Microsoft released four security updates for September, rating all of them as critical. If unpatched, these vulnerabilities leave applicable software open to the execution of remote code. Patching critical vulnerabilities in a timely manner is important; exploits have appeared within a week of the release of an update. Here's a brief description of each update; for more information, go to
http://www.microsoft.com/technet/security/bulletin/ms08-sep.mspx


MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution

Applies to: Internet Explorer (IE) 6.0 and .NET Framework on Windows Server 2008, Windows Vista, Windows Server 2003, Windows 2000; Office 2007, 2003, XP; GDR and QFE update for SQL Server 2005 SP2

Update Size: Between 2MB and 15MB, depending on installed software

This vulnerability can be leveraged to allow the execution of remote code. As a part of an overall system infiltration strategy, the execution of remote code can lead to the attacker gaining complete control of the target computer. This vulnerability is exploited by a user visiting a specially created website or viewing a specially modified image file. The update addresses the vulnerability by changing how GDI+ handles the display of malformed images. This bulletin replaces previous bulletin MS07-050 for IE 6.0 SP1 on Win2K SP4.

Recommendation: Microsoft rates this update as critical. Given the wide software footprint of this vulnerability and the ability of attackers to compromise third-party websites to make them platforms for hosting files containing this type of exploit, you should test and deploy this update as a part of your organization's accelerated patch management routine.


MS08-053: Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution

Applies to: Windows Media Encoder 9 Series on Windows Server 2008, Windows Vista, Windows Server 2003, Windows XP, Windows 2000

Update Size: Approximately 1MB for x86, 2MB for x64

This buffer overrun vulnerability in the WMEX.DLL ActiveX control can be leveraged to allow the execution of remote code. As a part of an overall system infiltration strategy, the execution of remote code can lead to the attacker gaining complete control of the target computer. This vulnerability is exploited by a user visiting a website that hosts specifically crafted media files. The update addresses the vulnerability by changing the way that the controls in Windows Media Encoder interact with Internet Explorer (IE). This bulletin replaces no previous security bulletins.

Recommendation: Microsoft rates this update as critical. Given the wide software footprint of this vulnerability and the ability of attackers to compromise third-party websites to make them platforms for hosting files containing this type of exploit, you should test and deploy this update as a part of your organization's accelerated patch management routine.


MS08-054: Vulnerability in Windows Media Player Could Allow Remote Code Execution

Applies to: Windows Media Player 11 on Windows Server 2008, Windows Vista, Windows XP

Update size: 0.5MB

This vulnerability can be leveraged to allow the execution of remote code. As a part of an overall system infiltration strategy, the execution of remote code can lead to the attacker gaining complete control of the target computer. This vulnerability is exploited by a user streaming a specially crafted audio file from a Windows Media server. The update addresses the vulnerability by changing the way that Windows Media Player 11 plays audio files streamed from a server-side playlist. This bulletin replaces no previous security bulletins.

Recommendation: Microsoft rates this update as critical. Unlike some other vulnerabilities patched with this set of updates, this vulnerability cannot be directly leveraged through a specially crafted web page. Although you should deploy this update as soon as possible, you should prioritize the deployment of updates related to bulletins MS08-052 and MS08-053.


MS08-055: Vulnerability in Microsoft Office Could Allow Remote Code Execution

Applies to: Office 2007, 2003, XP; One Note 2007

Update size: 10MB to 18MB, depending on installed software

This vulnerability can be leveraged to allow the execution of remote code. As a part of an overall system infiltration strategy, the execution of remote code can lead to the attacker gaining complete control of the target computer. This vulnerability is exploited by a user opening a specially created One Note URL. The update addresses the vulnerability by modifying the way that Office validates URLs. This bulletin replaces security bulletins MS08-016 and MS07-025.

Recommendation: Microsoft rates this update as critical. Although you should deploy this update as soon as possible, you should prioritize the deployment of updates related to bulletins MS08-052 and MS08-053.