CyTRAP Labs - Wincurity - smarter protection

Microsoft has released 11 security bulletins
6 of these bulletings are ranked critical - by Microsoft, which means ‘can result in remote code execution’ 5 are important (this summary focuses on the critical ones only) CVE-2008-0120, CVE-2008-0121, CVE-2008-1455, CVE-2008-2245, CVE-2008-2254, CVE-2008-2255, CVE-2008-2256, CVE-2008-2257, CVE-2008-2258, CVE-2008-2259, CVE-2008-2463, CVE-2008-3003 CVE-2008-3004, CVE-2008-3005, CVE-2008-3006, CVE-2008-3018, CVE-2008-3019, CVE-2008-3020, CVE-2008-3021,
CVE-2008-3460,
If you have Automatic Update activated for your PC, these patches will be downloaded automatically.Does your automatic update work properly?If you are not sure if it does, check below, otherwise by mid-day 2008-08-13 the downloads should be on your machine….
Remember, installing the downloads might necessitate a reboot. Just wait until you stop working once you shut down your machine that will suffice to get them installed.

This vulnerabilities exposes you to a risk that we rate as follows:

CyTRAP Labs security risk barometer - 4 = critical
low	elevated	moderately critical	critical	severe
1	2	3	4	5

For more information and explanations about the CyTRAP Labs risk barometer you can visit here:CyTRAP Labs security risk barometer

what Microsoft Patch Tuesday has in store for us this month
operating system affected	Windows (XP, Windows Vista, Windows Server),
affected software	Microsoft Access 2000, 2002, 2003 Microsoft Internet Explorer 5.1, 6, 7$ Microsoft Excel 2002, 2002, 2003, 2007 Microsoft Office Powerpoint 2000, 2002, 2003, 2007 Microsoft Office Powerpoint Viewer 2000, 2002, 2003, 2007 Microsoft Office 2000 Service Pack 3 Microsoft Office XP Service Pack 3 Microsoft Office 2000 Service Pack 2
risk	6 security bulletins rated critical BY Microsoft (click on link - click on Login as guest - click on link again, access to free definition/explanations) were released …the risk rating given for these vulnerabilities by CyTRAP Labs is a 4 (four out of five levels) = CRITICAL - orange
how long did this vulnerability remain unpatched since it was publicly disclosed ==> zero-day alert	these vulnerabilities have been known for a while (several months), however, none were actively exploited.
patch prioritization - client side impact	users and administrators are urged to roll out this patch as soon as possible, once it has been verified that it does not break any internal applications.
where is the patch?	will be downloaded using Automatic Update, update is detected by the MBSA: CyTRAP Labs tip - using the Microsoft Baseline Security Analzyer called MBSA
what should one do?	If your Automatic Update is functioning properly, you are covered. CyTRAP Labs tip - how to make sure the latest security patch is installed
how can I check that I do have the latest version installed	find out more information how cou can check that this update is installed as well on your PC or server here:
not patching the vulnerability could cause what kind of damage to my PC?	could be exploited by attackers to execute arbitrary code on the user’s machine BETTER patch NOW
Once updated, what do you need to do?	These updates will require a restart for your PC.
Where can you get the overall summary Microsoft has issued?	full version of the Microsoft Security Bulletin Summary for August 2008
where can one get details about each of the patches released on this month’s Microsoft Patch TuesdayWe list the critical ones only - there were 5 important ones as well	- Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954) - Microsoft Security Bulletin MS08-046 - CRITICAL- Cumulative Security Update for Internet Explorer (953838) Microsoft Security Bulletin MS08-045 - CRITICAL - Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617) Microsoft Security Bulletin MS08-041 - CRITICAL- Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066) Microsoft Security Bulletin MS08-043 - CRITICAL - Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785) Microsoft Security Bulletin MS08-051 - CRITICAL - Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090) Microsoft Security Bulletin MS08-044 - CRITICAL
release date from vendor	2008-06-12 - Pacific Standard Time
why is this a reminder and not an alert?	security alert or reminder - that’s the question
did CASEScontact.org release an advisory about these vulnerabilities earlier?	No we did not issue a zero-day alert
CASEScontact.org release a zero-day advisory	NO we did not issue a zero-day advisory see also patched zero-day archive)
Common Vulnerabilities and Exposures (CVE) project has assigned the following numbers to these vulnerabilities that were patched by Microsoft	CVE-2008-0120, CVE-2008-0121, CVE-2008-1455, CVE-2008-2245, CVE-2008-2254,CVE-2008-2255, CVE-2008-2256, CVE-2008-2257, CVE-2008-2258, CVE-2008-2259, CVE-2008-2463, CVE-2008-3003 CVE-2008-3004, CVE-2008-3005, CVE-2008-3006, CVE-2008-3018, CVE-2008-3019, CVE-2008-3020, CVE-2008-3021, CVE-2008-3460,

