CyTRAP Labs: security reminder - 2008-05-13 - Patch Tuesday - Microsoft
| Microsoft has released 3 security bulletinsCVE-2008-1091, CVE-2008-1434, CVE-2008-0119, CVE-2008-1437, CVE-2008-1438, |
| All 3 of these bulletings are ranked critical - by Microsoft, which means ‘can result in remote code execution’ 3 are important (this summary focuses on the critical ones only) |
| If you have Automatic Update activated for your PC, these patches will be downloaded automatically |
| Does your automatic update work properly?
If you are not sure if it does, check below, otherwise by mid-day 2008-05-14 the downloads should be on your machine…. remember, installing the downloads might necessitate a reboot. Just wait until you stop working once you shut down your machine that will suffice to get them installed. |
| CyTRAP Labs security risk barometer - 4 = critical |
||||
| low | elevated | moderately critical |
critical | severe |
| 1 | 2 | 3 | 4 | 5 |
For more information and explanations about the CyTRAP Labs risk barometer you can visit here:
CyTRAP Labs security risk barometer
| what Microsoft Patch Tuesday has in store for us this month | |
| operating system affected |
|
| affected software |
|
| risk | 3 security bulletins rated critical BY Microsoft were released …the risk rating given for these vulnerabilities by CyTRAP Labs is a 4 (four out of five levels) = CRITICAL - orange |
| how long did this vulnerability remain unpatched since it was publicly disclosed ==> zero-day alert | these vulnerabilities have been known for a while (several months), however, none were actively exploited. |
| patch prioritization - client side impact | users and administrators are urged to roll out this patch as soon as possible, once it has been verified that it does not break any internal applications. |
| where is the patch? | will be downloaded using Automatic Update, update is detected by the MBSA: CyTRAP Labs tip - using the Microsoft Baseline Security Analzyer called MBSA |
| what should one do? | If your Automatic Update is functioning properly, you are covered. CyTRAP Labs tip - how to make sure the latest security patch is installed |
| how can I check that I do have the latest version installed | find out more information how cou can check that this update is installed as well on your PC or server here: |
| not patching the vulnerability could cause what kind of damage to my PC? | could be exploited by attackers to execute arbitrary code on the user’s machine BETTER patch NOW |
| Once updated, what do you need to do? | These updates will require a restart for your PC. |
| Where can you get the overall summary Microsoft has issued? | full version of the Microsoft Security Bulletin Summary for May 2008 |
| where can one get details about each of the patches released on this month’s Microsoft Patch TuesdayWe list the critical ones only - there were 5 important ones as well | - Vulnerabilities in Microsoft Word Could Allow Remote Code Executionu (951207) - Microsoft Security Bulletin MS08-026 - CRITICAL
- Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208) MS08-027 - CRITICAL - Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044) Microsoft Security Bulletin MS08-028 - CRITICAL |
| release date from vendor | 2008-04-08 - Pacific Standard Time |
| why is this a reminder and not an alert? | security alert or reminder - that’s the question |
| did CASEScontact.org release an advisory about these vulnerabilities earlier? | No we did not issue a zero-day alert |
| CASEScontact.org release a zero-day advisory | NO we did not issue a zero-day advisory see also patched zero-day archive) |
| Common Vulnerabilities and Exposures (CVE) project has assigned the following numbers to these vulnerabilities that were patched by Microsoft | CVE-2008-1091, CVE-2008-1434, CVE-2008-0119, CVE-2008-1437, CVE-2008-1438, |
Please make sure that your PC is patched - thank you.
| If this post was helpful to you, please consider stumbling it this WinCurity post from CyTRAP Labs. | |
| Also of interest: | |
| CyTRAP Labs: security reminder - 2008-04-08 - Patch Tuesday - Microsoft | CyTRAP Labs: security reminder - 2008-03-11 - Patch Tuesday - Microsoft |
| the mission of ComMetrics | why benchmark |
CVE 2008 0119, CVE 2008 1091, CVE 2008 1434, CVE 2008 1437, CVE 2008 1438, Microsoft Malware Protection Engine, Microsoft Office, Microsoft Publisher, patch Tuesday, remote code execution, security alert, security bulletin, security reminder, updates, Vulnerabilities, Windows Vista, windows vista x64, Windows XP, windows xp professional
