Added support for August 2008 Microsoft security updates

The information in this article applies to:

• GFI LANguard Network Security Scanner 7
• GFI LANguard Network Security Scanner 8

Article ID: KBID003368

Query keywords: Patch Detection update, Security Updates

Support for the following Microsoft security updates have been released by GFI for GFI LANguard Network Security Scanner.
These updates will be automatically downloaded and added to your security vulnerability scanning database on your next restart of GFI LANguard Network Security Scanner.

New Security Updates Supported:

• MS08-051 - Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)
• MS08-050 - Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)
• MS08-049 - Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
• MS08-048 - Security Update for Outlook Express and Windows Mail (951066)
• MS08-047 - Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)
• MS08-046 - Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)
• MS08-045 - Cumulative Security Update for Internet Explorer (953838)
• MS08-044 - Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)
• MS08-043 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
• MS08-042 - Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)
• MS08-041 - Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)

More Information:

MS08-051
Severity Rating: Critical
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)

Description:

This security update resolves three privately reported vulnerabilities in Microsoft Office PowerPoint and Microsoft Office PowerPoint Viewer that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for supported editions of Microsoft Office PowerPoint 2000 and rated Important for supported editions of Microsoft Office PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft Office PowerPoint 2007, Microsoft Office PowerPoint Viewer 2003, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac.

Included Updates:

• Security Update for Microsoft Office PowerPoint Viewer 2003 (KB949041)
• Security Update for 2007 Microsoft Office System (KB954038)
• Security Update for Microsoft Office PowerPoint 2007 (KB951338)
• Security Update for Microsoft Office PowerPoint 2003 (KB948988)
• Security Update for Microsoft PowerPoint 2002 (KB948995)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-051.mspx

MS08-050
Severity Rating: Important
Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)

Description:

This security update resolves a publicly reported vulnerability in supported versions of Windows Messenger. As a result of this vulnerability, scripting of an ActiveX control could allow information disclosure in the context of the logged-on user. An attacker could change state, get contact information, and initiate audio and video chat sessions without the knowledge of the logged-on user. An attacker could also capture the user’s logon ID and remotely log on to the user’s Messenger client impersonating that user. This security update is rated Important for all supported editions of Microsoft Windows 2000 and Windows XP, and Moderate for all supported versions of Windows Server 2003.

Included Updates:

• Security Update for Windows XP x64 Edition (KB946648)
• Security Update for Windows XP (KB946648)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-050.mspx

MS08-049
Severity Rating: Important
Vulnerabilities in Event System Could Allow Remote Code Execution (950974)

Description:

This update resolves two privately reported vulnerabilities in Microsoft Windows Event System that could allow remote code execution. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. This security update is rated Important for all supported editions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

Included Updates:

• Security Update for Windows XP x64 Edition (KB950974)
• Security Update for Windows XP (KB950974)
• Security Update for Windows Server 2003 x64 Edition (KB950974)
• Security Update for Windows Server 2003 for Itanium-based Systems (KB950974)
• Security Update for Windows Server 2003 (KB950974)
• Security Update for Windows 2000 (KB950974)
• Security Update for Windows Vista for x64-based Systems (KB950974)
• Security Update for Windows Vista (KB950974)
• Security Update for Windows Server 2008 x64 Edition (KB950974)
• Security Update for Windows Server 2008 (KB950974)
• Security Update for Windows Server 2008 for Itanium-based Systems (KB950974)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-049.mspx

MS08-048
Severity Rating: Important
Security Update for Outlook Express and Windows Mail (951066)

Description:

This security update resolves a privately reported vulnerability in Outlook Express and Windows Mail. The vulnerability could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Important for supported editions of Windows XP and Windows Vista and rated Low for supported editions of Windows Server 2003 and Windows Server 2008.