Please make sure that your PC is patched - thank you.
Also of interest:
CyTRAP Labs: security reminder - 2008-04-08 - Patch Tuesday - Microsoft	CyTRAP Labs: security reminder - 2008-06-10 - Patch Tuesday - Microsoft
CyTRAP Labs: security reminder - 2008-07-08 - Patch Tuesday - Microsoft	why benchmark

Please stay abreast the latest developments:appear here in this part of cyberspace.

Also of interest:
InfoSec - follow us on Twitter	sign up to our alerts about zero-day exploits and newsletters here
CASEScontact follow us on Twitter	What is Twitter good for

CVE 2008 0120, CVE 2008 0121, CVE 2008 1455, CVE 2008 2245, CVE 2008 2254, CVE 2008 2255, CVE 2008 2256, CVE 2008 2257, CVE 2008 2258, CVE 2008 2259, CVE 2008 2463, CVE 2008 3003 CVE 2008 3004, CVE 2008 3005, CVE 2008 3006, CVE 2008 3018, CVE 2008 3019, CVE 2008 3020, CVE 2008 3021, Microsoft Access, Microsoft Excel, Microsoft Internet Explorer, Microsoft Office, Microsoft Office 2000 Service Pack 2, Microsoft Office 2000 Service Pack 3, Microsoft Office Powerpoint, Microsoft Office Powerpoint Viewer, Microsoft Office XP Service Pack 3, patch Tuesday, remote code execution, security alert, security bulletin, security reminder, updates, Vulnerabilities, Windows Vista, windows vista x64, Windows XP, windows xp professional

Microsoft has released 4 security bulletins - none of these are are ranked critical - by Microsoft.

Does your automatic update work properly? If you are not sure if it does, check below, otherwise by mid-day 2008-07-09 the downloads should be on your machine…. remember, installing the downloads might necessitate a reboot.

Just wait until you stop working once you shut down your machine that will suffice to get them installed.

This vulnerabilities exposes you to a risk that we rate as follows:

CyTRAP Labs security risk barometer - 3 = moderately critical
low	elevated	moderately critical	critical	severe
1	2	3	4	5

For more information and explanations about the CyTRAP Labs risk barometer you can visit here:CyTRAP Labs security risk barometer

Where can you get the overall summary Microsoft has issued?

full version of the Microsoft Security Bulletin Summary for July 2008

where is the patch?

will be downloaded using Automatic Update, update is detected by the MBSA: CyTRAP Labs tip - using the Microsoft Baseline Security Analzyer called MBSA

what should one do?

If your Automatic Update is functioning properly, you are covered. CyTRAP Labs tip - how to make sure the latest security patch is installed

More information that you should check out regarding Microsoft vulnerabilities and patches can be found here:

Also of interest:
CyTRAP Labs: security reminder - 2008-05-13 - Patch Tuesday - Microsoft	CyTRAP Labs: security reminder - 2008-06-10 - Patch Tuesday - Microsoft
the mission of ComMetrics	why benchmark

Please stay abreast the latest developments:

Sign up it is free:
InfoSec - follow us on Twitter	sign up to our alerts about zero-day exploits and newsletters here
CASEScontact follow us on Twitter	What is Twitter good for

InfoSec, Microsoft Vista, Microsoft Windows XP, patch Tuesday, security patch, Vulnerabilities, vulnerability exploit

Microsoft has released 7 security bulletins CVE-2008-1453, CVE-2008-1442, CVE-2008-1544, CVE-2008-0011, CVE-2008-1444.
3 of these bulletings are ranked critical - by Microsoft, which means ‘can result in remote code execution’ 3 are important (this summary focuses on the critical ones only)

If you have Automatic Update activated for your PC, these patches will be downloaded automatically.

Does your automatic update work properly?If you are not sure if it does, check below, otherwise by mid-day 2008-06-11 the downloads should be on your machine…. remember, installing the downloads might necessitate a reboot. Just wait until you stop working once you shut down your machine that will suffice to get them installed.

