Microsoft releases 11 security bulletins
Another Patch Tuesday and Microsoft comes out with a variety of patches, and this series is quite serious. Users are recommended to update as soon as possible.
The critical vulnerabilities are in: Windows, Office and Internet Explorer.
Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution
This update resolves a privately reported vulnerability in the Microsoft Image Color Management (ICM) system that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Cumulative Security Update for Internet Explorer
This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. All of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
This security update resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
This security update resolves four privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution
This security update resolves three privately reported vulnerabilities in Microsoft Office PowerPoint and Microsoft Office PowerPoint Viewer that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution
This security update resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
If you want more information about these security bulletins do check out the TechNet Webcast that will present a brief overview of the technical details of the August security bulletins followed by an extensive Q&A session that will give you the opportunity to ask questions and get answers from Bill Sisk, Security Response Communications Manager and Adrian Stone, Lead Security Program Manager, Microsoft Corporation.