Included Updates:

• Security Update for Outlook Express for Windows XP x64 Edition (KB951066)
• Security Update for Outlook Express for Windows XP (KB951066)
• Security Update for Outlook Express for Windows Server 2003 x64 Edition (KB951066)
• Security Update for Outlook Express for Windows Server 2003 for Itanium-based Systems (KB951066)
• Security Update for Outlook Express for Windows Server 2003 (KB951066)
• Security Update for Outlook Express 6 Service Pack 1 (KB951066)
• Security Update for Outlook Express 5.5 Service Pack 2 (KB951066)
• Security Update for Windows Mail for Windows Vista (KB951066)
• Security Update for Windows Mail for Windows Vista for x64-based Systems (KB951066)
• Security Update for Windows Mail for Windows Server 2008 for Itanium-based Systems (KB951066)
• Security Update for Windows Mail for Windows Server 2008 (KB951066)
• Security Update for Windows Mail for Windows Server 2008 x64 Edition (KB951066)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-048.mspx

MS08-047
Severity Rating: Important
Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)

Description:

This update resolves a privately reported vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended to be encrypted on the network. An attacker viewing the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly. It could be used to collect useful information to try to further compromise the affected system or network. This update is rated Important for all supported versions of Windows Vista and Windows Server 2008.

Included Updates:

• Security Update for Windows Server 2008 x64 Edition (KB953733)
• Security Update for Windows Vista for x64-based Systems (KB953733)
• Security Update for Windows Server 2008 for Itanium-based Systems (KB953733)
• Security Update for Windows Vista (KB953733)
• Security Update for Windows Server 2008 (KB953733)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-047.mspx

MS08-046
Severity Rating: Critical
Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)

Description:

This update resolves a privately reported vulnerability in the Microsoft Image Color Management (ICM) system that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update is rated Critical for all supported versions of Microsoft Windows 2000, Windows XP and Windows Server 2003.

Included Updates:

• Security Update for Windows XP x64 Edition (KB952954)
• Security Update for Windows 2000 (KB952954)
• Security Update for Windows XP (KB952954)
• Security Update for Windows Server 2003 x64 Edition (KB952954)
• Security Update for Windows Server 2003 for Itanium-based Systems (KB952954)
• Security Update for Windows Server 2003 (KB952954)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-046.mspx

MS08-045
Severity Rating: Critical
Cumulative Security Update for Internet Explorer (953838)

Description:

This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. All of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported releases of Internet Explorer.

Included Updates:

• Cumulative Security Update for Internet Explorer 8 Beta 1 Dynamic Installer for Windows Vista for x64-based Systems (KB953838)
• Cumulative Security Update for Internet Explorer 8 Beta 1 Dynamic Installer for Windows Vista (KB953838)
• Cumulative Security Update for Internet Explorer 8 Beta 1 for Windows XP x64 Edition (KB953838)
• Cumulative Security Update for Internet Explorer 8 Beta 1 for Windows XP (KB953838)
• Cumulative Security Update for Internet Explorer 8 Beta 1 for Windows Server 2003 x64 Edition (KB953838)
• Cumulative Security Update for Internet Explorer 8 Beta 1 for Windows Server 2003 (KB953838)
• Cumulative Security Update for Internet Explorer 8 Beta 1 Dynamic Installer for Windows XP x64 Edition (KB953838)
• Cumulative Security Update for Internet Explorer 8 Beta 1 Dynamic Installer for Windows XP (KB953838)
• Cumulative Security Update for Internet Explorer 8 Beta 1 Dynamic Installer for Windows Server 2003 x64 Edition (KB953838)
• Cumulative Security Update for Internet Explorer 8 Beta 1 Dynamic Installer for Windows Server 2003 (KB953838)
• Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB953838)
• Cumulative Security Update for Internet Explorer 7 for Windows XP (KB953838)
• Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB953838)
• Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 for Itanium-based Systems (KB953838)
• Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB953838)
• Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows XP x64 Edition (KB953838)
• Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows XP (KB953838)
• Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 x64 Edition (KB953838)
• Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 for Itanium-based Systems (KB953838)
• Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 (KB953838)
• Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB953838)
• Cumulative Security Update for Internet Explorer 6 for Windows XP x64 Edition (KB953838)
• Cumulative Security Update for Internet Explorer 6 for Windows XP (KB953838)
• Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 x64 Edition (KB953838)
• Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems (KB953838)
• Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 (KB953838)
• Cumulative Security Update for Internet Explorer 5.01 Service Pack 4 (KB953838)
• Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB953838)
• Cumulative Security Update for Internet Explorer 8 Beta 1 for Windows Vista (KB953838)
• Cumulative Security Update for Internet Explorer 8 Beta 1 for Windows Server 2008 (KB953838)
• Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB953838)
• Cumulative Security Update for Internet Explorer 8 Beta 1 for Windows Vista for x64-based Systems (KB953838)
• Cumulative Security Update for Internet Explorer 8 Beta 1 Dynamic Installer for Windows Server 2008 x64 Edition (KB953838)
• Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems (KB953838)
• Cumulative Security Update for Internet Explorer 8 Beta 1 Dynamic Installer for Windows Server 2008 (KB953838)
• Cumulative Security Update for Internet Explorer 7 in Windows Vista for x64-based Systems (KB953838)
• Cumulative Security Update for Internet Explorer 8 Beta 1 for Windows Server 2008 x64 Edition (KB953838)
• Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB953838)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-045.mspx