This vulnerabilities exposes you to a risk that we rate as follows:

CyTRAP Labs security risk barometer - 4 = critical
low	elevated	moderately critical	critical	severe
1	2	3	4	5

For more information and explanations about the CyTRAP Labs risk barometer you can visit here:CyTRAP Labs security risk barometer

what Microsoft Patch Tuesday has in store for us this month
operating system affected	Windows (XP, Windows Vista, Windows Server), Microsoft DirectX 7.0, 8.1, 9.0, 10.0 Microsoft Internet Explorer 5.1, 6, 7
affected software	see above
risk	3 security bulletins rated critical BY Microsoft were released …the risk rating given for these vulnerabilities by CyTRAP Labs is a 4 (four out of five levels) = CRITICAL - orange
how long did this vulnerability remain unpatched since it was publicly disclosed ==> zero-day alert	these vulnerabilities have been known for a while (several months), however, none were actively exploited.
patch prioritization - client side impact	users and administrators are urged to roll out this patch as soon as possible, once it has been verified that it does not break any internal applications.
where is the patch?	will be downloaded using Automatic Update, update is detected by the MBSA: CyTRAP Labs tip - using the Microsoft Baseline Security Analzyer called MBSA
what should one do?	If your Automatic Update is functioning properly, you are covered. CyTRAP Labs tip - how to make sure the latest security patch is installed
how can I check that I do have the latest version installed	find out more information how cou can check that this update is installed as well on your PC or server here:
not patching the vulnerability could cause what kind of damage to my PC?	could be exploited by attackers to execute arbitrary code on the user’s machine BETTER patch NOW
Once updated, what do you need to do?	These updates will require a restart for your PC.
Where can you get the overall summary Microsoft has issued?	full version of the Microsoft Security Bulletin Summary for July 2008
where can one get details about each of the patches released on this month’s Microsoft Patch TuesdayWe list the critical ones only - there were 5 important ones as well	- Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) - Microsoft Security Bulletin MS08-030 - CRITICAL- Cumulative Security Update for Internet Explorer (950759) Microsoft Security Bulletin MS08-031 - CRITICAL - Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) Microsoft Security Bulletin MS08-033 - CRITICAL
release date from vendor	2008-06-10 - Pacific Standard Time
why is this a reminder and not an alert?	security alert or reminder - that’s the question
did CASEScontact.org release an advisory about these vulnerabilities earlier?	No we did not issue a zero-day alert
CASEScontact.org release a zero-day advisory	NO we did not issue a zero-day advisory see also patched zero-day archive)
Common Vulnerabilities and Exposures (CVE) project has assigned the following numbers to these vulnerabilities that were patched by Microsoft	CVE-2008-1453, CVE-2008-1442, CVE-2008-1544, CVE-2008-0011, CVE-2008-1444,

Please make sure that your PC is patched - thank you.

If this post was helpful to you, please consider stumbling it this WinCurity post from CyTRAP Labs.
Also of interest:
CyTRAP Labs: security reminder - 2008-04-08 - Patch Tuesday - Microsoft	CyTRAP Labs: security reminder - 2008-06-10 - Patch Tuesday - Microsoft
the mission of ComMetrics	why benchmark

Please stay abreast the latest developments:appear here in this part of cyberspace.

Also of interest:
InfoSec - follow us on Twitter	sign up to our alerts about zero-day exploits and newsletters here
CASEScontact follow us on Twitter	What is Twitter good for

CVE 2008 0011, CVE 2008 1442, CVE 2008 1444, CVE 2008 1453, CVE 2008 1544, Microsoft DirectX, Microsoft Internet Explorer, Microsoft Malware Protection Engine, Microsoft Office, patch Tuesday, remote code execution, security alert, security bulletin, security reminder, updates, Vulnerabilities, Windows Vista, windows vista x64, Windows XP, windows xp professional

Posted in Windows XP, Windows Vista, Microsoft Patch, for dummies, CyTRAP Labs - reminder | No Comments »

Related Posts:

1. CyTRAP Labs: security reminder - 2008-08-12 - Patch Tuesday - Microsoft
2. CyTRAP Labs: security reminder - 2008-07-08 - Patch Tuesday - Microsoft
3. CyTRAP Labs: security reminder - 2008-06-10 - Patch Tuesday - Microsoft
4. CyTRAP Labs’ reminder - 2008-05-08 - Adobe Reader AND Adobe Acrobat - critical update
5. CyTRAP Labs’ tip - Microsoft Windows XP SP3 RC2

Email This Post | Print This Post