A Penton Media Property
May 14, 2008
If you want to view this on the web go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-7608-803-202-62923-749051-0-0-0-1-2-207
----------------------------------------
ADVERTISEMENT
Alert Logic
Guide to Log Management: Comparing On-Premise and On-Demand Solutions
In the last five years both governmental and industry specific
regulations have included log management as a required control within an
infrastructure. This white paper examines and compares two methods to
log management. Choosing a solution for something as complex and
critical as log management is difficult and requires careful
consideration. Read this paper today!
http://ct.email.windowsitpro.com/rd/cts?d=33-7608-803-202-62923-749052-0-0-0-1-2-207
----------------------------------------
ALERT
--Security UPDATE Alert: 4 Microsoft Security Bulletins for May 2008
by Orin Thomas, MVP Windows Security
Microsoft released four security updates for May, rating three of them
as critical. Here's a brief description of each update; for more
information, go to
www.microsoft.com/technet/security/bulletin/ms08-may.mspx
(http://ct.email.windowsitpro.com/rd/cts?d=33-7608-803-202-62923-749053-0-0-0-1-2-207)
MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code
Execution
The attack vector for this vulnerability is a specially crafted
Microsoft Word file. The most severe consequence from an attack
leveraging this vulnerability is an attacker gaining complete control
over the affected computer. This bulletin replaces previous bulletin
MS08-009.
Applies to: Word 2007, 2003, XP, and 2000.
Recommendation: Microsoft rates this update as critical. Although the
vulnerability has been privately reported to Microsoft and a public
exploit is not presently believed to exist, the vulnerability exists in
all editions of Word, making the development of an exploit by third
parties highly likely. You should test and deploy this update as a part
of your organization's accelerated patch management strategy.
MS08-027: Vulnerability in Microsoft Publisher Could Allow Remote Code
Execution
The attack vector for this vulnerability is a specially crafted
Microsoft Publisher file. The most severe consequence from an attack
leveraging this vulnerability is an attacker gaining complete control
over the affected computer. This bulletin replaces previous bulletins
MS08-012 and MS07-037.
Applies to: Publisher 2007, 2003, XP, and 2000.
Recommendation: Microsoft rates this update as critical. Although the
vulnerability has been privately reported to Microsoft and a public
exploit is not presently believed to exist, the vulnerability exists in
all editions of Publisher. Because Publisher is less widely deployed
than Word, this update, although critical, should be assigned a lower
priority for testing and deployment than MS08-026. If your organization
uses Publisher, you should test and deploy this update as a part of your
organization's patch management strategy.
MS08-028: Vulnerability in Microsoft Jet Database Engine Could Allow
Remote Code Execution
The attack vector for this vulnerability is a specially crafted .mdb
file or a Microsoft Office file that includes an embedded .mdb file. The
most severe consequence from an attack leveraging this vulnerability is
an attacker gaining complete control over the affected computer. This
bulletin replaces previous bulletin MS04-014.
Applies to: Windows Server 2003 SP1 (not SP2), Windows XP SP2 (not SP3),
and Windows 2000.
Recommendation: Microsoft rates this update as critical. In the event
that you have not already deployed Windows Server 2003 SP2 or Windows XP
SP3, you should test and deploy this update to affected systems as part
of your organization's accelerated patch management strategy.
MS08-029: Vulnerabilities in Microsoft Malware Protection Engine Could
Allow Denial of Service
The attack vector for this vulnerability is a specially crafted file
which, when scanned by the malware protection engine, would result in a
Denial of Service (DoS). This could cause the engine to stop and the
computer to automatically restart.
Applies to: Windows Live OneCare, Antigen for Exchange, Antigen for SMTP
Gateway, Windows Defender, Forefront Client Security, Forefront Security
for Exchange Server, Forefront Security for SharePoint, System Sweeper
located in Diagnostics and Recovery Toolset 6.0.
Recommendation: Microsoft rates this update as moderate. Because this
update is likely to affect Microsoft Exchange and SharePoint servers,
you should test and deploy this update as a part of your organization's
regular patch management strategy.
CONTACT US
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://ct.email.windowsitpro.com/rd/cts?d=33-7608-803-202-62923-749054-0-0-0-1-2-207
http://ct.email.windowsitpro.com/rd/cts?d=33-7608-803-202-62923-749055-0-0-0-1-2-207
You are subscribed to this newsletter as boy.blogger@gmail.com
Manage your Security UPDATE subscription at
http://ct.email.windowsitpro.com/rd/cts?d=33-7608-803-202-62923-749056-0-0-0-1-2-207.
Be sure to add Security_UPDATE@email.windowsitpro.com
to your spam filter's list of allowed senders.
To contact us:
About Security UPDATE content -- mailto:letters@windowsitpro.com
About technical questions -- http://ct.email.windowsitpro.com/rd/cts?d=33-7608-803-202-62923-749058-0-0-0-1-2-207
About your product news -- mailto:products@windowsitpro.com
About your subscription -- mailto:windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- mailto:salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://ct.email.windowsitpro.com/rd/cts?d=33-7608-803-202-62923-749059-0-0-0-1-2-207
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2008, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment