Microsoft August 2008 Security Bulletin

The number of critical vulnerabilities patched by the latest set of security patches described in Microsoft’s August Security Bulletin is high and they are all quite serious so the patches should be applied as soon as possible. However, we rated most of them with medium risk level since there are no known exploits in the wild, except for MS08-041 which we rated with high risk. The first samples of malicious scripts exploiting this vulnerability were seen in the wild couple of weeks ago. Sophos products detects these as Troj/SnpView-A.

One of the main factors we consider when estimating the risk of encountering an attack in the wild is the existence of a proof of concept code or a malware sample and factor this in our equation for estimating the risk. We are not trying to assess just how easy is to create an exploit for a certain vulnerability but also how likely it is our users will be hit by one.

As promised yesterday, we were quite busy throughout the day by analyzing the vulnerability and writing our analysis articles:

Vulnerabilities in Microsoft PowerPoint could allow remote code execution (949785) – MS08-051

MS08-042. Malicious Word documents could allow arbitrary code execution
MS08-044. Multiple vulnerabilities in Microsoft Office filters could allow arbitrary code execution
MS08-045. Vulnerabilities in Internet Explorer could allow arbitrary code execution
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066) – MS08-043
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617) – MS08-041

We have also created a main landing page for all new vulnerability analyses. The main landing page will be linked from the main Support knowledgebase page.

We would love to hear what you think about these so please send us your comments and suggestions by email to