Microsoft issued eight security bulletins, including six rated critical, addressing serious flaws in Internet Explorer and Microsoft Office that could be remotely exploited by an attacker to gain access to critical flaws and take control of a computer.
Four critical vulnerabilities in Internet Explorer (IE) could be exploited remotely if an attacker tricks a user into viewing a malicious Web page. Bulletin MS08-073 addresses memory corruption errors in the way IE handles certain navigation methods, Microsoft said.
The flaws are rated Critical for IE 5.01 and IE 6 Service Pack 1, running on Microsoft Windows 2000; IE 6 running on Windows XP; and IE 7. Microsoft gave the flaws a 1 on its Exploitability Index, warning that consistent exploit code is likely in the wild."This is a very widespread vulnerability and should be taken very seriously," said Dee Liebenstein, senior director of product management for patch management vendor Lumension Security. "This is a good example of vulnerabilities that are almost completely out of the control of an end user. All they have to do is navigate to a malicious Web page."
Bulleltin MS08-071 addresses two critical flaws in Microsoft's Graphics Device Interface (GDI). An error in the way the GDI handles the Windows Metafile (WMF) graphics file format could allow an attacker to pass a malicious WMF image file. Microsoft said reading email in plain text could help mitigate the risk. The vulnerability affects all supported versions of Microsoft Windows.
Microsoft also updated Windows Search in Microsoft Vista and Windows 2008. Bulletin MS08-075 fixes two critical vulnerabilities that could allow remote code execution. In order to pull off a successful attack, an attacker has to trick a user into clicking a malicious URL, Microsoft said. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft said in its bulletin. Windows Search for Windows XP is not affected.
An update to Visual Basic 6.0 Runtime ActiveX Controls, repairs five critical flaws that could be remotely exploited by an attacker. According to Bulletin MS08-070, the flaws could only be exploited if a browses to a website that contains malicious code.
Bulletins MS08-072 and MS08-074 fix eight flaws in Microsoft Office Word and Microsoft Office Outlook and three flaws in Microsoft Office Excel. The Word bulletin addresses an error in the way Rich Text Format (RTF) files are handled. A malicious RFT file could allow an attacker to take complete control of a system, Microsoft said. The Excel bulletin addresses flaws in Excel that could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.
MS08-076 addresses two flaws in Windows Media Player and Windows Media Format Runtime that could allow remote code execution. "An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft said. The bulletin was rated important by Microsoft.
Eric Schultze, chief technology officer of, patch management vendor Shavlik Technologies, called the flaws serious despite Microsoft's important rating. Schultze said the bulletin is closely related to the update issued last month fixing flaws in the Server Message Block (SMB).
"Microsoft says that Windows Media Player doesn't play by the same rules as the Operating System, and that's why this issue wasn't fixed in the November patch release," Schultze said in a prepared statement. "This issue could become very serious if attackers figure out how to create the evil URLs. I'd get this one patched right away."
MS08-077 resolves a vulnerability in Microsoft Office SharePoint Server. The bulletin is rated important. It could allow an attacker to elevate their privileges and execute administrative tasks. The attacker must bypasses authentication by browsing to an administrative URL on a SharePoint site, Microsoft said.
"These tasks, while not allowing users direct access to protected information, could cause the server to stop responding to legitimate requests, or could provide additional information to attackers, such as email addresses of the users on the system," Schultze said.Advisory issued
Microsoft also issued an advisory warning customers of vulnerability in the Wordpad Converter for Word 97 files affecting Windows 2000 SP4, Windows XP SP2 and Windows Server 2003 SP1 and SP2. In order to exploit the flaw, an attacker must trick a user into opening an attachment that is sent in an email. A successful attack could give the attacker the same user rights as the local user.
"We are aware of very limited and targeted attacks seeking to exploit this vulnerability," said Christopher Budd, a security program manager in the Microsoft Security Response Center.
As a workaround until a patch is released, Microsoft recommends preventing WordPad from loading Word 97 files by applying an access control list to the specific converter file. If the workaround is deployed, users will no longer be able to open or convert Word 97 files using WordPad.