C5 Alert Logo Microsoft Security Bulletin MS08-026 05/13/2008

Overview

Microsoft has released a new security update to fix a remote code execution vulnerability in Microsoft Word. 
C5 Bar 

Severity

C5 Severity Logo

 This vulnerability could allow remote code execution. 

C5 Bar 

Affected Systems

-- Microsoft Word 2000 SP3
-- Microsoft Word 2002 SP3
-- Microsoft Word 2003 SP2 and SP3
-- 2007 Microsoft Office System SP0 and SP1

 C5 Bar 

Recommendations

The Secure Elements Security Lab engineers recommend you patch all your affected systems as soon as possible.

C5 EVM Users

•    Create remediation templates from the following remediations:
      - SE-0003876 (MS - MS08-026) Install security update MS08-026 for Microsoft Word 2000 SP3 (KB950250)
      - SE-0003877 (MS - MS08-026) Install security update MS08-026 for Microsoft Word 2002 SP3 (KB950243)
      - SE-0003878 (MS - MS08-026) Install security update MS08-026 for Microsoft Word 2003 SP2 (KB950241)
      - SE-0003879 (MS - MS08-026) Install security update MS08-026 for Microsoft Word 2003 SP3 (KB950241)
      - SE-0003880 (MS - MS08-026) Install security update MS08-026 for Microsoft Office Word 2007 SP0 and SP1 (KB950113)
      - SE-0003881 (MS - MS08-026) Install security update MS08-026 for Microsoft Office Word Viewer 2003 (KB950625)
      - SE-0003882 (MS - MS08-026) Install security update MS08-026 for Microsoft Compatibility Pack for the 2007 Office system (KB951808)
and dispatch them to the appropriate assets.

 Non C5 EVM users

•    Download and install the security update for Microsoft Word as described in Microsoft security bulletin MS08-026.


C5 Bar

Technical Details

This security update resolves a remote code execution vulnerability in Microsoft Word. A remote attacker could exploit this vulnerability to take complete control over the victim's computer.

 C5 Bar 

 
Sources

http://www.microsoft.com/technet/security/bulletin/MS08-026.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1091



Dragos Prisaca
Sr. Security Content Lead
Secure Elements Security Labs
seclabs@secure-elements.com

 
 © 2007 Secure Elements All Rights Reserved