34 KBMicrosoft Security Bulletins
June 2008
Prior Updates:
2007
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2006
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2005
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2004
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)
June 2008
Microsoft Security Bulletin MS08-030
Vulnerability in Bluetooth Stack could allow Remote Code Execution (951376)
Severity: CriticalVulnerabilities:
- Bluetooth Vulnerability - CVE-2008-1453
A remote code execution vulnerability exists in the Microsoft Windows Bluetooth stack by not correctly handling a flood of service description requests. The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete date; or create new accounts.
Microsoft Security Bulletin MS08-031
Cumulative Security Update for Internet Explorer (950759)
Severity: CriticalVulnerabilities:
- HTML Objects Memory Corruption Vulnerability – CVE-2008-1442
A remote code execution vulnerability exists in the way Internet Explorer displays a Web page that contains certain unexpected method calls to HTML objects. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. - Response Header Cross-Domain Information Disclosure Vulnerability – CVE-2008-1544
An information disclosure vulnerability exists in the way Internet Explorer handles certain header responses. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow the attacker to read data from another Internet Explorer domain.
Microsoft Security Bulletin MS08-032
Cumulative Security Update of ActiveX Kill Bits (950760)
Severity: ImportantVulnerabilities:
- ActiveX Object Memory Corruption Vulnerability - CVE-2007-0675
A remote code execution vulnerability exists in the ActiveX Speech Components sapi.dll. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. The user must also have the Speech Recognition feature in Windows Vista enabled. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. This update includes kill bits that will prevent the following ActiveX controls from being run in Internet Explorer: Backweb has released a security bulletin and an update that addresses a vulnerability. Please see the security bulletin from Backweb for more information and download locations. This kill bit is being set at the request of the owner of the ActiveX control. Customers who require support for this control should contact Backweb. The class identifiers (CLSIDs) for this ActiveX control are:
Microsoft Security Bulletin MS08-033
Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (951698)
Severity: CriticalVulnerabilities:
- MJPEG Decoder Vulnerability - CVE-2008-1443
A remote code execution vulnerability exists in the way the Windows MJPEG Codec handles MJPEG streams in AVI or ASF files. A user would have to preview or play a malicious MJPEG file for the vulnerability to be exploited. - SAMI Format Parsing Vulnerability - CVE-2008-1444
A remote code execution vulnerability exists in the way Windows Media Player handles supported format files. This vulnerability could allow code execution if a user opened a specially crafted file.
Microsoft Security Bulletin MS08-034
Vulnerability in WINS could allow Remote Code Execution (948745)
Severity: CriticalVulnerabilities:
- Memory Overwrite Vulnerability - CVE-2008-1451
A remote code execution vulnerability exists in the WINS because it does not correctly validate the origin of specifically crafted network packets. The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete date; or create new accounts.
Microsoft Security Bulletin MS08-035
Vulnerability in Active Directory Could Allow Denial of Service (953235)
Severity: ImportantVulnerabilities:
- Active Directory Vulnerability - CVE-2008-1445
A denial of service vulnerability exists in implementations of Active Directory on Microsoft Windows 2000 and Windows Server 2003. The vulnerability also exists in implementations of Active Directory Application Mode (ADAM) when installed on Windows XP and Windows Server 2003. The vulnerability is due to improper validation of specially crafted LDAP requests. An attacker who successfully exploited this vulnerability could cause the computer to stop responding and automatically restart.
Microsoft Security Bulletin MS08-036
Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)
Severity: ImportantVulnerabilities:
- PGM Invalid Length Vulnerability - CVE-2008-1440
A denial of service vulnerability exists in implementations of the Pragmatic General Multicast (PGM) protocol on Microsoft Windows XP and Windows Server 2003. The vulnerability is due to improper validation of specially crafted PGM packets. An attacker who successfully exploited this vulnerability could cause the computer to become non-responsive and require a restart to restore functionality. - PGM Malformed Fragment Vulnerability - CVE-2008-1441
A denial of service vulnerability exists in implementations of the Pragmatic General Multicast (PGM) protocol on Microsoft Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The protocol’s parsing code does not properly validate specially crafted PGM fragments and will cause the affected system to become non-responsive until the attack has ceased.