Microsoft September 2008 Security Bulletin

Filed Under: SophosLabs, Vulnerability

August is the month of holidays and conferences and the activity of vulnerability researchers is accordingly lower. Nevertheless, Microsoft's September Security Bulletin contains 4 high profile vulnerabilities which may allow an attacker to remotely execute code on the victim's system.

The most interesting advisory describes several vulnerabilities discovered and fixed in the well known offender gdiplus.dll, the dll responsible for rendering several popular image formats.

The highest potential for usage in malware is the GIF parsing vulnerability which may be used to execute malicious code straight from a malicious web page. We have not seen any samples exploiting these vulnerabilities yet, but we are monitoring the situation and will make sure all samples are detected. Sophos Anti-Virus 7 also contains generic buffer overflow protection technology which should be able to prevent buffer overflow types of browser exploit.

We have updated our main Vulnerability Analysis landing page to include analyses for vulnerabilities announced in the Microsoft's September Security Bulletin.

MS08-052. Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
MS08-053. Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
MS08-054. Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
MS08-055. Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)

As always, we would love to hear what you think about these advisories so please send us your comments and suggestions by email to sophosblog@sophos.com

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Vanja is a Principal Virus Researcher in SophosLabs. He has been working for Sophos since 1998. His major interests include automated analysis systems, honeypots and malware for mobile devices. Vanja is always ready for a good discussion on various security topics.