In all, there are eight remote code execution flaws in Microsoft Office, Microsoft Server Software, Microsoft Windows, which can allow hackers to gain access to, or take control of an affected system without user prompts or permission.
The four critical bulletins affect Sharepoint, Outlook, Internet Explorer and XP and Windows 2003. Bulletien second will address a Remote Code Execution flaw in Microsoft Office that can be triggered simply by previewing an email in Outlook, even without explicitly opening the e-mail. The problem for users is that Outlook automatically displays the content of each email it previews.
The remaining 10 bulletins are all rated important by Microsoft, four of them patch remote code execution flaws in Office, while three other privilege escalation flaws are being fixed in Windows and Office.
The remaining 10 bulletins are all rated important by Microsoft, four of them patch remote code execution flaws in Office, while three other privilege escalation flaws are being fixed in Windows and Office.
- Bulletin 1: Rated Critical - affects Office and Server software: may allow remote code execution.
- Bulletin 2: Rated Critical - affects Office: may allow remote code execution.
- Bulletin 3: Rated Critical - affects Windows and Internet Explorer: may allow remote code execution.
- Bulletin 4: Rated Critical - affects Windows: may allow remote code execution.
- Bulletin 5: Rated Important - affects Windows: may allow remote code execution
- Bulletin 6: Rated Important - affects Office: may allow remote code execution.
- Bulletin 7: Rated Important - affects Office: may allow remote code execution.
- Bulletin 8: Rated Important - affects Office: may allow remote code execution.
- Bulletin 9: Rated Important - affects Office: may allow an elevation of privileges.
- Bulletin 10: Rated Important - affects Windows: may allow an elevation of privileges.
- Bulletin 11: Rated Important - affects Windows: may allow an elevation of privileges.
- Bulletin 12: Rated Important - affects Office: may allow sensitive information to leave the affected system.
- Bulletin 13: Rated Important - affects Windows and the .NET Framework: may allow a Denial of Service.
- Bulletin 14: Rated Important - affects Windows: may allow a Denial of Service.
Microsoft does not get into detail about the vulnerabilities, because the patches have not been rolled out as of yet. The patches will be made available to the general public this Tuesday, September 10.
