JPCERT-AT-2008-0006
JPCERT/CC
2008-04-09
<<< JPCERT/CC Alert 2008-04-09 >>>
Apr 2008 Microsoft Security Bulletin
(including five critical patches)
http://www.jpcert.or.jp/at/2008/at080006.txt
I. Overview
Microsoft has released the security bulletin summary for April
2008, which contains five security updates with severity rating
"Critical".
A remote attacker could use these vulnerabilities, and cause a
denial of service or execute arbitrary code.
Microsoft Security Bulletin Summary for April 2008
http://www.microsoft.com/technet/security/bulletin/ms08-apr.mspx
For further information about these vulnerabilities, refer to the
following URLs.
[Critical Security Update]
MS08-018
Vulnerability in Microsoft Project Could Allow Remote Code
Execution (950183)
http://www.microsoft.com/technet/security/bulletin/MS08-018.mspx
MS08-021
Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
http://www.microsoft.com/technet/security/bulletin/MS08-021.mspx
MS08-022
Vulnerability in VBScript and JScript Scripting Engines Could
Allow Remote Code Execution (944338)
http://www.microsoft.com/technet/security/bulletin/MS08-022.mspx
MS08-023
Security Update of ActiveX Kill Bits (948881)
http://www.microsoft.com/technet/security/bulletin/MS08-023.mspx
MS08-024
Cumulative Security Update for Internet Explorer (947864)
http://www.microsoft.com/technet/security/bulletin/MS08-024.mspx
II. Solution
Use means such as Microsoft Update or Windows Update to apply the
security updates immediately.
Microsoft Update
http://update.microsoft.com/microsoftupdate/
Windows Update
https://windowsupdate.microsoft.com/
Office Update
http://office.microsoft.com/en-us/officeupdate/default.aspx
III. References
Microsoft Security Bulletin Summary for April 2008
http://www.microsoft.com/technet/security/bulletin/ms08-apr.mspx
US-CERT Technical Cyber Security Alert TA08-099A
Microsoft Updates for Multiple Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA08-099A.html
US-CERT Vulnerability Note (search for ms08-apr)
http://www.kb.cert.org/vuls/byid?searchview&query=ms08-apr
US-CERT Vulnerability Note
Microsoft Office Project vulnerable to remote code execution via
specially crafted Project file
http://www.kb.cert.org/vuls/id/155563
If you have any information you could provide regarding this alert,
please contact us.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600 FAX: 03-3518-4602
http://www.jpcert.or.jp/
Top