Microsoft Security Bulletin(s) for April 8 2008

Microsoft Security Bulletin(s) for April 8 2008

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://www.microsoft.com/technet/security/bulletin/ms08-apr.mspx

Critical (5)

Microsoft Security Bulletin MS08-018
Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)
http://www.microsoft.com/technet/security/Bulletin/MS08-018.mspx

Microsoft Security Bulletin MS08-021
Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
http://www.microsoft.com/technet/security/bulletin/ms08-021.mspx


Microsoft Security Bulletin MS08-022
Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution 944338
http://www.microsoft.com/technet/security/Bulletin/ms08-022.mspx

Microsoft Security Bulletin MS08-023
Security Update of ActiveX Kill Bits (948881)
http://www.microsoft.com/technet/security/bulletin/ms08-023.mspx

Microsoft Security Bulletin MS08-024
Cumulative Security Update for Internet Explorer (947864)
http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx

Important (3)

Microsoft Security Bulletin MS08-020
Vulnerability in DNS Client Could Allow Spoofing (945553)
http://www.microsoft.com/technet/security/bulletin/ms08-020.mspx

Microsoft Security Bulletin MS08-025
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)
http://www.microsoft.com/technet/security/bulletin/ms08-025.mspx

Microsoft Security Bulletin MS08-019
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)
http://www.microsoft.com/technet/security/Bulletin/MS08-019.mspx


Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

TechNet Webcast: Information About Microsoft April Security Bulletins (Level 200)
Event ID: 1032357219

Language(s): English.
Product(s): Security.
Audience(s): IT Professionals.

Duration: 60 Minutes
Start Date: Wednesday, April 09, 2008 11:00 AM Pacific Time (US & Canada)

Event Overview

On April 8, 2008, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the April security bulletins. The intent of this webcast is to address your concerns. Therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from our security experts.

Presenters: Tim Rains, Security Response Communications Lead, Microsoft Corporation, and Adrian Stone, Lead Security Program Manager, Microsoft Corporation


Register now for the April security bulletin webcast.

 

Malicious Software Removal Tool
Published: January 11, 2005 | Updated: April 8, 2008

Brief Description
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

New Additions
We have added detection and cleaning capabilities for the following malicious software:

• Virtumonde
http://go.microsoft.com/fwlink/?linkid=37020&name=Win32/Virtumonde

• Vundo
http://go.microsoft.com/fwlink/?linkid=37020&name=Win32/Vundo

• Newacc
http://go.microsoft.com/fwlink/?linkid=37020&name=Win32/Newacc



http://www.microsoft.com/security/malwareremove/default.mspx

 

April 2008 Security Releases ISO Image
Brief Description
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on April 8th, 2008.
Overview
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on April 8th, 2008. The image does not contain security updates for other Microsoft products. This DVD5 ISO image is intended for administrators that need to download multiple individual language versions of each security update and that do not use an automated solution such as Windows Server Update Services (WSUS). You can use this ISO image to download multiple updates in all languages at the same time.

Important: Be sure to check the individual security bulletins at http://www.microsoft.com/technet/security prior to deployment of these updates to ensure that the files have not been updated at a later date.

http://www.microsoft.com/downloads/...21-007f-4ee5-a440-d9caf613ae2a&DisplayLang=en

 

Microsoft Security Bulletin Minor Revisions

Issued: April 9, 2008

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.


Bulletin Information:

* MS08-025 - Important

- http://www.microsoft.com/technet/security/bulletin/ms08-025.mspx
- Reason for Revision: V1.1 April 9, 2008 Bulletin updated to
clarify the Known Issues section of the FAQ.
- Originally posted: April 8, 2008
- Updated: April 9, 2008
- Bulletin Severity Rating: Important
- Version: 1.1

* MS08-022 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms08-022.mspx
- Reason for Revision: V1.1 April 9, 2008 Bulletin updated.
Combined JScript with VBScript in the Vulnerability Severity
rating table.
- Originally posted: April 8, 2008
- Updated: April 9, 2008
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS08-021 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms08-021.mspx
- Reason for Revision: V1.1 April 9, 2008 Bulletin updated to
add a Known Issues link to Microsoft Knowledge Base Article
948590, to add a Known Issues section to the FAQ, to update
the uninstall registry path, and to update the Acknowledgments.
- Originally posted: April 8, 2008
- Updated: April 9, 2008
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS08-020 - Important

