Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: Microsoft Patch Tuesday - SANS Internet Storm Center Microsoft Patch Tuesday


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Patch Tuesday 2008-04-08

MS80-18
Title Input validation vulnerability allows code execution when opening a malicious file.
Replaces
Affected Project
KB KB950183
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2008-1088 Unknown
MS80-19
Title Multiple input validation vulnerabilities allow code execution.
Replaces MS70-30
Affected Visio
KB KB949032
Known Exploits No
Microsoft Rating Important
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2008-1089 Unknown
2008-1090 Unknown
MS80-20
Title Windows' DNS client vulnerable to spoofing due to lack of entropy in a random number generator.
Replaces
Affected DNS client
KB KB945553
Known Exploits No
Microsoft Rating Important
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2008-0087 Unknown
MS80-21
Title Heap overflows in opening EMF and WMF images and file name based stack overflow in opening EMF files allow code execution.
Replaces MS70-46
Affected GDI
KB KB948590
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2008-1083 Unknown
2007-1087 Unknown
MS80-22
Title Javascript and visual basic script engines allow code execution.
Replaces MS60-23
Affected Scripting engines
KB KB944338
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2008-0083 Unknown
MS80-23
Title 3rd party killbit for a Yahoo! Music Jukebox activeX control that could allow code execution.
Replaces
Affected ActiveX
KB KB948881
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2008-1086 Unknown
MS80-24
Title Cumulative Internet Explorer patch. Adds protection for an unspecified vulnerability leading to code execution when visiting a compromised or malicious web site.
Replaces MS80-10
Affected MSIE
KB KB947864
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2008-1085 Unknown
MS80-25
Title Input validation vulnerability in the windows kernel allows privilege escalation.
Replaces
Affected Windows kernel
KB KB941693
Known Exploits No
Microsoft Rating Important
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2008-1084 Unknown
We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.