Patch Tuesday Analysis for April 2008
As usual most of the patches this month address workstation vulnerabilities. If you are responsible for workstation security be sure to review all of these patches and plan to deploy them. Thankfully you have time for testing and planning since none of this month’s vulnerabilities are public or being exploited at this time.
2 of the vulnerabilities are possibly an issue for servers, too:
- The DNS Client (945553) vulnerability could be a real issue for workstations but should only be a problem for internal servers from bad guys that can deploy bogus DNS servers on your network.
- The Windows Kernel vulnerability (941693) is an issue for Terminal Servers and is also an issue on workstations where the end-user is already an admin.
Remember, on servers, you can avoid most vulnerabilities and the resulting patches by refraining from any type of end-user activities while logged on locally or via Remote Desktop. That means no web browsing, email, working with Office documents or other files – including images – downloaded from the Internet.
Chart of this month’s patches follows.
| Bulletin | Exploit Types
/Technologies Affected | System Types Affected | Exploit
details public?
/ Being exploited? | Comprehensive,
practical
workaround
available? | MS severity rating | Products Affected | Notes | Randy's recommendation | MS08-025
941963 | Privilege elevation
/ Windows | Workstations
Terminal Servers
Servers
Domain Controllers
| No/No | No | Important | XP
Server 2003
Server 2008
Web Server 2008
Datacenter Server 2000
| Restart Req'd | Patch after testing | MS08-022
944338 | Arbitrary code
/ VBScript & JavaScript | Workstations
Terminal Servers
| No/No | Yes | Critical | Win2000
XP
Server 2003
| IE 7 not affected; Restart Req’d | Patch after testing or upgrade to IE 7 | MS08-020
945553 | Spoofing
/ DNS Client | Workstations
Terminal Servers
Servers
Domain Controllers
| No/No | No | Important | Win2000
XP
Vista
Win2008
Server 2003
| Restart Req’d | Patch after testing | MS08-024
947864 | Arbitrary code
/ IE | Workstations
Terminal Servers
| No/No | No | Critical | Win2000
XP
Vista
Server 2003
Server 2008
Web Server 2008
| Restart Req'd | Patch after testing | MS08-021
948590 | Arbitrary code
| Workstations
Terminal Servers
| No/No | Yes | Critical | XP
Vista
Server 2003
Server 2008
Web Server 2008
| Restart Req'd | Patch after testing | MS08-023
948881 | Arbitrary code
/ IE | Workstations
Terminal Servers
| No/No | Yes | Critical | Win2000
XP
Vista
Win2008
Server 2000
Server 2008
Web Server 2008
| Restart may be Req’d | Set kill bit for affected ActiveX; Patch after testing | MS08-019
949032 | Arbitrary code
/ Office Visio | Workstations
Terminal Servers
| No/No | No | Important | Visio 2003
Visio 2002
Visio 2007
| None | Patch after testing | MS08-018
950183 | Arbitrary code
/ Office Project | Workstations
Terminal Servers
| No/No | No | Critical | Project 2003
Project 2000
Project 2002
| None | Patch after testing |
Receive Randy's same-day, independent analysis each Patch Tuesday
Email:
We will not share your address. Unsubscribe anytime.
|
"Thank you. I am very glad I subscribed to this newsletter.
Relevant content clearly and concisely. Finally!!!"
- John K.
"I really like the Fast Facts on this Month's Microsoft
Security Bulletins. Do you keep old copies? If yes, please let me know how I can
access them?"
-Susan D.
"Thanks, Randy. Your regular updates have streamlined my
monthly patching. Much appreciated,"
- Steve T.
"Really appreciate your patch observor. In the corporate
IT world, anything we can get our hands on that speeds the process of analyzing
threats and how they may or may not apply to our environments is a God-send.
Thanks so much for your efforts."
- Tess G.
"Many thanks for this Randy"
- Roger G.
"The chart is a REAAALLY good idea :)"
- Phil J.
"I like the table. Your insight is very valuable. "
Tom C.
"I liked your high level overview of patches in the
table. There are so many sources of patch information which can be very specific
or surrounded by other stuff that it’s refreshing to get everything summarised
like this. The “Randy’s Recommendation” comment is useful starting point too.
Please keep up the good work."
- David A.
"Your Patch Tuesday Observer is a very good tool in
making the decision whether to patch or not to patch. And also to patch asap or
to wait a while before patching. Also I do think the use of the table is realy
improving the readability of the provided information."
- Gerard T.
|