Critical WMP, MS Office bugs on Patch Tuesday swat list

Friday, September 12, 2008 by Mzer0 , , , , , , , , , , , ,

WMP, Office, Windows bugs on Patch Tuesday swat listMicrosoft today announced plans to ship four security bulletins next Tuesday (September 9, 2008) to cover worm holes affecting Windows users.

All four bulletins in September’s Patch Tuesday will be rated “critical,” Microsoft’s highest severity rating. A “critical” rating is used to rate a vulnerability that can be exploited to allow the propagation of an Internet worm without any user action.

Here’s the skinny on what’s coming:
According to the company’s advance notice, the four bulletins will include patches for software flaws in Windows Media Player 11, the Windows Media Encoder, Microsoft Office and several components on the Windows operating system.

All the bulletins address “remote code execution” vulnerabilities:

Windows Media Player Bulletin (Impact: Remote Code Execution)

  • Windows Media Player 11 on Windows XP Service Pack 2 and Windows XP Service Pack 3
  • Windows Media Player 11 on Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
  • Windows Media Player 11 on Windows Vista and Windows Vista Service Pack 1
  • Windows Media Player 11 on Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
  • Windows Media Player 11 on Windows Server 2008 for 32-bit Systems (Windows Server 2008 Server Core installation not affected)
  • Windows Media Player 11 on Windows Server 2008 for x64-based Systems (Windows Server 2008 Server Core installation not affected)

Windows Bulletin (Impact: Remote Code Execution)

  • Microsoft Internet Explorer 6 on Microsoft Windows 2000 Service Pack 4
  • Microsoft .NET Framework 1.0 Service Pack 3 on Microsoft Windows 2000 Service Pack 4
  • Microsoft .NET Framework 1.1 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
  • Microsoft .NET Framework 2.0 on Microsoft Windows 2000 Service Pack 4
  • Microsoft .NET Framework 2.0 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
  • Windows XP Service Pack 2 and Windows XP Service Pack 3
  • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition and Windows 2003 Server x64 Edition Service Pack 2
  • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems
  • Windows Vista and Windows Vista Service Pack 1
  • Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
  • Windows Server 2008 for 32-bit Systems (Windows Server 2008 Server Core installation not affected)
  • Windows Server 2008 for x64-based Systems (Windows Server 2008 Server Core installation not affected)
  • Windows Server 2008 for Itanium-based Systems
  • Microsoft Office XP Service Pack 3
  • Microsoft Office 2003 Service Pack 2
  • 2007 Microsoft Office System
  • Microsoft Visio 2002 Service Pack 2
  • Microsoft Office PowerPoint Viewer 2003
  • Microsoft Works 8
  • Microsoft Digital image Suite 2006
  • QFE update for SQL 2000 Reporting Services Service Pack 2 when installed on Microsoft Windows 2000 Service Pack 4
  • GDR update for SQL Server 2005 Service Pack 2
  • QFE update for SQL Server 2005 Service Pack 2
  • GDR update for SQL Server 2005 x64 Edition Service Pack 2
  • QFE update for SQL Server 2005 x64 Edition Service Pack 2
  • GDR update for SQL Server 2005 for Itanium-based Systems Service Pack 2
  • QFE update for SQL Server 2005 for Itanium-based Systems Service Pack 2
  • Microsoft Visual Studio .NET 2002 Service Pack 1
  • Microsoft Visual Studio .NET 2003 Service Pack 1
  • Microsoft Visual Studio 2005 Service Pack 1
  • Microsoft Visual Studio 2008
  • Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package when installed on Microsoft Windows 2000 Service Pack 4
  • Microsoft Report Viewer 2008 Redistributable Package when installed on Microsoft Windows 2000 Service Pack 4
  • Microsoft Visual FoxPro 8.0 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4
  • Microsoft Visual FoxPro 9.0 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4
  • Microsoft Visual FoxPro 9.0 Service Pack 2 when installed on Microsoft Windows 2000 Service Pack 4
  • Microsoft Platform SDK Redistributable: GDI+
  • Microsoft Forefront Client Security 1.0 when installed on Microsoft Windows 2000 Service Pack 4

Windows Media Encoder Bulletin (Impact: Remote Code Execution)

  • Windows Media Encoder 9 Series on Microsoft Windows 2000 Service Pack 4
  • Windows Media Encoder 9 Series on Windows XP Service Pack 2 and Windows XP Service Pack 3
  • Windows Media Encoder 9 Series on Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
  • Windows Media Encoder 9 Series x64 Edition on Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
  • Windows Media Encoder 9 Series on Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
  • Windows Media Encoder 9 Series on Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
  • Windows Media Encoder 9 Series x64 Edition on Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
  • Windows Media Encoder 9 Series on Windows Vista and Windows Vista Service Pack 1
  • Windows Media Encoder 9 Series on Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
  • Windows Media Encoder 9 Series x64 Edition on Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
  • Windows Media Encoder 9 Series on Windows Server 2008 for 32-bit Systems (Windows Server 2008 Server Core installation not affected)
  • Windows Media Encoder 9 Series on Windows Server 2008 for x64-based Systems (Windows Server 2008 Server Core installation not affected)
  • Windows Media Encoder 9 Series x64 Edition on Windows Server 2008 for x64-based Systems (Windows Server 2008 Server Core installation not affected)

Office Bulletin (Impact: Remote Code Execution)

  • Microsoft Office XP Service Pack 3
  • Microsoft Office 2003 Service Pack 2
  • Microsoft Office 2003 Service Pack 3
  • 2007 Microsoft Office System
  • 2007 Microsoft Office System Service Pack 1
  • Microsoft Office OneNote 2007
  • Microsoft Office OneNote 2007 Service Pack 1
[Source: zdnet]

0 comments