Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Microsoft Security

11-Nov-2008: Check Point has released immediate Security Updates to protect its SmartDefense subscribers against Microsoft Security Bulletins posted today, November 11, 2008. The November 2008 release contains 2 bulletins: MS08-068 rated High, addressing a vulnerability in SMB and  MS08-069 rated Critical, addressing vulnerabilities in Microsoft XML Core Services. For more information, visit the MSRC site.

06-Nov-2008: Microsoft has posted its Advance Notification for next week’s bulletin release which will occur on Tuesday, November 11, 2008. The Notification includes one Microsoft Security Bulletin affecting Microsoft Windows/Microsoft Office rated as Critical and one affecting Windows rated as Important.

27-Oct-2008: Microsoft has released Security Advisory 958963to confirm the public availability of exploit code affecting the Windows Server Service vulnerability addressed in Microsoft Security Bulletin MS08-067. The Advisory states that this exploit code is shown to result in code execution on Windows Server 2003, Windows XP, and Windows 2000 systems. SmartDefense research teams have reviewed samples of publicly available exploit codes and confirmed that the recently released SmartDefense protection will detect and block these exploits.

Microsoft Security Bulletins for

= Check Point has provided a protection to this bulletin

Microsoft Security Bulletin MS08-069:
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)

Severity: Critical

CVE-2008-4033: MSXML Header Request Vulnerability

An information disclosure vulnerability exists in the way that Microsoft XML Core Services handles transfer-encoding headers. The vulnerability could allow information disclosure if a user browses a Web site that contains specially crafted content or opens specially crafted HTML e-mail. An attacker who successfully exploited this vulnerability could read data from a Web page in another domain in Internet Explorer. In all cases, however, an attacker would have no way to force users to visit these Web sites.

CVE-2008-4029: MSXML DTD Cross-Domain Scripting Vulnerability

An information disclosure vulnerability exists in the way that Microsoft XML Core Services handles error checks for external document type definitions (DTDs). The vulnerability could allow information disclosure if a user browses a Web site that contains specially crafted content or opens specially crafted HTML e-mail. An attacker who successfully exploited this vulnerability could read data from a Web page in another domain in Internet Explorer. In all cases, however, an attacker would have no way to force users to visit these Web sites.

CVE-2007-0099: MSXML Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft XML Core Services parses XML content. The vulnerability could allow remote code execution if a user browses a Web site that contains specially crafted content or opens specially crafted HTML e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Bulletin MS08-068:
Vulnerability in SMB Could Allow Remote Code Execution (957097)

Severity: High

CVE-2008-4037: SMB Credential Reflection Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol handles NTLM credentials when a user connects to an attackers SMB server. This vulnerability allows an attacker to replay the users credentials back to them and execute code in the context of the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

More to know

Check Point solutions can help you protect your Microsoft environment

Archives