Fixlet Site - EnterpriseSecurity
Current Version: 1037	Published: Thu, 14 Aug 2008 00:50:21  GMT

New Fixlets:
============

***************************************************************
Title: MS08-022: CORRUPT PATCH - Windows Server 2003 SP1/SP2 (v2, re-released 8/12/2008)
Severity: Critical
Fixlet ID: 802211
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-022.mspx

***************************************************************
Title: MS08-022: Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution - Windows XP SP2 (v2, re-released 8/12/2008)
Severity: Critical
Fixlet ID: 802212
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-022.mspx

Fixlet Description: Important Note: This patch was re-released on August 12, 2008 to address known issues with the original patch. Customers who have successfully updated their systems do not need to reinstall this update.

Microsoft has released a security update that resolves a privately reported vulnerability in the VBScript and JScript scripting engines in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

***************************************************************
Title: MS08-022: Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution - Windows Server 2003 SP1/SP2 (v2, re-released 8/12/2008)
Severity: Critical
Fixlet ID: 802213
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-022.mspx

Fixlet Description: Important Note: This patch was re-released on August 12, 2008 to address known issues with the original patch. Customers who have successfully updated their systems do not need to reinstall this update.

Microsoft has released a security update that resolves a privately reported vulnerability in the VBScript and JScript scripting engines in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

***************************************************************
Title: MS08-022: CORRUPT PATCH - Windows XP SP2 (v2, re-released 8/12/2008)
Severity: Critical
Fixlet ID: 802214
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-022.mspx

***************************************************************
Title: MS08-022: CORRUPT PATCH - Windows Server 2003 (x64) (v2, re-released 8/12/2008)
Severity: Critical
Fixlet ID: 802215
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-022.mspx

***************************************************************
Title: MS08-022: Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution - Windows Server 2003 (x64) (v2, re-released 8/12/2008)
Severity: Critical
Fixlet ID: 802216
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-022.mspx

Fixlet Description: Important Note: This patch was re-released on August 12, 2008 to address known issues with the original patch. Customers who have successfully updated their systems do not need to reinstall this update.

Microsoft has released a security update that resolves a privately reported vulnerability in the VBScript and JScript scripting engines in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

***************************************************************
Title: MS08-022: Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution - Windows XP (x64) (v2, re-released 8/12/2008)
Severity: Critical
Fixlet ID: 802217
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-022.mspx

Fixlet Description: Important Note: This patch was re-released on August 12, 2008 to address known issues with the original patch. Customers who have successfully updated their systems do not need to reinstall this update.

Microsoft has released a security update that resolves a privately reported vulnerability in the VBScript and JScript scripting engines in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

***************************************************************
Title: MS08-022: CORRUPT PATCH - Windows XP (x64) (v2, re-released 8/12/2008)
Severity: Critical
Fixlet ID: 802218
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-022.mspx

***************************************************************
Title: MS08-041: Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution - Office 2000 SP3 (Local Install)
Severity: Critical
Fixlet ID: 804106
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-041.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129

Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS08-041: Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution - Office 2000 SP3 (Network Install)
Severity: Critical
Fixlet ID: 804107
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-041.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129

Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS08-041: Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution - Office 2000 SP3 (Administrative Install)
Severity: Critical
Fixlet ID: 804108
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-041.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129

Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS08-041: Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution - Office XP SP3 (Local/Network Install)
Severity: Critical
Fixlet ID: 804111
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-041.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129

Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS08-041: Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution - Office XP SP3 (Administrative Install)
Severity: Critical
Fixlet ID: 804113
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-041.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129

Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS08-041: Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution - Office 2003 SP2/SP3 (Local/Network Install)
Severity: Critical
Fixlet ID: 804116
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-041.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129

Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS08-041: Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution - Office 2003 SP2/SP3 (Administrative Install)
Severity: Critical
Fixlet ID: 804118
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-041.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129

Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS08-043: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - SharePoint Server 2007 Gold/SP1 (x64)
Severity: Important
Fixlet ID: 804356
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-043.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129

Fixlet Description: Microsoft has released a security update that resolves four privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.

***************************************************************
Title: MS08-044: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution - Office 2000 SP3 (Local Install)
Severity: Critical
Fixlet ID: 804401
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129

Fixlet Description: Microsoft has released a security update that resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.

***************************************************************
Title: MS08-044: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution - Office 2000 SP3 (Network Install)
Severity: Critical
Fixlet ID: 804402
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129

Fixlet Description: Microsoft has released a security update that resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.

***************************************************************
Title: MS08-044: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution - Office 2000 SP3 (Administrative Install)
Severity: Critical
Fixlet ID: 804403
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129

Fixlet Description: Microsoft has released a security update that resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.

***************************************************************
Title: MS08-044: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution - Office XP SP3 (Local/Network Install)
Severity: Important
Fixlet ID: 804406
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129

Fixlet Description: Microsoft has released a security update that resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.

***************************************************************
Title: MS08-044: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution - Office XP SP3 (Administrative Install)
Severity: Important
Fixlet ID: 804408
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129

Fixlet Description: Microsoft has released a security update that resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.

***************************************************************
Title: MS08-044: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution - Office 2003 SP2 (Local/Network Install)
Severity: Important
Fixlet ID: 804411
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129

Fixlet Description: Microsoft has released a security update that resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.

***************************************************************
Title: MS08-044: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution - Office 2003 SP2 (Administrative Install)
Severity: Important
Fixlet ID: 804413
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129

Fixlet Description: Microsoft has released a security update that resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.

***************************************************************
Title: MS08-044: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution - Project 2002 SP1 (Local/Network Install)
Severity: Important
Fixlet ID: 804416
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129

Fixlet Description: Microsoft has released a security update that resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.

***************************************************************
Title: MS08-044: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution - Office 2003 File Converter Pack
Severity: Important
Fixlet ID: 804421
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx
Fixlet Link: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129

Fixlet Description: Microsoft has released a security update that resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities.

***************************************************************
Title: MS08-047: Vulnerability in IPsec Policy Processing Could Allow Information Disclosure - Windows Vista Gold/SP1
Severity: Important
Fixlet ID: 804701
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-047.mspx

Fixlet Description: Microsoft has released an update that resolves a privately reported vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended to be encrypted on the network. An attacker viewing the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly. It could be used to collect useful information to try to further compromise the affected system or network. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS08-047: Vulnerability in IPsec Policy Processing Could Allow Information Disclosure - Windows Vista Gold/SP1 (x64)
Severity: Important
Fixlet ID: 804703
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-047.mspx

Fixlet Description: Microsoft has released an update that resolves a privately reported vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended to be encrypted on the network. An attacker viewing the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly. It could be used to collect useful information to try to further compromise the affected system or network. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS08-047: Vulnerability in IPsec Policy Processing Could Allow Information Disclosure - Windows Server 2008
Severity: Important
Fixlet ID: 804705
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-047.mspx

Fixlet Description: Microsoft has released an update that resolves a privately reported vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended to be encrypted on the network. An attacker viewing the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly. It could be used to collect useful information to try to further compromise the affected system or network. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS08-047: Vulnerability in IPsec Policy Processing Could Allow Information Disclosure - Windows Server 2008 (x64)
Severity: Important
Fixlet ID: 804707
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-047.mspx

Fixlet Description: Microsoft has released an update that resolves a privately reported vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended to be encrypted on the network. An attacker viewing the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly. It could be used to collect useful information to try to further compromise the affected system or network. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.