Microsoft Security Bulletins for April 2008

Donna Buenaventura · Apr 8, 2008

Note: There may be latency issues due to replication, if the page does not
display keep refreshing or try later.

MS08-018 - Vulnerability in Microsoft Project Could Allow Remote Code
Execution (950183)
http://www.microsoft.com/technet/security/...n/MS08-018.mspx
MS08-019 - Vulnerabilities in Microsoft Visio Could Allow Remote Code
Execution (949032)
http://www.microsoft.com/technet/security/...n/MS08-019.mspx
MS08-020 - Vulnerability in DNS Client Could Allow Spoofing (945553)
http://www.microsoft.com/technet/security/...n/MS08-020.mspx
MS08-021 - Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
http://www.microsoft.com/technet/security/...n/MS08-021.mspx
MS08-022 - Vulnerability in VBScript and JScript Scripting Engines Could
Allow Remote Code Execution (944338)
http://www.microsoft.com/technet/security/...n/MS08-022.mspx
MS08-023 - Security Update of ActiveX Kill Bits (948881)
http://www.microsoft.com/technet/security/...n/MS08-023.mspx
MS08-024 - Cumulative Security Update for Internet Explorer (947864)
http://www.microsoft.com/technet/security/...n/MS08-024.mspx
MS08-025 - Vulnerability in Windows Kernel Could Allow Elevation of
Privilege (941693)
http://www.microsoft.com/technet/security/...n/MS08-025.mspx

For information about non-security releases on Windows Update and Microsoft
update, please see:
http://support.microsoft.com/kb/894199/en-us
http://technet.microsoft.com/en-us/wsus/bb466214.aspx

The monthly security bulletin webcast is scheduled tomorrow, April 9, 2008
at 11 a.m., PST:
http://msevents.microsoft.com/CUI/EventDet...9&Culture=en-US

Please scan your system using Microsoft Baseline Security Analyzer for
missing security updates as well as common security misconfigurations:
http://www.microsoft.com/technet/security/...s/mbsahome.mspx

Customers in the U.S. and Canada can receive technical support from
Microsoft Product Support Services at 1-866-PCSAFETY.
International customers can receive support from their local Microsoft
subsidiaries http://support.microsoft.com/common/international.aspx
There is no charge for support that is associated with security updates.

Security Bulletin Summary:
http://www.microsoft.com/technet/security/...n/ms08-apr.mspx
http://www.microsoft.com/protect/computer/...ins/200804.mspx
Microsoft Security Response Center Blog: http://blogs.technet.com/msrc/
Microsoft Security Vulnerability Research and Defense Blog:
http://blogs.technet.com/swi/
For other Microsoft security tools and resources, visit
http://www.microsoft.com/security/portal/resources.aspx

Regards,

Donna Buenaventura
Calendar of Updates: http://cou.dozleng.com

Donna Buenaventura · Apr 8, 2008

MSRC's blog entry at
http://blogs.technet.com/msrc/archive/2008...ly-release.aspx

