

• Check Point Response
• Update Protection against Outlook Web Access HTML Parsing Cross-Site Scripting Vulnerability (MS08-039) Release Date:

A remote code execution vulnerability exists when saving a specially crafted search file within Windows Explorer. This operation causes Windows Explorer to exit and restart in an exploitable manner.

• Check Point Response
• Update Protection against Microsoft Windows Saved Search Vulnerability (MS08-038) Release Date:

A spoofing vulnerability exists in Windows DNS client and Windows DNS server. This vulnerability could allow a remote unauthenticated attacker to quickly and reliably spoof responses and insert records into the DNS server or client cache, thereby redirecting Internet traffic.

• Check Point Response
• This is a preemptive protection.
• Preemptive Protection against Multiple Vendor DNS Insufficient Socket Entropy Vulnerability Release Date:

A cache poisoning vulnerability exists in Windows DNS Server. The vulnerability could allow an unauthenticated remote attacker to send specially crafted responses to DNS requests made by vulnerable systems, thereby poisoning the DNS cache and redirecting Internet traffic from legitimate locations.

• Check Point Response