Added support for December 2008 Microsoft security updates

The information in this article applies to:

• GFI LANguard 9.0
• GFI LANguard Network Security Scanner 7
• GFI LANguard Network Security Scanner 8

Article ID: KBID003460

Query keywords: Patch Detection update, Security Updates

Support for the following Microsoft security updates have been released by GFI for GFI LANguard.
These updates will be automatically downloaded and added to your security vulnerability scanning database on your next restart of GFI LANguard.

New Security Updates Supported:

• MS08-077 - Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
• MS08-076 - Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
• MS08-075 - Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)
• MS08-074 - Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
• MS08-073 - Cumulative Security Update for Internet Explorer (958215)
• MS08-072 - Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
• MS08-071 - Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
• MS08-070 - Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)

More Information:

MS08-077
Severity Rating: Important
Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)

Description:

This security update resolves a privately reported vulnerability. The vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack leading to elevation of privilege could result in denial of service or information disclosure. This security update is rated Important for all supported editions of Microsoft Office SharePoint Server 2007 and Microsoft Search Server 2008.

Included Updates:

• Security Update for Microsoft Office SharePoint Server 2007 (KB956716), 64-bit Edition
• Security Update for Microsoft Office SharePoint Server 2007 (KB956716), 32-bit Edition

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-077.mspx

MS08-076
Severity Rating: Important
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)

Description:

This security update resolves two privately reported vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The most severe vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Important for Windows Media Player 6.4, Windows Media Format Runtime 7.1, Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, Windows Media Format Runtime 11, Windows Media Services 4.1, Windows Media Services 9 Series, and Windows Media Services 2008.

Included Updates:

• Security Update for Windows Server 2008 x64 Edition (KB952068)
• Security Update for Windows Server 2008 (KB952068)
• Security Update for Windows Server 2003 x64 Edition (KB952068)
• Security Update for Windows Server 2003 (KB952068)
• Security Update for Windows 2000 (KB952069)
• Security Update for Windows 2000 (KB952068)
• Security Update for Windows XP x64 Edition (KB954600)
• Security Update for Windows XP (KB954600)
• Security Update for Windows Server 2003 x64 Edition (KB954600)
• Security Update for Windows Server 2003 (KB954600)
• Security Update for Windows 2000 (KB954600)
• Security Update for Windows XP x64 Edition (KB952069)
• Security Update for Windows XP Service Pack 3 (KB952069)
• Security Update for Windows XP Service Pack 2 (KB952069)
• Security Update for Windows Server 2003 x64 Edition (KB952069)
• Security Update for Windows Server 2003 (KB952069)
• Security Update for Windows Media Runtime for x64-based Systems (KB952069)
• Security Update for 32-bit Windows Media Runtime for Windows XP x64 Edition (KB952069)
• Security Update for Windows Vista (KB952069)
• Security Update for Windows Vista for x64-based Systems (KB952069)
• Security Update for Windows Server 2008 (KB952069)
• Security Update for Windows Server 2008 x64 Edition (KB952069)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-076.mspx

MS08-075
Severity Rating: Critical
Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)

Description:

This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The most severe vulnerability is rated Critical for all supported editions of Windows Vista and Windows Server 2008.

Included Updates:

• Security Update for Windows Server 2008 (KB958623)
• Security Update for Windows Vista for x64-based Systems (KB958623)
• Security Update for Windows Vista (KB958623)
• Security Update for Windows Server 2008 x64 Edition (KB958623)
• Security Update for Windows Server 2008 for Itanium-based Systems (KB958623)
• Security Update for Windows Server 2008 x64 Edition (KB958624)
• Security Update for Windows Server 2008 (KB958624)
• Security Update for Windows Vista for x64-based Systems (KB958624)
• Security Update for Windows Vista (KB958624)
• Security Update for Windows Server 2008 for Itanium-based Systems (KB958624)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-075.mspx

MS08-074
Severity Rating: Critical
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)

Description:

This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported editions of Microsoft Office Excel 2000. For all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2007, Microsoft Office Compatibility Pack, Microsoft Office Excel Viewer, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac, this security update is rated Important.

