JPCERT-AT-2008-0006
                                                             JPCERT/CC
                                                            2008-04-09

                 <<< JPCERT/CC Alert 2008-04-09 >>>

                 Apr 2008 Microsoft Security Bulletin
                   (including five critical patches)

            http://www.jpcert.or.jp/at/2008/at080006.txt

I. Overview

  Microsoft has released the security bulletin summary for April
2008, which contains five security updates with severity rating
"Critical".

  A remote attacker could use these vulnerabilities, and cause a 
denial of service or execute arbitrary code.


    Microsoft Security Bulletin Summary for April 2008
    http://www.microsoft.com/technet/security/bulletin/ms08-apr.mspx

  For further information about these vulnerabilities, refer to the
following URLs.

  [Critical Security Update]

    MS08-018
    Vulnerability in Microsoft Project Could Allow Remote Code
      Execution (950183)
    http://www.microsoft.com/technet/security/bulletin/MS08-018.mspx

    MS08-021
    Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
    http://www.microsoft.com/technet/security/bulletin/MS08-021.mspx

    MS08-022
    Vulnerability in VBScript and JScript Scripting Engines Could
      Allow Remote Code Execution (944338)
    http://www.microsoft.com/technet/security/bulletin/MS08-022.mspx

    MS08-023
    Security Update of ActiveX Kill Bits (948881)
    http://www.microsoft.com/technet/security/bulletin/MS08-023.mspx

    MS08-024
    Cumulative Security Update for Internet Explorer (947864)
    http://www.microsoft.com/technet/security/bulletin/MS08-024.mspx


II. Solution

  Use means such as Microsoft Update or Windows Update to apply the
security updates immediately.

    Microsoft Update
    http://update.microsoft.com/microsoftupdate/

    Windows Update
    https://windowsupdate.microsoft.com/

    Office Update
    http://office.microsoft.com/en-us/officeupdate/default.aspx


III. References

    Microsoft Security Bulletin Summary for April 2008
    http://www.microsoft.com/technet/security/bulletin/ms08-apr.mspx

    US-CERT Technical Cyber Security Alert TA08-099A
    Microsoft Updates for Multiple Vulnerabilities
    http://www.us-cert.gov/cas/techalerts/TA08-099A.html

    US-CERT Vulnerability Note (search for ms08-apr)
    http://www.kb.cert.org/vuls/byid?searchview&query=ms08-apr

    US-CERT Vulnerability Note
    Microsoft Office Project vulnerable to remote code execution via
      specially crafted Project file
    http://www.kb.cert.org/vuls/id/155563


  If you have any information you could provide regarding this alert,
please contact us.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600  FAX: 03-3518-4602
http://www.jpcert.or.jp/