4 Microsoft Security Bulletins for May 2008

Microsoft released four security updates for May, rating three of them as critical. Here's a brief description of each update; for more information, go to

http://www.microsoft.com/technet/security/bulletin/ms08-may.mspx

MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution

The attack vector for this vulnerability is a specially crafted Microsoft Word file. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletin MS08-009.

Applies to: Word 2007, 2003, XP, and 2000.

Recommendation: Microsoft rates this update as critical. Although the vulnerability has been privately reported to Microsoft and a public exploit is not presently believed to exist, the vulnerability exists in all editions of Word, making the development of an exploit by third parties highly likely. You should test and deploy this update as a part of your organization’s accelerated patch management strategy.

MS08-027: Vulnerability in Microsoft Publisher Could Allow Remote Code Execution

The attack vector for this vulnerability is a specially crafted Microsoft Publisher file. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletins MS08-012 and MS07-037.

Applies to: Publisher 2007, 2003, XP, and 2000.

Recommendation: Microsoft rates this update as critical. Although the vulnerability has been privately reported to Microsoft and a public exploit is not presently believed to exist, the vulnerability exists in all editions of Publisher. Because Publisher is less widely deployed than Word, this update, although critical, should be assigned a lower priority for testing and deployment than MS08-026. If your organization uses Publisher, you should test and deploy this update as a part of your organization’s patch management strategy.

MS08-028: Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution

The attack vector for this vulnerability is a specially crafted .mdb file or a Microsoft Office file that includes an embedded .mdb file. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletin MS04-014.

Applies to: Windows Server 2003 SP1 (not SP2), Windows XP SP2 (not SP3), and Windows 2000.

Recommendation: Microsoft rates this update as critical. In the event that you have not already deployed Windows Server 2003 SP2 or Windows XP SP3, you should test and deploy this update to affected systems as part of your organization’s accelerated patch management strategy.

MS08-029: Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service

The attack vector for this vulnerability is a specially crafted file which, when scanned by the malware protection engine, would result in a Denial of Service (DoS). This could cause the engine to stop and the computer to automatically restart.

Applies to: Windows Live OneCare, Antigen for Exchange, Antigen for SMTP Gateway, Windows Defender, Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, System Sweeper located in Diagnostics and Recovery Toolset 6.0.

Recommendation: Microsoft rates this update as moderate. Because this update is likely to affect Microsoft Exchange and SharePoint servers, you should test and deploy this update as a part of your organization’s regular patch management strategy.