Microsoft has released its monthly security bulletin for August 2008 to address eleven vulnerabilities in Windows and Internet Explorer, six of them critical. We strongly suggest applying the patches provided by Microsoft for these vulnerabilities.

Following is a summary of the security updates released by Microsoft:

Critical

Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution
A vulnerability has been discovered in the Microsoft Image Color Management (ICM) system that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft has already addressed this vulnerability with a patch. The patch and additional information are available here.

Cumulative Security Update for Internet Explorer
This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. All of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.

Microsoft has already addressed this vulnerability with a patch. The patch and additional information are available here.

Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
This security update resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page.

Microsoft has already addressed this vulnerability with a patch. The patch and additional information are available here.

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
This security update resolves four privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.

Microsoft has already addressed this vulnerability with a patch. The patch and additional information are available here.

Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution
This security update resolves three privately reported vulnerabilities in Microsoft Office PowerPoint and Microsoft Office PowerPoint Viewer that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system.

Microsoft has already addressed this vulnerability with a patch. The patch and additional information are available here.

Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution
This security update resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office.

Microsoft has already addressed this vulnerability with a patch. The patch and additional information are available here.

Important

Vulnerability in IPsec Policy Processing Could Allow Information Disclosure
This update resolves a privately reported vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended to be encrypted on the network.

Microsoft has already addressed this vulnerability with a patch. The patch and additional information are available here.

Vulnerabilities in Event System Could Allow Remote Code Execution
This update resolves two privately reported vulnerabilities in Microsoft Windows Event System that could allow remote code execution. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.

Microsoft has already addressed this vulnerability with a patch. The patch and additional information are available here.

Security Update for Outlook Express and Windows Mail
This security update resolves a privately reported vulnerability in Outlook Express and Windows Mail. The vulnerability could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer.

Microsoft has already addressed this vulnerability with a patch. The patch and additional information are available here.

Vulnerability in Windows Messenger Could Allow Information Disclosure
This security update resolves a publicly reported vulnerability in supported versions of Windows Messenger. As a result of this vulnerability, scripting of an ActiveX control could allow information disclosure in the context of the logged-on user.

Microsoft has already addressed this vulnerability with a patch. The patch and additional information are available here.

Vulnerability in Microsoft Word Could Allow Remote Code Execution
This security update resolves a publicly reported vulnerability in Microsoft Word. This vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft has already addressed this vulnerability with a patch. The patch and additional information are available here.