- http://www.microsoft.com/technet/security/bulletin/ms08-020.mspx
- Reason for Revision: V1.1 April 9, 2008 Bulletin updated to
add Windows Vista x64 Edition to the list of affected
software in the Executive Summary.
- Originally posted: April 8, 2008
- Updated: April 9, 2008
- Bulletin Severity Rating: Important
- Version: 1.1

* MS08-019 - Important

- http://www.microsoft.com/technet/security/bulletin/ms08-019.mspx
- Reason for Revision: V1.1 April 9, 2008 Known Issues updated.
- Originally posted: April 8, 2008
- Updated: April 9, 2008
- Bulletin Severity Rating: Important
- Version: 1.1

* MS08-018 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms08-018.mspx
- Reason for Revision: V1.1 April 9, 2008 Bulletin updated to
add Microsoft Project 2003 Service Pack 3 to the Non-Affected
Software table, to add a link to Microsoft Knowledge Base
Article 950183 in Known Issues, and to add a section for
Microsoft Project 2003 Service Pack 3 to the FAQ.
- Originally posted: April 8, 2008
- Updated: April 9, 2008
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS08-015 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms08-015.mspx
- Reason for Revision: V1.3 April 9, 2008 Bulletin updated.
Added link to Microsoft Knowledge Base Article 949031 in
Known Issues.
- Originally posted: March 11, 2008
- Updated: April 9, 2008
- Bulletin Severity Rating: Critical
- Version: 1.3

 

Microsoft Security Bulletin Minor Revisions
Issued: April 16, 2008

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

Bulletin Information:
=====================

* MS08-024 - Critical

- Reason for Revision: V1.1 (April 16, 2008 Corrected the
uninstall utility path for Windows XP (all editions).
- Originally posted: April 8, 2008
- Updated: April 16, 2008
- Bulletin Severity Rating: Critical
- Version: 1.1
http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx

* MS08-023 - Critical

- Reason for Revision: V1.1 (April 16, 2008 Corrected the
uninstall utility path for Windows XP (all editions).
- Originally posted: April 8, 2008
- Updated: April 16, 2008
- Bulletin Severity Rating: Critical
- Version: 1.1
http://www.microsoft.com/technet/security/bulletin/ms08-023.mspx

* MS08-019 - Important

- Reason for Revision: V1.3 (April 16, 2008 Bulletin updated:
Added entry to Update FAQ to describe additional security
features included for Microsoft Office 2003 Service Pack 2,
and clarified affected software.
- Originally posted: April 8, 2008
- Updated: April 16, 2008
- Bulletin Severity Rating: Important
- Version: 1.3
http://www.microsoft.com/technet/security/bulletin/ms08-019.mspx

* MS08-018 - Critical

- Reason for Revision: V1.2 (April 16, 2008 Bulletin updated:
Added entry to Update FAQ to describe additional security
features included for Microsoft Office 2003 Service Pack 2,
and Microsoft Baseline Security Analyzer and Systems
Management Server tables updated to match the Affected
Software table.
- Originally posted: April 8, 2008
- Updated: April 16, 2008
- Bulletin Severity Rating: Critical
- Version: 1.2
http://www.microsoft.com/technet/security/bulletin/ms08-018.mspx

* MS08-015 - Critical

- Reason for Revision: V1.4 (April 16, 2008 Bulletin updated:
Added entry to Update FAQ to describe additional security
features included for Microsoft Office 2003 Service Pack 2.
- Originally posted: March 11, 2008
- Updated: April 16, 2008
- Bulletin Severity Rating: Critical
- Version: 1.4
http://www.microsoft.com/technet/security/bulletin/ms08-015.mspx

* MS08-014 - Critical

- Reason for Revision: V3.1 (April 16, 2008 Bulletin updated:
Added entry to Update FAQ to describe additional security
features included for Microsoft Office 2003 Service Pack 2.
- Originally posted: March 11, 2008
- Updated: April 16, 2008
- Bulletin Severity Rating: Critical
- Version: 3.1
http://www.microsoft.com/technet/security/bulletin/ms08-014.mspx

