Home > Microsoft Security > Microsoft Security Bulletin Ms08 041

Microsoft Security Bulletin Ms08 041

For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information. We appreciate your feedback. It could be used to collect useful information to try to further compromise the affected system or network. Restart Options /norestart Does not restart when installation has completed. /forcerestart Restarts the computer after installation and force other applications to close at shutdown without saving open files first. /warnrestart[:x] Presents http://juicecoms.com/microsoft-security/microsoft-security-bulletin-ms01-052.html

What does the update do? The update addresses the vulnerability by correcting the manner in which the Server service handles RPC requests. The release of this security update addresses the security issue in Microsoft Security Advisory 950627 identified with CVE 2008-1092. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted Web content on a If they are, see your product documentation to complete these steps.

See the section, Detection and Deployment Tools and Guidance, earlier in this bulletin for more information. Note We recommend backing up the registry before you edit it. During installation, creates %Windir%\CabBuild.log. Impact of workaround.

There is no charge for support that is associated with security updates. We appreciate your feedback. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. This vulnerability was first described in Microsoft Security Advisory 953635.

Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update has been applied. Specifically, customers with Microsoft Office could be at risk to e-mail or direct download attack scenarios. https://technet.microsoft.com/en-us/library/security/ms08-067.aspx Impact of Workaround.

In the list of files, right-click a file name from the appropriate file information table, and then click Properties.Note Depending on the edition of the operating system, or the programs that Using this switch may cause the installation to proceed more slowly. See the section, Detection and Deployment Tools and Guidance, earlier in this bulletin for more information. Inclusion in Future Service Packs There are no more service packs planned for this software.

If a restart is required at the end of Setup, a dialog box will be presented to the user with a timer warning that the computer will restart in 30 seconds. https://technet.microsoft.com/en-us/library/security/ms08-aug.aspx For more information, see Microsoft Knowledge Base Article 910723. What causes the vulnerability? The Microsoft Jet Database Engine (Jet) does not perform sufficient validation of a data structure. Additionally, you may not have the option to uninstall the update from the Add or Remove Programs tool in Control Panel.

Windows Server Update Services By using Windows Server Update Services (WSUS), administrators can deploy the latest critical updates and security updates for Windows 2000 operating systems and later, Office XP and navigate here Affected Software Microsoft Office. For more information, see the Affected Software and Download Locations section. If the file or version information is not present, use one of the other available methods to verify update installation. For more information about SUIT, visit the following Microsoft Web site.

To determine the support life cycle for your software release, visit Microsoft Support Lifecycle. Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! What causes the vulnerability?  An unchecked buffer in an object the Internet Information Services 5.1 URL parser uses to maintain statistics on hosted applications. http://juicecoms.com/microsoft-security/subscribe-to-microsoft-security-bulletin.html There is no charge for support that is associated with security updates.

Affected Software Microsoft Office. For more information, see the Affected Software and Download Locations section. Registry Key Verification You may also be able to verify the files that this security update has installed by reviewing the registry keys listed in the Reference Table in this section. For more information about Configuration Manager 2007 Software Update Management, visit System Center Configuration Manager 2007.

We recommend that you add only sites that you trust to the Trusted sites zone.

For more information about the Computer Browser service, see Microsoft Knowledge Base Article 188001. For more information about HotPatching, see Microsoft Knowledge Base Article 897341. Affected Software Microsoft Windows, Windows Messenger. For more information, see the Affected Software and Download Locations section. Security Update Deployment Affected Software For information about the specific security update for your affected software, click the appropriate link: Windows 2000 (all editions) Reference Table The following table contains the

See the section, Detection and Deployment Tools and Guidance, earlier in this bulletin for more information. Deployment Installing without user interventionofficeXP-kb955440-fullfile-enu /q:a Installing without restartingofficeXP-kb955440fullfile-enu /r:n Update log fileNot applicable Further informationFor detection and deployment, see the earlier section, Detection and Deployment Tools and Guidance.For features you Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. this contact form Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites.

The Microsoft TechNet Security Web site provides additional information about security in Microsoft products. For more information about the Windows Product Lifecycle, visit Microsoft Support Lifecycle. Specifies the path and name of the Setup.inf or .exe file. /r:n Never restarts the system after installation. /r:I Prompts the user to restart the system if a restart is required, Vulnerability Information Severity Ratings and Vulnerability Identifiers Vulnerability Severity Rating and Maximum Security Impact by Affected Software Affected SoftwareIIS Memory Request Vulnerability - CVE-2005-4360Aggregate Severity Rating Windows XP Professional Service Pack