Included Updates:

• Security Update for Microsoft Excel Viewer 2007 (KB958442)
• Security Update for Microsoft Excel Viewer 2003 (KB958434)
• Security Update for the 2007 Microsoft Office System (KB958439)
• Security Update for Microsoft Office Excel 2007 (KB958437)
• Security Update for Microsoft Office Excel 2003 (KB958436)
• Security Update for Microsoft Excel 2002 (KB958372)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx

MS08-073
Severity Rating: Critical
Cumulative Security Update for Internet Explorer (958215)

Description:

This security update resolves four privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on Microsoft Windows 2000; Internet Explorer 6 running on Windows XP; and Internet Explorer 7. For Internet Explorer 6 running on Windows Server 2003, this security update is rated Moderate.

Included Updates:

• Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB958215)
• Cumulative Security Update for Internet Explorer 7 in Windows Vista for x64-based Systems (KB958215)
• Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB958215)
• Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems (KB958215)
• Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB958215)
• Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB958215)
• Cumulative Security Update for Internet Explorer 7 for Windows XP (KB958215)
• Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB958215)
• Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 for Itanium-based Systems (KB958215)
• Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB958215)
• Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows XP x64 Edition (KB958215)
• Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows XP (KB958215)
• Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 for Itanium-based Systems (KB958215)
• Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 (KB958215)
• Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 x64 Edition (KB958215)
• Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB958215)
• Cumulative Security Update for Internet Explorer 6 for Windows XP x64 Edition (KB958215)
• Cumulative Security Update for Internet Explorer 6 for Windows XP (KB958215)
• Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 x64 Edition (KB958215)
• Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems (KB958215)
• Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 (KB958215)
• Cumulative Security Update for Internet Explorer 5.01 Service Pack 4 (KB958215)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-073.mspx

MS08-072
Severity Rating: Critical
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)

Description:

This security update resolves eight privately reported vulnerabilities in Microsoft Office Word and Microsoft Office Outlook that could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for supported editions of Microsoft Office Word 2000 and Microsoft Office Outlook 2007. For supported editions of Microsoft Office Word 2002, Microsoft Office Word 2003, Microsoft Office Word 2007, Microsoft Office Compatibility Pack, Microsoft Office Word Viewer 2003, Microsoft Works 8, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac, this security update is rated Important.

Included Updates:

• Security Update for Microsoft Word Viewer 2003 (KB956366)
• Security Update for the 2007 Microsoft Office System (KB956828)
• Security Update for Microsoft Office Word 2007 (KB956358)
• Security Update for Microsoft Office Word 2003 (KB956357)
• Security Update for Microsoft Word 2002 (KB956329)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-072.mspx

MS08-071
Severity Rating: Critical
Vulnerabilities in GDI Could Allow Remote Code Execution (956802)

Description:

This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

Included Updates:

• Security Update for Windows Vista for x64-based Systems (KB956802)
• Security Update for Windows Server 2008 x64 Edition (KB956802)
• Security Update for Windows Server 2008 (KB956802)
• Security Update for Windows XP x64 Edition (KB956802)
• Security Update for Windows XP (KB956802)
• Security Update for Windows Vista (KB956802)
• Security Update for Windows Server 2008 for Itanium-based Systems (KB956802)
• Security Update for Windows Server 2003 x64 Edition (KB956802)
• Security Update for Windows Server 2003 for Itanium-based Systems (KB956802)
• Security Update for Windows Server 2003 (KB956802)
• Security Update for Windows 2000 (KB956802)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-071.mspx

MS08-070
Severity Rating: Critical
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)

Description:

This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities could allow remote code execution if a user browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for supported components of the Microsoft Visual Basic 6.0 Runtime Extended Files; all supported editions of Microsoft Visual Studio .NET 2002, Microsoft Visual Studio .NET 2003, Microsoft Visual FoxPro 8.0, Microsoft Visual FoxPro 9.0, Microsoft Office Project 2003, Microsoft Office Project 2007; and the Chinese Simplified (China), Chinese Pan (Hong Kong), Chinese Traditional (Taiwan), and Korean versions of Microsoft Office FrontPage 2002.

Included Updates:

• Security Update for Microsoft Office Project 2007 (KB949046)
• Security Update for Microsoft Office Project 2003 (KB949045)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-070.mspx

Note

• The above patches may not be supported on all Operating System or product languages. A list of languages supported by GFI LANguard is found at: http://kbase.gfi.com/showarticle.asp?id=KBID002517
  
  
• A full list of bulletins supported by GFI LANguard Network Security Scanner can be found in the following page:
  http://www.gfi.com/lannetscan/msfullreport.htm