Hello and welcome to this month's blog on the Microsoft patch releases. This is one of the largest releases with 11 bulletins covering 26 vulnerabilities. Seventeen of the vulnerabilities are client-side issues rated "critical;" the remaining nine are rated "important." The client-side issues affect multiple applications, including Microsoft Color Management System, Internet Explorer, Office, PowerPoint, and Excel, but most notably is the vulnerability affecting the Snapshot Viewer for Microsoft Access. This is a previously known public issue (BID 30114) that has already seen exploit attempts in the wild. The remaining issues affect Word, Windows Event System, PowerPoint, Outlook Express and Windows Mail, Messenger, as well as Windows IPSec policies.

As always, customers are advised to follow security best practices, including:

- Avoid sites of questionable or unknown integrity

- Do not open files from unknown or questionable sources

- Run all client software with the least privileges required while still maintaining functionality

Microsoft's summary of the August releases can be found here:

www.microsoft.com/technet/security/bulletin/ms08-aug.mspx

Some of the more notable vulnerabilities this month are:

1. MS08-041 Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)

CVE-2008-2463 (BID 30114) Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download Vulnerability (MS Rating: Critical / Symantec Urgency Rating 8.9/10)

This is a previously documented vulnerability in the Snapshot Viewer ActiveX control that allows an attacker to download a file to an arbitrary location on the victim's computer. An attacker must trick a victim into visiting a Web page containing malicious content to exploit this issue. If the victim does not currently have the ActiveX control installed, and the victim uses Internet Explorer 6, the attacker can install the control without any further user interaction. A successful attack will result in the execution of arbitrary code in the context of the currently logged-in user.

Affects: Snapshot Viewer for Microsoft Access, Microsoft Office Access 2000 SP3, Microsoft Office Access 2002 SP3, and Microsoft Office Access 2003 SP2 and SP3

2. MS08-046 Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)

CVE-2008-2245 (BID 30594) Microsoft Color Management System Pathname Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote-code execution vulnerability affects Microsoft Color Management System (MSCMS) when handling a malformed image file. An attacker only needs trick a victim into viewing a Web page or email that contains a malicious picture file to exploit this issue, no further user-interaction is required. A successful attack will result in the execution of arbitrary code in the context of the currently logged-in user.

Affects: Microsoft Windows 2000 SP4, Windows XP SP2 & SP3, Windows XP Professional x64 Edition, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP1 and SP2, Windows Server 2003 x64 Edition, Windows Server 2003 x64 Edition SP2, and Windows Server 2003 with SP1 or SP2 for Itanium-based Systems

3. MS08-044 Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)

CVE-2008-3019 (BID 30595) Microsoft Malformed EPS Filter Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A client-side remote code-execution vulnerability affects Microsoft Office filters when handling malformed graphics images. By tricking a victim into opening a specially crafted Encapsulated PostScript (EPS) file, an attacker can execute arbitrary code in the context of the currently logged-in user.

Affects: Microsoft Office 2000 SP3, Microsoft Office XP SP3, Microsoft Office 2003 SP2, Microsoft Office Converter Pack, and Microsoft Works 8

CVE-2008-3018 (BID 30597) Microsoft Malformed PICT Filter Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A client-side remote code-execution vulnerability affects Microsoft Office when handling specially malformed PICT files. PICT files are normally associated with Apple Quicktime, but if opened with Microsoft Office, arbitrary code-execution can occur. An attacker must trick a victim into opening a malicious file to exploit this issue.

Affects: Microsoft Office 2000 SP3, Microsoft Office XP SP3, Microsoft Office 2003 SP2, Microsoft Office Converter Pack, and Microsoft Works 8

CVE-2008-3021 (BID 30598) Microsoft PICT Filter Parsing Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A client-side remote code-execution vulnerability affects Microsoft Office when handling specially malformed PICT files. PICT files are normally associated with Apple Quicktime, but if opened with Microsoft Office, arbitrary code-execution can occur. An attacker must trick a victim into opening a malicious file to exploit this issue.

Affects: Microsoft Office 2000 SP3, Microsoft Office XP SP3, Microsoft Office 2003 SP2, Microsoft Office Converter Pack, and Microsoft Works 8

CVE-2008-3020 (BID 30599) Microsoft Malformed BMP Filter Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A client-side remote code-execution vulnerability affects Microsoft Office when handling specially crafted BMP image files. An attacker must trick a victim into opening a malicious file with Microsoft Office to exploit this issue. A successful attack will result in the execution of attacker-supplied code in the context of the currently logged-in user.

Affects: Microsoft Office 2000 SP3, Microsoft Office XP SP3, Microsoft Office Converter Pack, and Microsoft Works 8

CVE-2008-3460 (BID 30600) Microsoft Office WPG Image File Heap Corruption Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A client-side remote code-execution vulnerability affects Microsoft Office when handling specially crafted WordPerfect Graphics (WPG) files. An attacker must trick a victim into opening a malicious file in Microsoft Office to exploit this issue. A successful attack will result in the execution of attacker-supplied code in the context of the currently logged-in user.

Affects: Microsoft Office 2000 SP3, Microsoft Office 2003 SP2, Microsoft Office XP SP3, Microsoft Office Converter Pack, and Microsoft Works 8

More information on these and the other vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.