Revision Note: November 12, 2008: Removed an incorrect reference that Windows Server 2008 Server Core installation is affected. Added an entry to Frequently Asked Questions to communicate that users with Windows Server 2008 Server Core installation will still be offered but do not need to install this update. Advisory Summary:Microsoft is releasing a new set of ActiveX kill bits with this advisory.
Read More…
Source: MSDN
The Hackers’ Nightmare is here!
Revision Note: October 29, 2008: Added Frequently Asked Questions entry to communicate the availability of an update for a control that was kill bitted. Advisory Summary:Microsoft is releasing a new set of ActiveX kill bits with this advisory.
Read More…
Source: MSDN
The Hackers’ Nightmare is here!
Severity Rating: Critical - Revision Note: V2.1 (October 15, 2008): Added reference to Microsoft Knowledge Base Article (KB957198) for SnapShot Viewer for Microsoft Access. Also, clarified that users who have successfully installed the update for Microsoft Office 2000 Service Pack 3, Office XP Service Pack 2, or Office 2003 Service Pack 2 or Office 2003 Service Pack 3 do not need to reinstall the update for the standalone Snapshot Viewer for Microsoft Access. Summary: This security update resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
Read More…
Source: MSDN
The Hackers’ Nightmare is here!
Severity Rating: Critical - Revision Note: V1.1 (October 15, 2008): Corrected a registry key verification entry for Windows 2003, and corrected File Information links.Summary: This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerabilities could allow information disclosure or remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read More…
Source: MSDN
The Hackers’ Nightmare is here!
Revision Note: Advisory Published.Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory.
Read More…
Source: MSDN
The Hackers’ Nightmare is here!
Severity Rating: Critical - Revision Note: V2.0 (October 14, 2008): Bulletin revised to include the update for Standalone Snapshot Viewer for Microsoft Access.Summary: This security update resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
Read More…
Source: MSDN
The Hackers’ Nightmare is here!
Severity Rating: Critical - Revision Note: Bulletin published.Summary: This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerabilities could allow information disclosure or remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read More…
Source: MSDN
The Hackers’ Nightmare is here!
Revision Note: Advisory Published. Advisory Summary:Microsoft is releasing a new set of ActiveX kill bits with this advisory.
Read More…
Source: MSDN
The Hackers’ Nightmare is here!
Severity Rating: Critical - Revision Note: V1.3 (April 16, 2008): Corrected the uninstall utility path for Internet Explorer 6 for Windows XP.Summary: This critical security update resolves three privately reported and one publicly reported vulnerabilities. The most serious of the vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read More…
Source: MSDN
The Hackers’ Nightmare is here!
Severity Rating: Critical - Revision Note: Corrected the Registry Key Verification for all supported x64-based editions of Windows Server 2003Summary: This critical security update resolves one privately reported vulnerability for a Microsoft product. This update also includes a kill bit for the Yahoo! Music Jukebox product. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read More…
Source: MSDN
The Hackers’ Nightmare is here!