« CyTRAP Labs: security reminder - 2008-05-13 - Patch Tuesday - Microsoft
CyTRAP Labs: security reminder - 2008-07-08 - Patch Tuesday - Microsoft »

CyTRAP Labs: security reminder - 2008-06-10 - Patch Tuesday - Microsoft

    Microsoft has released 7 security bulletins CVE-2008-1453, CVE-2008-1442, CVE-2008-1544, CVE-2008-0011, CVE-2008-1444.
    3 of these bulletings are ranked critical - by Microsoft, which means ‘can result in remote code execution’ 3 are important (this summary focuses on the critical ones only)

    If you have Automatic Update activated for your PC, these patches will be downloaded automatically.

    Does your automatic update work properly?If you are not sure if it does, check below, otherwise by mid-day 2008-06-11 the downloads should be on your machine…. remember, installing the downloads might necessitate a reboot. Just wait until you stop working once you shut down your machine that will suffice to get them installed.

This vulnerabilities exposes you to a risk that we rate as follows:

CyTRAP Labs security risk barometer - 4 = critical
low elevated moderately
critical		 critical severe
1 2 3 4 5

For more information and explanations about the CyTRAP Labs risk barometer you can visit here:CyTRAP Labs security risk barometer

what Microsoft Patch Tuesday has in store for us this month
operating system affected
  • Windows (XP, Windows Vista, Windows Server),
  • Microsoft DirectX 7.0, 8.1, 9.0, 10.0
  • Microsoft Internet Explorer 5.1, 6, 7
affected software
  • see above
risk 3 security bulletins rated critical BY Microsoft were released …the risk rating given for these vulnerabilities by CyTRAP Labs is a 4 (four out of five levels) = CRITICAL - orange
how long did this vulnerability remain unpatched since it was publicly disclosed ==> zero-day alert these vulnerabilities have been known for a while (several months), however, none were actively exploited.
patch prioritization - client side impact users and administrators are urged to roll out this patch as soon as possible, once it has been verified that it does not break any internal applications.
where is the patch? will be downloaded using Automatic Update, update is detected by the MBSA:
CyTRAP Labs tip - using the Microsoft Baseline Security Analzyer called MBSA
what should one do? If your Automatic Update is functioning properly, you are covered.
CyTRAP Labs tip - how to make sure the latest security patch is installed
how can I check that I do have the latest version installed find out more information how cou can check that this update is installed as well on your PC or server here:
not patching the vulnerability could cause what kind of damage to my PC? could be exploited by attackers to execute arbitrary code on the user’s machine BETTER patch NOW
Once updated, what do you need to do? These updates will require a restart for your PC.
Where can you get the overall summary Microsoft has issued? full version of the Microsoft Security Bulletin Summary for July 2008
where can one get details about each of the patches released on this month’s Microsoft Patch TuesdayWe list the critical ones only - there were 5 important ones as well - Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) - Microsoft Security Bulletin MS08-030 - CRITICAL- Cumulative Security Update for Internet Explorer (950759) Microsoft Security Bulletin MS08-031 - CRITICAL - Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) Microsoft Security Bulletin MS08-033 - CRITICAL
release date from vendor 2008-06-10 - Pacific Standard Time
why is this a reminder and not an alert? security alert or reminder - that’s the question
did CASEScontact.org release an advisory about these vulnerabilities earlier? No we did not issue a zero-day alert
CASEScontact.org release a zero-day advisory NO we did not issue a zero-day advisory see also patched zero-day archive)
Common Vulnerabilities and Exposures (CVE) project has assigned the following numbers to these vulnerabilities that were patched by Microsoft CVE-2008-1453, CVE-2008-1442, CVE-2008-1544, CVE-2008-0011,
CVE-2008-1444,

Please make sure that your PC is patched - thank you.

If this post was helpful to you, please consider stumbling it this WinCurity post from CyTRAP Labs.
Also of interest:
CyTRAP Labs: security reminder - 2008-04-08 - Patch Tuesday - Microsoft CyTRAP Labs: security reminder - 2008-06-10 - Patch Tuesday - Microsoft
the mission of ComMetrics why benchmark

Please stay abreast the latest developments:appear here in this part of cyberspace.

Also of interest:
InfoSec InfoSec - follow us on Twitter sign up to our alerts about zero-day exploits and newsletters here
CASEScontact CASEScontact follow us on Twitter What is Twitter good for

Technorati , , , , , , , , , , , , , , , , , , ,

This entry was posted on Tuesday, June 10th, 2008 at 18:00 and is filed under

WordPress database error: [Can't find file: './Blog/wp_post2cat.frm' (errno: 13)]
SELECT post_id, category_id FROM wp_post2cat WHERE post_id IN (388)

Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

WordPress database error: [Table './Blog/wp_comments' is marked as crashed and last (automatic?) repair failed]
SELECT * FROM wp_comments WHERE comment_post_ID = '388' AND comment_approved = '1' ORDER BY comment_date

Leave a Reply

WordPress database error: [Table './Blog/wp_comments' is marked as crashed and last (automatic?) repair failed]
DESC wp_comments


Warning: Invalid argument supplied for foreach() in /var/www/hosts/cases/blog/wp-content/plugins/subscribe-to-comments.php on line 676

WordPress database error: [Table './Blog/wp_comments' is marked as crashed and last (automatic?) repair failed]
ALTER TABLE wp_comments ADD COLUMN comment_subscribe enum('Y','N') NOT NULL default 'N'

Protected by WP-Hashcash.