phone 983-651-5611
Home > Microsoft Security > Microsoft Security Bulletin Ms08 072

Microsoft Security Bulletin Ms08 072

Impact of Workaround. Windows Vista and Windows Server 2008 systems will display a warning dialog before executing a program from outside of the intranet. This can trigger incompatibilities and increase the time it takes to deploy security updates. Will I be offered this update? have a peek here

Deployment Information Installing the Update When you install this security update, the installer checks whether one or more of the files that are being updated on your system have previously been This security update requires that Windows Installer 2.0 or later be installed on the system. For all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2007, Microsoft Office Compatibility Pack, Microsoft Office Excel Viewer, Microsoft The following mitigating factors may be helpful in your situation: In a Web-based attack scenario, an attacker could host a Web site that contains a specially crafted Windows Search (search-ms://) URL.

For more information about how to deploy this security update using Windows Server Update Services, visit the Windows Server Update Services Web site. It should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

As a result Microsoft Office Outlook 2007 has been rated critical. In the Value data box, type 1, and then click OK. What does the update do? The security update addresses the vulnerability by modifying the way that Windows Explorer interprets parameters when parsing the search-ms protocol. On the File menu, click Exit to exit Registry Editor.

For more information, see Microsoft Knowledge Base Article 910723. For more information about SCCM 2007 Software Update Management, visit System Center Configuration Manager 2007. Click OK to close the dialog box. The features of the Office Document Open Confirmation Tool are incorporated in Office XP and Office 2003.

For more information about the Office Inventory Tool and other scanning tools, see SMS 2003 Software Update Scanning Tools. To install MOICE, you must have the Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats. The vulnerabilities addressed by these updates do not affect supported editions of Windows Server 2008 if Windows Server 2008 was installed using the Server Core installation option, even though the files On the File menu, click Exit to exit Registry Editor.

File Version Verification Because there are several editions of Microsoft Windows, the following steps may be different on your system. Other releases are past their support life cycle. Scroll down to find the .printer extension and the corresponding path to msw3prt.dll. Click Start, and then click Search.

Click Web Service Extensions. navigate here In the list of files, right-click a file name from the appropriate file information table, and then click Properties.Note Depending on the version of the operating system or programs installed, some Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry. b.

For a complete list of service packs, see Lifecycle Supported Service Packs. The most severe vulnerability could allow remote code execution. Click Start, and then click Search. Click Web Service Extensions.

Note for Microsoft Office Excel 2007 and Microsoft Office Excel 2007 Service Pack 1 in MS08-074 ****For Microsoft Office Excel 2007 and Microsoft Office Excel 2007 Service Pack 1, in addition We have thoroughly tested this update, but as with all updates, we recommend that users perform testing appropriate to the environment and configuration of their systems. For more information about the extended security update support period for these software versions or editions, visit Microsoft Product Support Services.

Impact of Workaround: Office 2003 and earlier formatted documents that are converted to the 2007 Microsoft Office System Open XML format by MOICE will not retain macro functionality.

Revisions V1.0 (December 9, 2008): Bulletin summary published. If you have previously installed a hotfix to update one of these files, the installer copies the RTMQFE, SP1QFE, or SP2QFE files to your system. What causes the vulnerability? The vulnerability is caused by a heap-based buffer overrun when GDI+ improperly processes gradient sizes handled by the vector graphics link library. GDI+ VML Buffer Overrun Vulnerability - CVE-2007-5348 A remote code execution vulnerability exists in the way that GDI+ handles gradient sizes.

To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2008-4264. Customers who wish to manually check for the registered affected files can compare applications installed on their systems against those listed in Microsoft Knowledge Base Article 954593. When the file appears under Programs, right-click on the file name and click Properties. this contact form Are any additional security features included in this update?

However, best practices strongly discourage allowing this. Customers running all other supported and affected versions of Windows Media components who have already applied the original MS08-076 security update packages do not need to take any further action. Yes, if the version of the Office Suite installed on your system shipped with the component discussed in this bulletin, the system will be offered updates for it whether the component