nCircle Resources - VERT Alert

On Tuesday, August 11th Microsoft will release 9 new bulletins that affect a number of products, spanning five operating systems and several applications. In keeping with our 24 hour SLA, on Wednesday, August 12th VERT will release ASPL-310 which will include detection for these new vulnerabilities.

The bulletins are rated as follows:

Bulletin	Severity Rating	Vulnerability Impact ¹
Bulletin #1	Critical	Remote Code Execution
Bulletin #2	Critical	Remote Code Execution
Bulletin #3	Critical	Remote Code Execution
Bulletin #4	Critical	Remote Code Execution
Bulletin #5	Critical	Remote Code Execution
Bulletin #6	Important	Elevation of Privilege
Bulletin #7	Important	Elevation of Privilege
Bulletin #8	Important	Denial of Service
Bulletin #9	Important	Remote Code Execution

The below table outlines the bulletins and the affected application/operating system:

	Bulletin #1	Bulletin #2	Bulletin #3	Bulletin #4	Bulletin #5 ²
Windows 2000		x	x	x	x
Windows XP		x		x	x
Windows Server 2003		x	x	x	x
Windows Vista		x		x	x
Windows Server2 008		x		x	x
Office XP & Office 2003	x
Office Web Components	x
Small Business Accounting 2006	x
ISA Server 2004 & ISA Server 2006	x
BizTalk Server 2002	x

	Bulletin #6	Bulletin #7	Bulletin #8 ³	Bulletin #9
Windows 2000		x		x
Windows XP	x	x		x
Windows Server 2003	x	x		x
Windows Vista	x	x	x	x
Windows Server2 008	x		x	x

As VERT receives more information on these bulletins, we will release further details. The next scheduled VERT Alert will be on Tuesday, August 11th and will contain information on these specific bulletins.

¹ Vulnerability Impact refers to Microsoft’s definition and not nCircle’s definition.

² Bulletin #5 is listed as a Windows bulletin; however the affected components of the operating system are Windows Media Player and Outlook Express.

³ Bulletin #8 is listed as a Windows bulletin; however the affected component of the operating system is the .NET Framework.