CyTRAP Labs: security reminder - 2008-04-08 - Patch Tuesday - Microsoft
| Microsoft has released 8 security bulletins |
| 5 of these bulletings are ranked critical - by Microsoft, which means ‘can result in remote code execution’ 3 are important (this summary focuses on the critical ones only) |
| If you have Automatic Update activated for your PC, these patches will be downloaded automatically |
| does your automatic update work properly?If you are not sure if it does, check below, otherwise by mid-day 2008-03-13 the downloads should be on your machine…. remember, installing the downloads might necessitate a reboot.
Just wait until you stop working once you shut down your machine that will suffice to get them installed. |
| CyTRAP Labs security risk barometer - 4 = critical |
||||
| low | elevated | moderately critical |
critical | severe |
| 1 | 2 | 3 | 4 | 5 |
CyTRAP Labs security risk barometer
| what Microsoft Patch Tuesday has in store for us this month | |
| operating system affected |
|
| affected software |
|
| risk | 5 security bulletins rated critical BY Microsoft were released …
the risk rating given for these vulnerabilities by CyTRAP Labs is a 4 (four out of five levels) = CRITICAL - orange |
| how long did this vulnerability remain unpatched since it was publicly disclosed ==> zero-day alert | these vulnerabilities have been known for a while (several months), however, it was not actively exploited. |
| patch prioritization - client side impact | users and administrators are urged to roll out this patch as soon as possible, once it has been verified that it does not break any internal applications. |
| where is the patch? | will be downloaded using Automatic Update, update is detected by the MBSA: CyTRAP Labs tip - using the Microsoft Baseline Security Analzyer called MBSA |
| what should one do? | If your Automatic Update is functioning properly, you are covered. CyTRAP Labs tip - how to make sure the latest security patch is installed |
| how can I check that I do have the latest version installed | find out more information how cou can check that this update is installed as well on your PC or server here: |
| not patching the vulnerability could cause what kind of damage to my PC? | could be exploited by attackers to execute arbitrary code on the user’s machine BETTER patch NOW |
| Once updated, what do you need to do? | These updates will require a restart for your PC. |
| Where can you get the overall summary Microsoft has issued? | full version of the Microsoft Security Bulletin Summary for April 2008 |
| where can one get details about each of the patches released on this month’s Microsoft Patch TuesdayWe list the critical ones only - there were 5 important ones as well | - Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183) - Microsoft Security Bulletin MS08-018 - CRITICAL Vulnerabilities in GDI Could Allow Remote Code Execution (948590) MS08-021 - CRITICAL
|
| release date from vendor | 2008-04-08 - Pacific Standard Time |
| why is this a reminder and not an alert? | security alert or reminder - that’s the question |
| did CASEScontact.org release an advisory about these vulnerabilities earlier? | No we did not issue a zero-day alert |
| CASEScontact.org release a zero-day advisory | NO we did not issue a zero-day advisory see also patched zero-day archive) |
| Common Vulnerabilities and Exposures (CVE) project has assigned the following numbers to these vulnerabilities that were patched by Microsoft | CVE-2008-1083, CVE-2008-1085, CVE-2008-1086, CVE-2008-1087, CVE-2008-1088, |
Please make sure that your PC is patched - thank you.
| If this post was helpful to you, please consider stumbling it or Digg this WinCurity post from CyTRAP Labs. | |
| Also of interest: | |
| CyTRAP Labs: security reminder - 2008-02-12 - Patch Tuesday - Microsoft | CyTRAP Labs: security reminder - 2008-03-11 - Patch Tuesday - Microsoft |
| the mission of ComMetrics | why benchmark |
advisory, alert, CERT, CVE 2008 1083, CVE 2008 1085, CVE 2008 1086, CVE 2008 1087, CVE 2008 1088, Early Warning System, EWS, Labs risk barometer, Microsoft Office, microsoft security bulletin, microsoft security bulletin summary, Microsoft Windows, ms08 014, ms08 015, ms08 016, ms08 017, MS08 018, MS08 021, MS08 022, MS08 023, MS08 024, patch Tuesday, remote code execution, security alert, security bulletin, security reminder, updates, Vulnerabilities, Windows Vista, windows vista x64, Windows XP, windows xp professional
