|
December 18, 2008
Dear Know Technology Partners:
As a partner of Know Technology,
we want to alert you to a security
bulletin that Microsoft released yesterday. This new bulletin is
relevant to all users of Microsoft workstations or servers. Microsoft
has released a patch that is require for all workstations and servers.
It is important to note that application of this patch does require
a reboot.
Know Technology - KnowManager (Platinum, Gold and Silver) clients
are automatically having this issue addressed at no additional cost,
as part of their Managed Services plan. We encourage you to inquire
about these services, as they ultimately help our clients leverage
technology, and prevent downtime in the long run. We are working
with all other networking clients to arrange for this patch to be
applied on their respective networks. This issue has already been
addressed on Know Technology's hosting systems.
Please watch Know
Technology's News page for any updates.
Below are details
of this important security patch, as received from Microsoft.
Regards,
The Know Technology Staff
This alert
provides you with an overview of the new security bulletin
released (out of band) on Wednesday, December 17, 2008. Microsoft
released security update MS08-078 to address a new vulnerability
allowing remote code execution in Internet Explorer. MS08-078 has
a maximum severity rating of Critical for all versions of Internet
Explorer. This security update was released outside of the usual
monthly security bulletin release cycle in an effort to protect customers.
We request that
you take action immediately by first assessing and
preparing your own systems and networks and applying the security
update, then reaching out to your customers to assist them in securing
their systems and networks by applying the update.
For details, please
read the full bulletin for MS08-078 on the Microsoft
TechNet Security TechCenter. On Thursday, December 18 at 11am Pacific
Time, Microsoft is hosting a webcast to address questions about this
bulletin.
Sincerely,
The Microsoft US Partner Team
Summary
This security update resolves a publicly disclosed vulnerability
in Internet Explorer, and also addresses the vulnerability first
described in Microsoft
Security Advisory 961051. The vulnerability
could allow remote code execution if a user views a specially crafted
Web page using Internet Explorer. Users whose accounts are configured
to have fewer user rights on the system could be less impacted
than users who operate with administrative user rights. The security
update addresses the vulnerability by modifying the way Internet
Explorer validates data binding parameters and handles the error
resulting in the exploitable condition.
Recommendations
Microsoft recommends that partners immediately assess their own systems
and networks and apply this security update, then reach out to
their customers to assist them in securing their systems and networks
to help ensure that their computers are protected from attempted
criminal attacks.
NEW SECURITY BULLETIN TECHNICAL DETAILS
Identifier - MS08-078
Severity Rating
This security update is rated Critical for Internet Explorer 5.01,
Internet Explorer 6, Internet Explorer 6 SP1, and Internet Explorer
7.
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer
system requires this update
Affected Software
Internet Explorer 5.01 (Windows 2000), Internet Explorer 6 (Windows
2000), Internet Explorer 6 SP1 (Windows XP and Windows Server 2003),
and Internet Explorer 7 (Windows XP, Windows Server 2003, Windows
Vista, and Windows Server 2008). For information about Internet
Explorer 8 (Beta) please see the FAQ section of the bulletin.
Restart Requirement
The update will require a restart only if the required files are
being used. If this occurs, a message appears that advises you
to restart.
Removal Information
For Windows 2000, Windows XP, Windows Server 2003: Use Add or Remove
Programs tool in Control Panel or the Spuninst.exe utility
For Windows Vista and Windows Server 2008: WUSA.exe does not support
uninstall of updates. To uninstall an update installed by WUSA, click
Control Panel, and then click Security. Under Windows Update, click
View installed updates and select from the list of updates.
Bulletins Replaced by This Update
None.
Full Details:
http://www.microsoft.com/technet/security/bulletin/MS08-078.mspx
REGARDING INFORMATION CONSISTENCY
We recommend that Microsoft partners use the Microsoft TechNet Security
TechCenter as a key source of security information: http://technet.microsoft.com/security,
and that you sign up for comprehensive alerts at http://www.microsoft.com/technet/security/bulletin/notify.mspx.
We strive to provide you with accurate information in static (this
mail) and dynamic (Web-based) content. Microsoft's security
content posted to the Web is occasionally updated to reflect late-breaking
information. If this results in an inconsistency between the information
here and the information in Microsoft's Web-based security
content, the information in Microsoft's Web-based security
content is authoritative.
|