"Donna Buenaventura" wrote in message
news:4AFE2E5D-07FA-4873-AE6E-F544F10150EC@microsoft.com...
> Note: There may be latency issues due to replication, if the page does not
> display keep refreshing or try later.
>
> MS08-018 - Vulnerability in Microsoft Project Could Allow Remote Code
> Execution (950183)
> http://www.microsoft.com/technet/security/...n/MS08-018.mspx
> MS08-019 - Vulnerabilities in Microsoft Visio Could Allow Remote Code
> Execution (949032)
> http://www.microsoft.com/technet/security/...n/MS08-019.mspx
> MS08-020 - Vulnerability in DNS Client Could Allow Spoofing (945553)
> http://www.microsoft.com/technet/security/...n/MS08-020.mspx
> MS08-021 - Vulnerabilities in GDI Could Allow Remote Code Execution
> (948590)
> http://www.microsoft.com/technet/security/...n/MS08-021.mspx
> MS08-022 - Vulnerability in VBScript and JScript Scripting Engines Could
> Allow Remote Code Execution (944338)
> http://www.microsoft.com/technet/security/...n/MS08-022.mspx
> MS08-023 - Security Update of ActiveX Kill Bits (948881)
> http://www.microsoft.com/technet/security/...n/MS08-023.mspx
> MS08-024 - Cumulative Security Update for Internet Explorer (947864)
> http://www.microsoft.com/technet/security/...n/MS08-024.mspx
> MS08-025 - Vulnerability in Windows Kernel Could Allow Elevation of
> Privilege (941693)
> http://www.microsoft.com/technet/security/...n/MS08-025.mspx
>
> For information about non-security releases on Windows Update and
> Microsoft update, please see:
> http://support.microsoft.com/kb/894199/en-us
> http://technet.microsoft.com/en-us/wsus/bb466214.aspx
>
> The monthly security bulletin webcast is scheduled tomorrow, April 9, 2008
> at 11 a.m., PST:
> http://msevents.microsoft.com/CUI/EventDet...9&Culture=en-US
>
> Please scan your system using Microsoft Baseline Security Analyzer for
> missing security updates as well as common security misconfigurations:
> http://www.microsoft.com/technet/security/...s/mbsahome.mspx
>
> Customers in the U.S. and Canada can receive technical support from
> Microsoft Product Support Services at 1-866-PCSAFETY.
> International customers can receive support from their local Microsoft
> subsidiaries http://support.microsoft.com/common/international.aspx
> There is no charge for support that is associated with security updates.
>
> Security Bulletin Summary:
> http://www.microsoft.com/technet/security/...n/ms08-apr.mspx
> http://www.microsoft.com/protect/computer/...ins/200804.mspx
> Microsoft Security Response Center Blog: http://blogs.technet.com/msrc/
> Microsoft Security Vulnerability Research and Defense Blog:
> http://blogs.technet.com/swi/
> For other Microsoft security tools and resources, visit
> http://www.microsoft.com/security/portal/resources.aspx
>
> Regards,
>
> Donna Buenaventura
> Calendar of Updates: http://cou.dozleng.com

PA Bear [MS MVP] · Apr 8, 2008

Request: Please eliminate any unnecessary/inappropriate crossposting in your
replies to this thread. Thanks.
--
~PA Bear

niks · Apr 8, 2008

After running windows updates and installing all the updates, including the
security updates I rebooted my laptop to find I could not connect to the
internet. After many reboots I rolled back my system. After the roll back I
could connect to the internet again. I then run windows updates, but this
time I deselected the security updates. After rebooting I was pleased to see
I could connect to the internet still.

I am not happy that the security updates that where there to protect my
computer protected me a little bit too much by stopping connecting to the
internet.

NIK

"Donna Buenaventura" wrote in message
news:4AFE2E5D-07FA-4873-AE6E-F544F10150EC@microsoft.com...
> Note: There may be latency issues due to replication, if the page does not
> display keep refreshing or try later.
>
> MS08-018 - Vulnerability in Microsoft Project Could Allow Remote Code
> Execution (950183)
> http://www.microsoft.com/technet/security/...n/MS08-018.mspx
> MS08-019 - Vulnerabilities in Microsoft Visio Could Allow Remote Code
> Execution (949032)
> http://www.microsoft.com/technet/security/...n/MS08-019.mspx
> MS08-020 - Vulnerability in DNS Client Could Allow Spoofing (945553)
> http://www.microsoft.com/technet/security/...n/MS08-020.mspx
> MS08-021 - Vulnerabilities in GDI Could Allow Remote Code Execution
> (948590)
> http://www.microsoft.com/technet/security/...n/MS08-021.mspx
> MS08-022 - Vulnerability in VBScript and JScript Scripting Engines Could
> Allow Remote Code Execution (944338)
> http://www.microsoft.com/technet/security/...n/MS08-022.mspx
> MS08-023 - Security Update of ActiveX Kill Bits (948881)
> http://www.microsoft.com/technet/security/...n/MS08-023.mspx
> MS08-024 - Cumulative Security Update for Internet Explorer (947864)
> http://www.microsoft.com/technet/security/...n/MS08-024.mspx
> MS08-025 - Vulnerability in Windows Kernel Could Allow Elevation of
> Privilege (941693)
> http://www.microsoft.com/technet/security/...n/MS08-025.mspx
>
> For information about non-security releases on Windows Update and
> Microsoft update, please see:
> http://support.microsoft.com/kb/894199/en-us
> http://technet.microsoft.com/en-us/wsus/bb466214.aspx
>
> The monthly security bulletin webcast is scheduled tomorrow, April 9, 2008
> at 11 a.m., PST:
> http://msevents.microsoft.com/CUI/EventDet...9&Culture=en-US
>
> Please scan your system using Microsoft Baseline Security Analyzer for
> missing security updates as well as common security misconfigurations:
> http://www.microsoft.com/technet/security/...s/mbsahome.mspx
>
> Customers in the U.S. and Canada can receive technical support from
> Microsoft Product Support Services at 1-866-PCSAFETY.
> International customers can receive support from their local Microsoft
> subsidiaries http://support.microsoft.com/common/international.aspx
> There is no charge for support that is associated with security updates.
>
> Security Bulletin Summary:
> http://www.microsoft.com/technet/security/...n/ms08-apr.mspx
> http://www.microsoft.com/protect/computer/...ins/200804.mspx
> Microsoft Security Response Center Blog: http://blogs.technet.com/msrc/
> Microsoft Security Vulnerability Research and Defense Blog:
> http://blogs.technet.com/swi/
> For other Microsoft security tools and resources, visit
> http://www.microsoft.com/security/portal/resources.aspx
>
> Regards,
>
> Donna Buenaventura
> Calendar of Updates: http://cou.dozleng.com
>

