Added support for September 2008 Microsoft security updates

The information in this article applies to:

  • GFI LANguard Network Security Scanner 7
  • GFI LANguard Network Security Scanner 8

Article ID: KBID003399

Query keywords: Patch Detection update, Security Updates

Support for the following Microsoft security updates have been released by GFI for GFI LANguard.
These updates will be automatically downloaded and added to your security vulnerability scanning database on your next restart of GFI LANguard.


New Security Updates Supported:

  • MS08-055 - Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)
  • MS08-054 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
  • MS08-053 - Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
  • MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)


More Information:

MS08-055
Severity Rating: Critical
Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)

Description:

This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Included Updates:

  • Security Update for Microsoft Office OneNote 2007 (KB950130)
  • Security Update for the 2007 Microsoft Office System (KB951944)
  • Security Update for Microsoft Office 2003 (KB953404)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-055.mspx


MS08-054
Severity Rating: Critical
Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)

Description:

This security update resolves a privately reported vulnerability in Windows Media Player that could allow remote code execution when a specially crafted audio file is streamed from a Windows Media server. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported and affected editions of Windows Media Player 11.

Included Updates:

  • Security Update for Windows XP x64 Edition (KB954154)
  • Security Update for Windows XP (KB954154)
  • Security Update for Windows Vista for x64-based Systems (KB954154)
  • Security Update for Windows Vista (KB954154)
  • Security Update for Windows Server 2008 (KB954154)
  • Security Update for Windows Server 2008 x64 Edition (KB954154)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-054.mspx


MS08-053
Severity Rating: Critical
Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)

Description:

This security update resolves a privately reported vulnerability in Windows Media Encoder 9 Series. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported and affected editions of Microsoft Windows 2000, Windows XP, and Windows Vista, and Moderate for supported and affected versions of Windows Server 2003 and Windows Server 2008.

Included Updates:

  • Security Update for Windows Media Encoder 9 Series for Windows 2000 (KB954156)
  • Security Update for Windows Media Encoder 9 Series for Windows XP x64 Edition (KB954156)
  • Security Update for Windows Media Encoder 9 Series for Windows XP (KB954156)
  • Security Update for Windows Media Encoder 9 Series for Windows Server 2003 x64 Edition (KB954156)
  • Security Update for Windows Media Encoder 9 Series for Windows Server 2003 (KB954156)
  • Security Update for 32-bit Windows Media Encoder 9 Series for Windows XP x64 Edition (KB954156)
  • Security Update for 32-bit Windows Media Encoder 9 Series for Windows Server 2003 x64 Edition (KB954156)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-053.mspx


MS08-052
Severity Rating: Critical
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)

Description:

This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008, Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4, Microsoft Digital Image Suite 2006, SQL Server 2000 Reporting Services Service Pack 2, all supported editions of SQL Server 2005, Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package, and Microsoft Report Viewer 2008 Redistributable Package. This security update is rated Important for all supported editions of Microsoft Office XP, Microsoft Office 2003, 2007 Microsoft Office System, Microsoft Visio 2002, Microsoft Office PowerPoint Viewer 2003, Microsoft Works 8, and Microsoft Forefront Client Security 1.0.

Included Updates:

  • Security Update for Microsoft .NET Framework 2.0 (KB947746)
  • Security Update for Microsoft Visual Studio 2005 Service Pack 1 (KB947738)
  • Security Update for Microsoft Visual Studio 2008 (KB952241)
  • Update for Microsoft Forefront Client Security (KB957177)
  • Security Update for Visio 2002 (KB954479)
  • Security Update for Microsoft Office PowerPoint Viewer 2003 (KB956500)
  • Security Update for the 2007 Microsoft Office System (KB954326)
  • Security Update for Microsoft Office XP (KB953405)
  • Security Update for Office 2003 (KB954478)
  • Security Update for Windows XP x64 Edition (KB938464)
  • Security Update for Windows XP (KB938464)
  • Security Update for Windows Server 2003 for x64 Edition (KB938464)
  • Security Update for Windows Server 2003 for Itanium-based Systems (KB938464)
  • Security Update for Windows Server 2003 (KB938464)
  • Security Update for Internet Explorer 6 for Windows 2000 (KB938464)
  • Security Update for Windows Server 2008 for Itanium-based Systems (KB938464)
  • Security Update for Windows Server 2008 x64-based Systems (KB938464)
  • Security Update for Windows Server 2008 (KB938464)
  • Security Update for Windows Vista (KB938464)
  • Security Update for Windows Vista x64-based Systems (KB938464)
  • Security Update for Microsoft .NET Framework 2.0 Service Pack 1 (KB947748)
  • Security Update for Microsoft .NET Framework 1.1 Service Pack 1 (KB947742)
  • Security Update for Microsoft .NET Framework 1.0 Service Pack 3 (KB947739)
  • Security Update for SQL Server 2005 Service Pack 2 (KB954607)
  • Security Update for SQL Server 2005 Service Pack 2 (KB954606)
  • Security Update for SQL Server Reporting Services 2000 Service Pack 2 (KB954609)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx

Note