Microsoft Security Bulletins for April 2008

Note: There may be latency issues due to replication, if the page does not
display keep refreshing or try later.

MS08-018 - Vulnerability in Microsoft Project Could Allow Remote Code
Execution (950183)
http://www.microsoft.com/technet/sec.../MS08-018.mspx
MS08-019 - Vulnerabilities in Microsoft Visio Could Allow Remote Code
Execution (949032)
http://www.microsoft.com/technet/sec.../MS08-019.mspx
MS08-020 - Vulnerability in DNS Client Could Allow Spoofing (945553)
http://www.microsoft.com/technet/sec.../MS08-020.mspx
MS08-021 - Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
http://www.microsoft.com/technet/sec.../MS08-021.mspx
MS08-022 - Vulnerability in VBScript and JScript Scripting Engines Could
Allow Remote Code Execution (944338)
http://www.microsoft.com/technet/sec.../MS08-022.mspx
MS08-023 - Security Update of ActiveX Kill Bits (948881)
http://www.microsoft.com/technet/sec.../MS08-023.mspx
MS08-024 - Cumulative Security Update for Internet Explorer (947864)
http://www.microsoft.com/technet/sec.../MS08-024.mspx
MS08-025 - Vulnerability in Windows Kernel Could Allow Elevation of
Privilege (941693)
http://www.microsoft.com/technet/sec.../MS08-025.mspx

For information about non-security releases on Windows Update and Microsoft
update, please see:
http://support.microsoft.com/kb/894199/en-us
http://technet.microsoft.com/en-us/wsus/bb466214.aspx

The monthly security bulletin webcast is scheduled tomorrow, April 9, 2008
at 11 a.m., PST:
http://msevents.microsoft.com/CUI/Ev...&Culture=en-US

Please scan your system using Microsoft Baseline Security Analyzer for
missing security updates as well as common security misconfigurations:
http://www.microsoft.com/technet/sec.../mbsahome.mspx

Customers in the U.S. and Canada can receive technical support from
Microsoft Product Support Services at 1-866-PCSAFETY.
International customers can receive support from their local Microsoft
subsidiaries http://support.microsoft.com/common/international.aspx
There is no charge for support that is associated with security updates.

Security Bulletin Summary:
http://www.microsoft.com/technet/sec.../ms08-apr.mspx
http://www.microsoft.com/protect/com...ns/200804.mspx
Microsoft Security Response Center Blog: http://blogs.technet.com/msrc/
Microsoft Security Vulnerability Research and Defense Blog:
http://blogs.technet.com/swi/
For other Microsoft security tools and resources, visit
http://www.microsoft.com/security/portal/resources.aspx

Regards,

Donna Buenaventura
Calendar of Updates: http://cou.dozleng.com

MSRC's blog entry at
http://blogs.technet.com/msrc/archiv...y-release.aspx


"Donna Buenaventura" <> wrote in message
news:4AFE2E5D-07FA-4873-AE6E-...
> Note: There may be latency issues due to replication, if the page does not
> display keep refreshing or try later.
>
> MS08-018 - Vulnerability in Microsoft Project Could Allow Remote Code
> Execution (950183)
> http://www.microsoft.com/technet/sec.../MS08-018.mspx
> MS08-019 - Vulnerabilities in Microsoft Visio Could Allow Remote Code
> Execution (949032)
> http://www.microsoft.com/technet/sec.../MS08-019.mspx
> MS08-020 - Vulnerability in DNS Client Could Allow Spoofing (945553)
> http://www.microsoft.com/technet/sec.../MS08-020.mspx
> MS08-021 - Vulnerabilities in GDI Could Allow Remote Code Execution
> (948590)
> http://www.microsoft.com/technet/sec.../MS08-021.mspx
> MS08-022 - Vulnerability in VBScript and JScript Scripting Engines Could
> Allow Remote Code Execution (944338)
> http://www.microsoft.com/technet/sec.../MS08-022.mspx
> MS08-023 - Security Update of ActiveX Kill Bits (948881)
> http://www.microsoft.com/technet/sec.../MS08-023.mspx
> MS08-024 - Cumulative Security Update for Internet Explorer (947864)
> http://www.microsoft.com/technet/sec.../MS08-024.mspx
> MS08-025 - Vulnerability in Windows Kernel Could Allow Elevation of
> Privilege (941693)
> http://www.microsoft.com/technet/sec.../MS08-025.mspx
>
> For information about non-security releases on Windows Update and
> Microsoft update, please see:
> http://support.microsoft.com/kb/894199/en-us
> http://technet.microsoft.com/en-us/wsus/bb466214.aspx
>
> The monthly security bulletin webcast is scheduled tomorrow, April 9, 2008
> at 11 a.m., PST:
> http://msevents.microsoft.com/CUI/Ev...&Culture=en-US
>
> Please scan your system using Microsoft Baseline Security Analyzer for
> missing security updates as well as common security misconfigurations:
> http://www.microsoft.com/technet/sec.../mbsahome.mspx
>
> Customers in the U.S. and Canada can receive technical support from
> Microsoft Product Support Services at 1-866-PCSAFETY.
> International customers can receive support from their local Microsoft
> subsidiaries http://support.microsoft.com/common/international.aspx
> There is no charge for support that is associated with security updates.
>
> Security Bulletin Summary:
> http://www.microsoft.com/technet/sec.../ms08-apr.mspx
> http://www.microsoft.com/protect/com...ns/200804.mspx
> Microsoft Security Response Center Blog: http://blogs.technet.com/msrc/
> Microsoft Security Vulnerability Research and Defense Blog:
> http://blogs.technet.com/swi/
> For other Microsoft security tools and resources, visit
> http://www.microsoft.com/security/portal/resources.aspx
>
> Regards,
>
> Donna Buenaventura
> Calendar of Updates: http://cou.dozleng.com

