by Russ Cooper

This month gives us numerous Microsoft Office patches (MS08-042, MS08-043, MS08-044 and MS08-051), including at least one (MS08-042) that addresses a vulnerability which has reportedly been used in another highly targeted attack.

We’ve also been given a patch (MS08-041) to address the Access Snapshot Viewer ActiveX control that is being actively targeted by criminals. Luckily, this control is rarely deployed so the actual number of victims is believed to be quite low.

Meanwhile, our concern is with the Cumulative Internet Explorer Update (MS08-045) and the IPsec Policy issue (MS08-047.) In the IE patch is a vulnerability involving memory allocation. This vulnerability cannot be mitigated by disabling Active Scripting, and also affects IE systems configured to run in the Enhanced Security mode. Details of how to exploit this vulnerability have not yet, however, been publicly disclosed so we can only hope that exploits do not arise before the patch can be installed.

As for the IPsec Policy issue, networks that use IPsec and believe they are encrypting their traffic may not in fact be encrypting. The problem is likely to be very rare at this point, given that a requirement is that the client system gets its IPsec policy information from a Windows Server 2008 system. Never-the-less, verifying that traffic you expect to be encrypted is actually encrypted is a good idea.

We have two patches (MS08-044 and MS08-046) pertaining to image format file parsing again. Even with numerous image vulnerabilities in the past we still do not see any exploits of this type, leading us to believe that the risk of attacks against these new ones is low.

Patches for Outlook Express and Windows Mail (MS08-048) normally don’t concern us very much because they’re rarely used in a corporate environment, but this one does cause some concern due to the fact that it involves MIME HTML (MHTML), which can be invoked via IE.

A vulnerability in COM+ Event System (MS08-049) and a Windows Messenger ActiveX control (MS08-050) round out the month’s offerings. Neither is terribly worrisome.

All in all, a busy month, but not really that much to worry about.

Tags: Microsoft Security Bulletins, Patching, risk, Vulnerabilities

This entry was posted on Thursday, August 14th, 2008 at 9:24 pm and is filed under Microsoft Patch Briefing. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.