Microsoft Bulletins – Sept08

There are 4 security bulletins released addressing 8 security vulnerabilities and all are Critical.

1. MS08-052 – GDI+ Remote Code Execution Vulnerability

2. MS08-053 – Windows Media Encoder 9 Remote Code Execution Vulnerability

3. MS08-054 – Windows Media Player Remote Code Execution Vulnerability

4. MS08-055 – Microsoft Office Remote Code Execution Vulnerability

More details can be found here. Also we have released SecPod Plugins for Nessus.

One critical vulnerability, MS08-052 requires considerable effort to deploy the patches. When we did a search for gdiplus.dll (vulnerable file), in one of the system, it returned 23 different locations where it exists and all are of different sizes and file versions. This indicates that each applications have been embedded with different version of GDI+ library.

First step towards applying the patch would be manually downloading the patches from Microsoft Bulletin and applying each of them listed against category of applications. Windows Automatic Update will not help here. Secondly, list out all the applications that are using GDI+ (search for gdiplus.dll) and try and see if you can overwrite those files with the latest versions (This may not work for all applications, as each is bundled with different versions and size). Apply thought while using these applications. Hopefully each vendor will update their software seperately and soon.

Leave a Reply

Your email address will not be published. Required fields are marked *