Larry · Apr 8, 2008

I had a different problem. I use IE to access aol. I can get to the msg.
bds. ok. But when I try to get to the email I get linked to something called
AOL>MyMobile (or some nonsense like that). I tried to roll back to before
the updates. I got some kind of failure msg. So for now I installed the AOL
s/w. Anyone have any ideas?

"niks" wrote in message
news:FDC4D813-BBAA-445E-866B-1FBC8C1F1EAD@microsoft.com...
> After running windows updates and installing all the updates, including
> the security updates I rebooted my laptop to find I could not connect to
> the internet. After many reboots I rolled back my system. After the roll
> back I could connect to the internet again. I then run windows updates,
> but this time I deselected the security updates. After rebooting I was
> pleased to see I could connect to the internet still.
>
> I am not happy that the security updates that where there to protect my
> computer protected me a little bit too much by stopping connecting to the
> internet.
>
> NIK
>
> "Donna Buenaventura" wrote in message
> news:4AFE2E5D-07FA-4873-AE6E-F544F10150EC@microsoft.com...
>> Note: There may be latency issues due to replication, if the page does
>> not display keep refreshing or try later.
>>
>> MS08-018 - Vulnerability in Microsoft Project Could Allow Remote Code
>> Execution (950183)
>> http://www.microsoft.com/technet/security/...n/MS08-018.mspx
>> MS08-019 - Vulnerabilities in Microsoft Visio Could Allow Remote Code
>> Execution (949032)
>> http://www.microsoft.com/technet/security/...n/MS08-019.mspx
>> MS08-020 - Vulnerability in DNS Client Could Allow Spoofing (945553)
>> http://www.microsoft.com/technet/security/...n/MS08-020.mspx
>> MS08-021 - Vulnerabilities in GDI Could Allow Remote Code Execution
>> (948590)
>> http://www.microsoft.com/technet/security/...n/MS08-021.mspx
>> MS08-022 - Vulnerability in VBScript and JScript Scripting Engines Could
>> Allow Remote Code Execution (944338)
>> http://www.microsoft.com/technet/security/...n/MS08-022.mspx
>> MS08-023 - Security Update of ActiveX Kill Bits (948881)
>> http://www.microsoft.com/technet/security/...n/MS08-023.mspx
>> MS08-024 - Cumulative Security Update for Internet Explorer (947864)
>> http://www.microsoft.com/technet/security/...n/MS08-024.mspx
>> MS08-025 - Vulnerability in Windows Kernel Could Allow Elevation of
>> Privilege (941693)
>> http://www.microsoft.com/technet/security/...n/MS08-025.mspx
>>
>> For information about non-security releases on Windows Update and
>> Microsoft update, please see:
>> http://support.microsoft.com/kb/894199/en-us
>> http://technet.microsoft.com/en-us/wsus/bb466214.aspx
>>
>> The monthly security bulletin webcast is scheduled tomorrow, April 9,
>> 2008 at 11 a.m., PST:
>> http://msevents.microsoft.com/CUI/EventDet...9&Culture=en-US
>>
>> Please scan your system using Microsoft Baseline Security Analyzer for
>> missing security updates as well as common security misconfigurations:
>> http://www.microsoft.com/technet/security/...s/mbsahome.mspx
>>
>> Customers in the U.S. and Canada can receive technical support from
>> Microsoft Product Support Services at 1-866-PCSAFETY.
>> International customers can receive support from their local Microsoft
>> subsidiaries http://support.microsoft.com/common/international.aspx
>> There is no charge for support that is associated with security updates.
>>
>> Security Bulletin Summary:
>> http://www.microsoft.com/technet/security/...n/ms08-apr.mspx
>> http://www.microsoft.com/protect/computer/...ins/200804.mspx
>> Microsoft Security Response Center Blog: http://blogs.technet.com/msrc/
>> Microsoft Security Vulnerability Research and Defense Blog:
>> http://blogs.technet.com/swi/
>> For other Microsoft security tools and resources, visit
>> http://www.microsoft.com/security/portal/resources.aspx
>>
>> Regards,
>>
>> Donna Buenaventura
>> Calendar of Updates: http://cou.dozleng.com
>>
>

