Microsoft Security Bulletins

Bulletin Severity Rating:Important - This security update resolves two privately reported vulnerabilities in the Pragmatic General Multicast (PGM) protocol that could allow a denial of service if malformed PGM packets are received by an affected system. An attacker who successfully exploited this vulnerability could cause a user’s system to become non-responsive and to require a restart to restore functionality. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests.
More information

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008; Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003; and Active Directory Lightweight Directory Service (AD LDS) when installed on Windows Server 2008. The vulnerability could be exploited to allow an attacker to cause a denial of service condition. On Windows XP Professional, Windows Server 2003, and Windows Server 2008, an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could cause the system to stop responding or automatically restart.
More information

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS) that could allow elevation of privilege. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
More information

Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft DirectX that could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
More information

Bulletin Severity Rating:Moderate - This security update resolves a publicly reported vulnerability for the Microsoft Speech API. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer and has the Speech Recognition feature in Windows enabled. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes a kill bit for software produced by BackWeb.
More information

Bulletin Severity Rating:Critical - This security update resolves one privately reported and one publicly disclosed vulnerability. The privately reported vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The publicly disclosed vulnerability could allow information disclosure if a user viewed a specially crafted Web page using Internet Explorer.
More information

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in the Bluetooth stack in Windows that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
More information

Bulletin Severity Rating:Moderate - This security update resolves two privately reported vulnerabilities in the Microsoft Malware Protection Engine. An attacker could exploit either of the vulnerabilities by constructing a specially crafted file that could allow denial of service when received by the target computer system and scanned by the Microsoft Malware Protection Engine. An attacker who successfully exploited this vulnerability could cause the Microsoft Malware Protection Engine to stop responding and automatically restart.
More information

Bulletin Severity Rating:Critical - This security update resolves a security vulnerability in the Microsoft Jet Database Engine (Jet) in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
More information

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
More information

Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
More information

Bulletin Severity Rating:Important - This important security update resolves a privately reported vulnerability in the Windows kernel. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
More information

Bulletin Severity Rating:Critical - This critical security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
More information

Bulletin Severity Rating:Critical - This critical security update resolves one privately reported vulnerability for a Microsoft product. This update also includes a kill bit for the Yahoo! Music Jukebox product. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
More information

Bulletin Severity Rating:Critical - This critical security update resolves a privately reported vulnerability in the VBScript and JScript scripting engines in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
More information

Bulletin Severity Rating:Critical - This critical security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted EMF or WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
More information

Bulletin Severity Rating:Important - This important security update resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS clients and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations.
More information

Bulletin Severity Rating:Important - This security update resolves privately reported vulnerabilities in Microsoft Office Visio that could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
More information

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Project that could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
More information

Bulletin Severity Rating:Critical - This critical update resolves two privately reported vulnerabilities in Microsoft Office Web Components. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
More information

Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
More information

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Office Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane.
More information

Bulletin Severity Rating:Critical - This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
More information

Bulletin Severity Rating:Critical - This critical security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file with a malformed object inserted into the document. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
More information

Bulletin Severity Rating:Critical - This critical security update resolves two privately reported vulnerabilities in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
More information