14 DAY TRIAL // Following the four security bulletins released on Patch Tuesday, September 9, 2008, Microsoft has bundled all the Windows updates into a single ISO image offered through the Download Center.
Via the September 2008 Security Release ISO Image package, the Redmond company is essentially delivering multiple individual language versions of the patches for the supported Windows client and server operating systems made available this month. Out of the four security bulletins published by Microsoft on September 9, no less than three, all Critical, impact Windows, including Windows Vista Service Pack 1 and Windows XP Service Pack 3.
“All of the vulnerabilities this month are client-side issues rated "critical." Five of the issues affect the GDI+ graphics library; the rest affect Media Player, Microsoft Office, and Media Encoder. All of the issues have the potential to see active exploits, but the GDI+ vulnerabilities have the most avenues of attack and affect the most systems,” explained Robert Keith, Symantec researcher.
According to Microsoft, all the vulnerabilities patched with the September 2008 security bulletins have been privately reported to the Redmond company and, as such, no attacks or exploits have been detected in the wild. However, the vulnerabilities are indeed rated Critical, a total of six out of eight affecting Vista SP1 and XP SP3. At the same time, it is also a tradition for exploits and attacks to follow on the heels of the Microsoft security bulletins, as the patches offer sufficient information to lead to the identification of the actual vulnerabilities.
“The highest potential for usage in malware is the GIF parsing vulnerability which may be used to execute malicious code straight from a malicious web page. We have not seen any samples exploiting these vulnerabilities yet, but we are monitoring the situation and will make sure all samples are detected,” stated Vanja Svajcer, SophosLabs, UK.
September 2008 Security Release ISO Image is available for download here.