PA Bear [MS MVP] · Apr 8, 2008

[Crossposting to Office Update and XP Security_Admin newsgroups eliminated]

Please begin a new thread in an appropriate newsgroup about your problem,
Larry.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

Larry wrote:
> I had a different problem. I use IE to access aol. I can get to the msg.
> bds. ok. But when I try to get to the email I get linked to something
> called
> MyMobile (or some nonsense like that). I tried to roll back to before
> the updates. I got some kind of failure msg. So for now I installed the
> AOL
> s/w. Anyone have any ideas?

Larry · Apr 9, 2008

Ok, but where do you suggest I post it under? I thought this was an
appropriate group to post it under.

"PA Bear [MS MVP]" wrote in message
news:eRD5l$cmIHA.484@TK2MSFTNGP06.phx.gbl...
> [Crossposting to Office Update and XP Security_Admin newsgroups
> eliminated]
>
> Please begin a new thread in an appropriate newsgroup about your problem,
> Larry.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> AumHa VSOP & Admin http://aumha.net
> DTS-L http://dts-l.net/
>
> Larry wrote:
>> I had a different problem. I use IE to access aol. I can get to the msg.
>> bds. ok. But when I try to get to the email I get linked to something
>> called
>> MyMobile (or some nonsense like that). I tried to roll back to before
>> the updates. I got some kind of failure msg. So for now I installed the
>> AOL
>> s/w. Anyone have any ideas?
>

PA Bear [MS MVP] · Apr 9, 2008

I'd say begin a new thread Vista Security and/or IE General, Larry. In your
post, clearly state your Windows version (e.g., Vista SP1), which updates
were installed, and any error messages in their entirety.

Or you can...

Start a free Windows Update support incident request:
https://support.microsoft.com/oas/default.aspx?gprid=6527

Support for Windows Update:
http://support.microsoft.com/gp/wusupport

For home users, no-charge support is available by calling 1-866-PCSAFETY in
the United States and in Canada or by contacting your local Microsoft
subsidiary. There is no-charge for support calls that are associated with
security updates.

If your problem relates to a Cumulative Security Update for IE (e.g.,
KB947864), call the above number and ask to be transferred to the Consumer
IE7 queue (which is 47830).

For more information about how to contact your local Microsoft subsidiary
for security update support issues, visit the International Support Web
site: http://support.microsoft.com/common/international.aspx

For enterprise customers, support for security updates is available through
your usual support contacts.
--
IE-specific newsgroup:
news://msnews.microsoft.com/microsoft.publ...xplorer.general

~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

Larry wrote:
> Ok, but where do you suggest I post it under? I thought this was an
> appropriate group to post it under.
>
> "PA Bear [MS MVP]" wrote in message
> news:eRD5l$cmIHA.484@TK2MSFTNGP06.phx.gbl...
>> [Crossposting to Office Update and XP Security_Admin newsgroups
>> eliminated]
>>
>> Please begin a new thread in an appropriate newsgroup about your problem,
>> Larry.
>> --
>> Larry wrote:
>>> I had a different problem. I use IE to access aol. I can get to the msg.
>>> bds. ok. But when I try to get to the email I get linked to something
>>> called
>>> MyMobile (or some nonsense like that). I tried to roll back to before
>>> the updates. I got some kind of failure msg. So for now I installed the
>>> AOL
>>> s/w. Anyone have any ideas?
>>