Patch Tuesday Analysis for April 2008

As usual most of the patches this month address workstation vulnerabilities. If you are responsible for workstation security be sure to review all of these patches and plan to deploy them. Thankfully you have time for testing and planning since none of this month’s vulnerabilities are public or being exploited at this time.

2 of the vulnerabilities are possibly an issue for servers, too:

  • The DNS Client (945553) vulnerability could be a real issue for workstations but should only be a problem for internal servers from bad guys that can deploy bogus DNS servers on your network.
  • The Windows Kernel vulnerability (941693) is an issue for Terminal Servers and is also an issue on workstations where the end-user is already an admin.

Remember, on servers, you can avoid most vulnerabilities and the resulting patches by refraining from any type of end-user activities while logged on locally or via Remote Desktop. That means no web browsing, email, working with Office documents or other files – including images – downloaded from the Internet.

Chart of this month’s patches follows.
 

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS08-025

941963
Privilege elevation

/ Windows
Workstations
Terminal Servers
Servers
Domain Controllers
No/NoNoImportant XP
Server 2003
Server 2008
Web Server 2008
Datacenter Server 2000
Restart Req'dPatch after testing
MS08-022

944338
Arbitrary code

/ VBScript & JavaScript
Workstations
Terminal Servers
No/NoYesCritical Win2000
XP
Server 2003
IE 7 not affected; Restart Req’dPatch after testing or upgrade to IE 7
MS08-020

945553
Spoofing

/ DNS Client
Workstations
Terminal Servers
Servers
Domain Controllers
No/NoNoImportant Win2000
XP
Vista
Win2008
Server 2003
Restart Req’dPatch after testing
MS08-024

947864
Arbitrary code

/ IE
Workstations
Terminal Servers
No/NoNoCritical Win2000
XP
Vista
Server 2003
Server 2008
Web Server 2008
Restart Req'dPatch after testing
MS08-021

948590
Arbitrary code

Workstations
Terminal Servers
No/NoYesCritical XP
Vista
Server 2003
Server 2008
Web Server 2008
Restart Req'dPatch after testing
MS08-023

948881
Arbitrary code

/ IE
Workstations
Terminal Servers
No/NoYesCritical Win2000
XP
Vista
Win2008
Server 2000
Server 2008
Web Server 2008
Restart may be Req’dSet kill bit for affected ActiveX; Patch after testing
MS08-019

949032
Arbitrary code

/ Office Visio
Workstations
Terminal Servers
No/NoNoImportant Visio 2003
Visio 2002
Visio 2007
NonePatch after testing
MS08-018

950183
Arbitrary code

/ Office Project
Workstations
Terminal Servers
No/NoNoCritical Project 2003
Project 2000
Project 2002
NonePatch after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.