Added support for July 2008 Microsoft security updates

The information in this article applies to:

  • GFI LANguard 9.0
  • GFI LANguard Network Security Scanner 7
  • GFI LANguard Network Security Scanner 8

Article ID: KBID003355

Query keywords: Patch Detection update, Security Updates

Support for the following Microsoft security updates have been released by GFI for GFI LANguard.
These updates will be automatically downloaded and added to your security vulnerability scanning database on your next restart of GFI LANguard.


New Security Updates Supported:

  • MS08-040 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
  • MS08-039 - Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
  • MS08-038 - Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
  • MS08-037 - Vulnerabilities in DNS Could Allow Spoofing (953230)


More Information:

MS08-040
Severity Rating: Important
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)

Description:

This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. This security update is rated Important for supported releases of SQL Server 7.0, SQL Server 2000, SQL Server 2005, Microsoft Data Engine (MSDE) 1.0, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). The security update addresses the vulnerabilities by modifying the way that SQL Server manages page reuse, allocating more memory for the convert function, validating on-disk files before loading them, and validating insert statements.

Included Updates:

  • Security Update for Windows Server 2003 (KB948110)
  • Security Update for Windows Server 2003 and Windows Server 2008 (KB948109)
  • Security Update for SQL Server 2005 Service Pack 2 (KB948109)
  • Security Update for SQL Server 2005 Service Pack 2 (KB948108)
  • Security Update for SQL Server 2000 Service Pack 4 (KB948111)
  • Security Update for SQL Server 2000 Service Pack 4 (KB948110)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx


MS08-039
Severity Rating: Important
Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)

Description:

This security update resolves two privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server. An attacker who successfully exploited these vulnerabilities could gain access to an individual OWA client’s session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from within the individual client’s OWA session. This security update is rated Important for all supported editions of Microsoft Exchange Server 2003 and Microsoft Exchange Server 2007.

Included Updates:

  • Update Rollup 7 for Exchange Server 2007 (KB953469)
  • Update Rollup 3 for Exchange Server 2007 Service Pack 1 (KB949870)
  • Security Update for Exchange Server 2003 Service Pack 2 (KB950159) - Non-cluster
  • Security Update for Exchange Server 2003 Service Pack 2 (KB950159) - Cluster

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-039.mspx


MS08-038
Severity Rating: Important
Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)

Description:

This security update resolves a publicly reported vulnerability in Windows Explorer that could allow remote code execution when a specially crafted saved-search file is opened and saved. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Important for all supported editions of Windows Vista and Windows Server 2008.

Included Updates:

  • Security Update for Windows Server 2008 for Itanium-based Systems (KB950582)
  • Security Update for Windows Vista for x64-based System (KB950582)
  • Security Update for Windows Vista (KB950582)
  • Security Update for Windows Server 2008 x64 Edition (KB950582)
  • Security Update for Windows Server 2008 (KB950582)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-038.mspx


MS08-037
Severity Rating: Important
Vulnerabilities in DNS Could Allow Spoofing (953230)

Description:

This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems. This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008.

Included Updates:

  • Security Update for Windows Server 2003 x64 Edition (KB951748)
  • Security Update for Windows XP x64 Edition (KB951748)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB951748)
  • Security Update for Windows XP (KB951748)
  • Security Update for Windows Server 2003 (KB951748)
  • Security Update for Windows 2000 (KB951748)
  • Security Update for Windows 2000 (KB951746)
  • Security Update for Windows Server 2003 x64 Edition (KB951746)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB951746)
  • Security Update for Windows Server 2003 (KB951746)
  • Security Update for Windows Server 2008 x64 Edition (KB951746)
  • Security Update for Windows Server 2008 (KB951746)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx

Note