* MS08-013 - Critical

- Reason for Revision: V1.3 (April 16, 2008 Bulletin updated:
Added entry to Update FAQ to describe additional security
features included for Microsoft Office 2003 Service Pack 2.
- Originally posted: February 12, 2008
- Updated: April 16, 2008
- Bulletin Severity Rating: Critical
- Version: 1.3
http://www.microsoft.com/technet/security/bulletin/ms08-013.mspx

* MS08-011 - Important

- Reason for Revision: V1.1 (April 16, 2008 Bulletin updated:
Added entry to Update FAQ to describe additional security
features included for Microsoft Office 2003 Service Pack 2.
- Originally posted: February 12, 2008
- Updated: April 16, 2008
- Bulletin Severity Rating: Important
- Version: 1.1

http://www.microsoft.com/technet/security/bulletin/ms08-011.mspx


* MS08-010 - Critical

- Reason for Revision: V1.3 (April 16, 2008 Corrected the
uninstall utility path for Internet Explorer 6 for Windows XP.
- Originally posted: February 12, 2008
- Updated: April 16, 2008
- Bulletin Severity Rating: Critical
- Version: 1.3

http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx

* MS08-009 - Critical
- Reason for Revision: V1.1 (April 16, 2008 Bulletin updated:
Added entry to Update FAQ to describe additional security
features included for Microsoft Office 2003 Service Pack 2.
- Originally posted: February 12, 2008
- Updated: April 16, 2008
- Bulletin Severity Rating: Critical
- Version: 1.1
http://www.microsoft.com/technet/security/bulletin/ms08-009.mspx

 

Microsoft Security Bulletin Re-Releases - April 16, 2008

Microsoft Security Bulletin Re-Releases
Issued: April 16, 2008

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

Bulletin Information:
=====================

* MS08-016 - Critical

- Reason for Revision: V2.0 (April 16, 2008 Bulletin updated.
Added Microsoft Office Word Viewer 2003 and Microsoft Office
Word Viewer 2003 Service Pack 3 as affected software.
- Originally posted: March 11, 2008
- Updated: April 16, 2008
- Bulletin Severity Rating: Critical
- Version: 2.0
http://www.microsoft.com/technet/security/bulletin/ms08-016.mspx

 

Title: Microsoft Security Advisory Notification
Issued: April 17, 2008
********************************************************************

Security Advisories Updated or Released Today ==============================================

* Microsoft Security Advisory (951306)
- Title: Vulnerability in Windows Could Allow
Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/951306.mspx
- Revision Note: Advisory published.

 

Microsoft Security Bulletin Minor Revisions
Issued: April 18, 2008

Summary
=======

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.


Bulletin Information:
=====================

* MS08-019 - Important

- http://www.microsoft.com/technet/security/bulletin/ms08-019.mspx
- Reason for Revision: V1.4 (April 17, 2008 Updated FAQ entry
about known issue relating to a Visio 2007 detection problem.
- Originally posted: April 8, 2008
- Updated: April 18, 2008
- Bulletin Severity Rating: Important
- Version: 1.4

 

Microsoft Security Bulletin Revisions - April 22, 2008

Microsoft Security Bulletin Revisions
Issued: April 22, 2008

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS08-024 - Critical
* MS07-040 - Critical

Bulletin Information:
=====================

* MS08-024 - Critical
http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx

- Reason for Revision: V2.0 (April 22, 2008 Added Internet
Explorer 7 for Windows XP Service Pack 3 and Internet
Explorer 7 for Windows XP x64 Edition Service Pack 3 to
affected software.
- Originally posted: April 8, 2008
- Updated: April 22, 2008
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS07-040 - Critical
- http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx

- Reason for Revision: V3.0 (April 22, 2008 Bulletin updated:
Added .NET Framework 1.0 (KB928367), .NET Framework 1.1
(KB928366), and .NET Framework Version 2.0 (KB928365) as
affected components for Windows XP Service Pack 3 and Windows
XP Professional x64 Edition Service Pack 3. This is a
detection update only. There were no changes to the binaries.
- Originally posted: July 10, 2007
- Updated: April 22, 2008
- Bulletin Severity Rating: Critical
- Version: 3.0