Well it is still patch Tuesday in Redmond and Microsoft have been busy releasing four security fixes, one we've already covered as it seems to affect most anyone that has a DNS server implementation. The others are all Microsoft's fault.

Microsoft in their wisdom have deemed all this months security fixes as Important, therefore it basically means you better get them patches installed soon before someone figures out a clever way to exploit them.

MS08-037 we have already covered and is a DNS server issue, however MS08-038 is a nice remote code execution issue in Windows Explorer, it affects Windows Vista all versions and Windows 2008 server all versions. The issue relates to a specially crafted search file when used within Windows Explorer that can be used to execute code on a targeted system. It isn't easy to exploit as most of the usual injection methods for file based remote code execution do not work with this issue, the one way to enact an attack is using a specially crafted file included within a web site. The resulting code execution would be conducted under the rights of the user that was currently logged in during the attack.

MS08-039 is an issue that affects Microsoft Exchange 2003 and 2007, both are Cross Site Scripting issues within the Outlook Web Access component of Exchange. Both require a specially crafted email that would contain and run malicious scripting elements. The script would then run within the security context of the current OWA user session and could perform any actions that user could perform. These issues are described in CVE-2008-2248 and CVE-2008-2247. Both issues where reported to Microsoft by Michale Jordan of Context IS.

The final patch of the day is MS08-040, this is a patch for Microsoft SQL server all suppported versions and the Microsoft SQL Server Desktop Engine and Windows Internal Database. The patch fixesfour issues within the product which range from Information disclosure as detailed by CVE-2008-0085 and three buffer overruns that could be exploited to elevate privilege on vulnerable servers. The details of the overflow issues can be found in CVE-2008-0106, CVE-2008-0086 and CVE-2008-0107.

As per usual get these patches installed, ignore any rating by Microsoft and just install the fixes if you have any affected software installed. That way you'll never have a problem with the issues, although as three of today's issues affect Server components, remember install and test on pre-prod before putting to prod just incase Microsoft have messed up a patch again..

Add this page to your favorite Social Bookmarking websites