Home > Microsoft Security > Microsoft Security Bulletin Ms08-28

Microsoft Security Bulletin Ms08-28

In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. When this security bulletin was issued, had this vulnerability been publicly disclosed? Yes. Microsoft had not received information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this The following table provides the MBSA detection summary for this security update. this contact form

Vulnerability Information Severity Ratings and Vulnerability Identifiers Vulnerability Severity Rating and Maximum Security Impact by Affected Software Affected SoftwareFile Format Parsing Vulnerability - CVE-2008-4265File Format Parsing Vulnerability - CVE-2008-4264Excel Global Array Restart Requirement Restart required?In some cases, this update does not require a restart. File Format Parsing Vulnerability - CVE-2008-4264 A remote code execution vulnerability exists in Microsoft Office Excel as a result of pointer corruption when loading Excel formulas. File Version Verification Because there are several versions and editions of Microsoft Office, the following steps may be different on your system. https://technet.microsoft.com/en-us/library/security/ms08-028.aspx

For a complete list of service packs, see Lifecycle Supported Service Packs. No user interaction is required, but installation status is displayed. What does the update do?  The update removes the vulnerability by modifying the way Office manages memory allocations when opening Office documents with object information inserted in the documents.

Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality: Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX For more information on the support lifecycle policy, see Microsoft Support Lifecycle. Deployment Information Installing the Update You can install the update from the appropriate download link in the Affected and Non-Affected Software section. For backward compatibility, the security update also supports the setup switches that the earlier version of the Setup program uses.

For more information about MBSA, visit Microsoft Baseline Security Analyzer. If the file or version information is not present, use one of the other available methods to verify update installation. This security bulletin addresses the privately disclosed vulnerability as well as additional issues discovered through internal investigations. https://technet.microsoft.com/en-us/library/security/ms08-001.aspx However, users will still be offered this update because the updated files for Microsoft Office 2003 Service Pack 3 are newer (with higher version numbers) than the files that were delivered

Note If you have used an Administrative Installation Point (AIP) for deploying Office 2000, Office XP or Office 2003, you may not be able to deploy the update using SMS if you For all supported 32-bit editions of Windows Server 2003: File NameVersionDateTimeSizeFolder tcpip.sys5.2.3790.303629-Oct-200722:31333,312SP1GDR tcpip.sys5.2.3790.303630-Oct-200700:42387,072SP1QFE tcpip.sys5.2.3790.417930-Oct-200705:14383,488SP2GDR tcpip.sys5.2.3790.417930-Oct-200705:17384,000SP2QFE For all supported Itanium-based editions of Windows Server 2003: File NameVersionDateTimeSizeCPUFolder tcpip.sys5.2.3790.303630-Oct-200722:101,116,160IA-64SP1GDR tcpip.sys5.2.3790.303630-Oct-200722:121,286,656IA-64SP1QFE tcpip.sys5.2.3790.417930-Oct-200722:331,286,656IA-64SP1GDR tcpip.sys5.2.3790.417930-Oct-200722:101,288,192IA-64SP2QFE For In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose.

An attacker would have no way to force users to visit a specially crafted Web site. SoftwareMBSA 2.0.1 Microsoft Windows 2000 Service Pack 4Yes Windows XP Service Pack 2Yes Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2Yes Windows Server 2003 Service The vulnerability cannot be exploited automatically through e-mail. Systems Management Server The following table provides the SMS detection and deployment summary for this security update.

If a restart is required at the end of Setup, a dialog box will be presented to the user with a timer warning that the computer will restart in 30 seconds. http://homecomputermarket.com/microsoft-security/microsoft-security-bulletin-ms00-086.html Microsoft Windows 2000 is not affected by this vulnerability. If you had used this method and now desire to undo this workaround, use the following registry file: Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}]
@="MsxmlIsland"
[HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
78,00,6d,00,6c,00,33,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}\TypeLib]

For backward compatibility, the security update also supports many of the setup switches that the earlier version of the Setup program uses. To install the 2.0 or later version of Windows Installer, visit one of the following Microsoft Web sites: Windows Installer 4.5 Redistributable for Windows Server 2008, Windows Vista, Windows Server 2003, Verifying That the Update Has Been Applied Microsoft Baseline Security Analyzer To verify that a security update has been applied to an affected system, you may be able to use the http://homecomputermarket.com/microsoft-security/microsoft-security-bulletin-ms04-012.html This can also include Web sites that accept user-provided content or advertisements, Web sites that host user-provided content or advertisements, and compromised Web sites.

Removing the Update After you install the update, you cannot remove it. Prompting before running ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. Security updates may not contain all variations of these files.

In the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.

For more information on this issue, please see Microsoft Knowledge Base Article 830335. Note You must restart the system for your changes to take effect. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed formula. This security update addresses the vulnerability that is currently being exploited.

HotpatchingNot applicable Removal Information Use Add or Remove Programs tool in Control Panel.Note When you remove this update, you may be prompted to insert the Microsoft Office 2003 CD in the This sets the security level for all Web sites you visit to High. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008; see Compare Server Core Installation Options. http://homecomputermarket.com/microsoft-security/microsoft-security-bulletin-ms02-045.html Impact of workaround: Router Discovery will be disabled.

Click OK two times to return to Internet Explorer. For a complete list of service packs, see Lifecycle Supported Service Packs. Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. If this behavior occurs, a message appears that advises you to restart.To help reduce the chance that a restart will be required, stop all affected services and close all applications that

Inclusion in Future Service Packs There are no more service packs planned for this software. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.Note Depending on the version of the operating system or programs installed, some If you have previously installed a hotfix to update one of these files, the installer copies the RTMQFE, SP1QFE, or SP2QFE files to your system. These files are located at the path that is specified in the switch. /extract[:path] Extracts files without starting the Setup program. /ER Enables extended error reporting. /verbose Enables verbose logging.

Removing the Update After you install the update, you cannot remove it. Recently, proof of concept code was published that demonstrates methods to bypass DEP. This is the same as unattended mode, but no status or error messages are displayed. An attacker would have no way to force users to visit a specially crafted Web site.

Workarounds for Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability - CVE-2007-0069 Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack What systems are primarily at risk from the vulnerability?  This vulnerability requires that a user is logged on and visits a Web site for any malicious action to occur. Windows XP (all editions) Reference Table The following table contains the security update information for this software.