An automatic Microsoft upgrade that has crashed popular word proccesing package Word which is part of Microsoft’s Office 2007 offering has been pumped to millions of computers.
Overnight Microsoft has pumped 11 upgrades for Vista and Office to millions of computers and on two seperate computers both at home and in my office the upgrade has nobbled both Word and my default email package. MIcrosoft say that they are investigating the issues.
 Click to enlarge |
Among the patches distributed by Microsoft overnight were Microsoft Office Service Pack 1, Security updates for Microsoft Windows,Microsoft Outlook updates and security updates for CAPICOM.
Among the problems we experienced one was unable to scroll pages up or down, right click a mouse or paste copy to a page. When one goes to closean affected page an error message pops up saying that Word has “Stopped Working”.
The latest Microsoft security bulletin says that of the 11 upgrades six of are deemed “critical” while five are deemed “important.” One bulletin, suggested that a majority of the “critical” patches affect Microsoft Office, two critical patches include users of Office for Mac 2004, one affects Visual Basic 6.
Microsoft say that the “important” patches are mostly Internet services-related. One patch is specific to the Windows Vista update, however, all the Windows Vista-related updates will be included with Windows Vista SP1, expected to roll out to consumers in mid-to-late March.
Tim Rains, security response communications lead for Microsoft, humorously noted that “Windows Vista SP1 and Windows Server 2008 are not affected by any of today’s bulletins.” They’re not affected because they are not yet available to the public. All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.
MS08-003: Important
Titled “Vulnerability in Active Directory Could Allow Denial of Service (946538),” this bulletin affects users of Microsoft Windows 2000, XP SP2, Server 2003, but does not affect Windows Vista. A vulnerability detailed in CVE-2008-0088 exists in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003 and Active Directory Application Mode (ADAM). Microsoft says “attacker must have valid log-on credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could cause the system to stop responding or automatically restart.”
MS08-004: Important
Titled “Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456),” this bulletin only affects users of Windows Vista. The update addresses the vulnerability detailed in CVE-2008-0084 that exists in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. Microsoft says “an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart.”
MS08-005: Important
Titled “Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831),” this bulletin affects users of Microsoft Windows 2000, XP SP2, Server 2003, and Vista. The update addresses the vulnerability detailed in CVE-2008-0074 that exists in Internet Information Services (IIS). Microsoft says “a local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
MS08-006: Important
Titled “Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830),” this bulletin affects users of Microsoft Windows XP SP2 and Server 2003, but not Windows 2000 or Vista. The update addresses the vulnerability detailed in CVE-2008-0075 that exists in the way that IIS handles input to ASP Web pages. Microsoft says “An attacker who successfully exploited this vulnerability could then perform actions on the IIS server with the same rights as the Worker Process Identity (WPI). The WPI is configured with Network Service account privileges by default. IIS servers with ASP pages whose application pools are configured with a WPI that uses an account with administrative privileges could be more seriously impacted than IIS servers whose application pool is configured with the default WPI settings.”
MS08-007: Critical
Titled “Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026),” this bulletin affects users of Microsoft Windows XP SP2, Server 2003, and Vista, but not Windows 2000. This update addresses the vulnerability detailed in CVE-2008-0080 in the WebDAV Mini-Redirector. Microsoft says “an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
MS08-008: Critical
Titled “Vulnerability in OLE Automation Could Allow Remote Code Execution (947890),” this bulletin affects users of all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, Microsoft Office 2004 for Mac, and Visual Basic 6. The update addresses the vulnerability detailed in CVE-2007-0065. If exploited, the vulnerability could allow remote code execution through attacks on Object Linking and Embedding (OLE) Automation if a user viewed a specially crafted Web page.
MS08-009: Critical
Titled “Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077),” this bulletin affects users of Microsoft Word 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Office 2003 Service Pack 2, Microsoft Office Word Viewer 2003, but does not affect Microsoft Office 2003 Service Pack 3, Microsoft Word Viewer 2003 Service Pack 3, 2007 Microsoft Office System, 2007 Microsoft Office System Service Pack 1, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac. The update addresses the vulnerability detailed in CVE-2008-0109 and could allow remote code execution if a user opens a specially crafted Word file. Microsoft says “An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
MS08-010: Critical
Titled “Cumulative Security Update for Internet Explorer (944533),” this bulletin affects users of Microsoft Windows 2000, XP SP2, Server 2003, but not Windows Vista. The update addresses the vulnerabilities detailed in CVE-2008-0076, CVE-2008-0077, CVE-2008-0078, and CVE-2007-4790. Microsoft says “the most serious of the vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”