English (US) 
Archived Blog
Bulletin: MS08-069 - Critical
Component: Microsoft XML Core Services
Vulnerabilities:- MSXML Memory Corruption Vulnerability - CVE-2007-0099
- MSXML DTD Cross-Domain Scripting Vulnerability - CVE-2008-4029
- MSXML Header Request Vulnerability - CVE-2008-4033
The MSXML Memory Corruption Vulnerability CVE-2007-0099 can allow remote attackers to specially craft Web pages to cause denial of service crashes of Internet Explorer and potentially to allow remote code execution. Both of the other vulnerabilities are cross-domain vulnerabilities that could give malicious Web page code access to sensitive information in other pages being viewed.
Bulletin: MS08-068 - Important
Component: Microsoft Server Message Block (SMB) Protocol
With this update, Microsoft patches one vulnerability in the Microsoft Server Message Block (SMB) Protocol. The vulnerability details and CVE Links are below.
Vulnerabilities:- SMB Credential Reflection Vulnerability - CVE-2008-4037
This remote code execution vulnerability allows remote attackers to have users connect to their SMB Share, and then capture the credentials and use them to access the users machine. This gives the attacker the same level of access as the logged on user, meaning that if the user is Administrator, the remote attacker inherits administrative permissions. Its important to note that for this vulnerability to be exploited it needs to have the user first connect to an SMB Share the Attacker controls.
Of all the vulnerabilities, only the SMB Credential Reflection Vulnerability - CVE-2008-4037 and the MSXML DTD Cross-Domain Scripting Vulnerability - CVE-2008-4029 can be reproduced consistently. We will be posting any updates we see involving these vulnerabilities here in our Blogs or Alerts.
Security Researcher: Moti Joseph and Ali Mesdaq
