Wow!! Jumbo patch released by Microsoft after a long time (5 years). Out of these 28 patches, 23 of them have been rated Critical, 3 have been rated important and two as moderate. The patches were issued in eight updates for Windows, Internet Explorer, Office, SharePoint, Windows Media, and popular development tools, Visual Basic and Visual Studio.

So these has to be in top to-do lists of security consultants. So one more reason to work or say drive the clients to work to patch.

The release patch MS08-071, contains two separate vulnerabilities, both critical, updates the Graphics Device Interface (GDI), the core graphics rendering component of Windows. GDI has been repeatedly patched by Microsoft, most recently in September. This looks similar to MS08-21 release which has now pegged the SDL of Microsoft in question.

Details:

MS08-71 : Vulnerabilities in GDI Could Allow Remote Code Execution (956802) : Critical

MS08-75 : Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) : Critical.

MS08-73 : Cumulative Security Update for Internet Explorer (958215) : Critical

MS08-70 : Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) : Critical

MS08-72 : Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) : Critical

MS08-74 : Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) : Critical

MS08-77 : Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) : Important

MS08-76 : Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) : Important

So in-short folks…its patch time again!!!

Similar Posts you might be interested in:

• Microsoft 10 Feb – patch tuesday
• Microsoft intending to release 2 out-of-band vulnerbilities
• Another critical patch released – MS08-78