Microsoft Patch Tuesday details

Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
Performing a large number of SDP requests could allow for code execution.

Cumulative Security Update for Internet Explorer (950759)
Vulnerabilities in MSIE allow code execution and cross domain information leaks.
Should be patched immediately as details on exploiting are publically available.
Replaces MS08-024.

Cumulative Security Update of ActiveX Kill Bits (950760)
A vulnerability in the Speech API could allows for remote execution in the context of the user viewing a specially crafted webpage. Speech recognition must be enabled.
Rated: Moderate
Replaces MS08-023.

Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
Input validation vulnerabilities may allow code execution via DirectX.
Rated: Critical
Replaces MS07-064.

Vulnerability in WINS Could Allow Elevation of Privilege (948745)
A privilege escalation vulnerability in WINS could allows an attacker to compromise a vulnerable system.
Rated: Important
Replaces MS04-045.

Vulnerability in Active Directory Could Allow Denial of Service (953235)
Input validation failure in the LDAP can lead to a Denial of Service.
Rated: Important
Replaces MS08-003.

Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)
Input validation vulnerabilities in PGM packets can be leveraged to cause a Denial of Service.


Replaces MS06-052.

Leave a Reply