MS08-044
Severity Rating: Critical
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)

Description:

This security update resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for supported editions of Microsoft Office 2000, and Important for supported editions of Microsoft Office XP, Microsoft Office 2003 Service Pack 2, Microsoft Project 2002 Service Pack 1, Microsoft Office Converter Pack, and Microsoft Works 8.

Included Updates:

• Security Update for Microsoft Office File Converter Pack 2003 (KB925256)
• Security Update for Microsoft Office 2003 (KB921598)
• Security Update for Microsoft Office XP (KB921596)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx

MS08-043
Severity Rating: Critical
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)

Description:

This security update resolves four privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Microsoft Office Excel 2000 Service Pack 3 and rated Important for Excel 2002 Service Pack 3, Excel 2003 Service Pack 2, Excel 2003 Service Pack 3, Excel Viewer 2003, Excel Viewer 2003 Service Pack 3, Excel 2007, Excel 2007 Service Pack 1, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1, Microsoft Office Excel Viewer, and Microsoft Office SharePoint Server 2007.

Included Updates:

• Security Update for Microsoft Excel Viewer (KB955472)
• Security Update for Microsoft Office Excel Viewer 2003 (KB951589)
• Security Update for Microsoft Office SharePoint Server 2007 (KB953397) x64
• Security Update for Microsoft Office SharePoint Server 2007 (KB953397)
• Security Update for 2007 Microsoft Office System (KB951596)
• Security Update for Microsoft Office Excel 2007 (KB951546)
• Security Update for Microsoft Office Excel 2003 (KB951548)
• Security Update for Microsoft Excel 2002 (KB951551)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-043.mspx

MS08-042
Severity Rating: Important
Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)

Description:

This security update resolves a publicly reported vulnerability in Microsoft Word. This vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Important for supported editions of Microsoft Word 2002 and Microsoft Word 2003.

Included Updates:

• Security Update for Microsoft Office Word 2003 (KB954464)
• Security Update for Microsoft Word 2002 (KB954463)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-042.mspx

MS08-041
Severity Rating: Critical
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)

Description:

This security update resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. This security update is rated Critical for the Snapshot Viewer for Microsoft Access and for supported versions of Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003. The security update addresses the vulnerability by correcting an error in the Microsoft Access Snapshot Viewer control.

Included Updates:

• Security Update for Access Snapshot Viewer 2003 (KB955439)
• Security Update for Access Snapshot Viewer 2002 (KB955440)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-041.mspx

Note

• The above patches may not be supported on all Operating System or product languages. A list of languages supported by GFI LANguard Network Security Scanner 7 is found at: http://kbase.gfi.com/showarticle.asp?id=KBID002517
  
  
• A list of bulletins supported by GFI LANguard Network Security Scanner can be found in the following page:
  http://gfi.com/lannetscan/msfullreport.htm