Request: Please eliminate any unnecessary/inappropriate crossposting in your
replies to this thread. Thanks.
--
~PA Bear

After running windows updates and installing all the updates, including the
security updates I rebooted my laptop to find I could not connect to the
internet. After many reboots I rolled back my system. After the roll back I
could connect to the internet again. I then run windows updates, but this
time I deselected the security updates. After rebooting I was pleased to see
I could connect to the internet still.

I am not happy that the security updates that where there to protect my
computer protected me a little bit too much by stopping connecting to the
internet.

NIK

"Donna Buenaventura" <> wrote in message
news:4AFE2E5D-07FA-4873-AE6E-...
> Note: There may be latency issues due to replication, if the page does not
> display keep refreshing or try later.
>
> MS08-018 - Vulnerability in Microsoft Project Could Allow Remote Code
> Execution (950183)
> http://www.microsoft.com/technet/sec.../MS08-018.mspx
> MS08-019 - Vulnerabilities in Microsoft Visio Could Allow Remote Code
> Execution (949032)
> http://www.microsoft.com/technet/sec.../MS08-019.mspx
> MS08-020 - Vulnerability in DNS Client Could Allow Spoofing (945553)
> http://www.microsoft.com/technet/sec.../MS08-020.mspx
> MS08-021 - Vulnerabilities in GDI Could Allow Remote Code Execution
> (948590)
> http://www.microsoft.com/technet/sec.../MS08-021.mspx
> MS08-022 - Vulnerability in VBScript and JScript Scripting Engines Could
> Allow Remote Code Execution (944338)
> http://www.microsoft.com/technet/sec.../MS08-022.mspx
> MS08-023 - Security Update of ActiveX Kill Bits (948881)
> http://www.microsoft.com/technet/sec.../MS08-023.mspx
> MS08-024 - Cumulative Security Update for Internet Explorer (947864)
> http://www.microsoft.com/technet/sec.../MS08-024.mspx
> MS08-025 - Vulnerability in Windows Kernel Could Allow Elevation of
> Privilege (941693)
> http://www.microsoft.com/technet/sec.../MS08-025.mspx
>
> For information about non-security releases on Windows Update and
> Microsoft update, please see:
> http://support.microsoft.com/kb/894199/en-us
> http://technet.microsoft.com/en-us/wsus/bb466214.aspx
>
> The monthly security bulletin webcast is scheduled tomorrow, April 9, 2008
> at 11 a.m., PST:
> http://msevents.microsoft.com/CUI/Ev...&Culture=en-US
>
> Please scan your system using Microsoft Baseline Security Analyzer for
> missing security updates as well as common security misconfigurations:
> http://www.microsoft.com/technet/sec.../mbsahome.mspx
>
> Customers in the U.S. and Canada can receive technical support from
> Microsoft Product Support Services at 1-866-PCSAFETY.
> International customers can receive support from their local Microsoft
> subsidiaries http://support.microsoft.com/common/international.aspx
> There is no charge for support that is associated with security updates.
>
> Security Bulletin Summary:
> http://www.microsoft.com/technet/sec.../ms08-apr.mspx
> http://www.microsoft.com/protect/com...ns/200804.mspx
> Microsoft Security Response Center Blog: http://blogs.technet.com/msrc/
> Microsoft Security Vulnerability Research and Defense Blog:
> http://blogs.technet.com/swi/
> For other Microsoft security tools and resources, visit
> http://www.microsoft.com/security/portal/resources.aspx
>
> Regards,
>
> Donna Buenaventura
> Calendar of Updates: http://cou.dozleng.com
>

I had a different problem. I use IE to access aol. I can get to the msg.
bds. ok. But when I try to get to the email I get linked to something called
AOL>MyMobile (or some nonsense like that). I tried to roll back to before
the updates. I got some kind of failure msg. So for now I installed the AOL
s/w. Anyone have any ideas?

"niks" <> wrote in message
news:FDC4D813-BBAA-445E-866B-...
> After running windows updates and installing all the updates, including
> the security updates I rebooted my laptop to find I could not connect to
> the internet. After many reboots I rolled back my system. After the roll
> back I could connect to the internet again. I then run windows updates,
> but this time I deselected the security updates. After rebooting I was
> pleased to see I could connect to the internet still.
>
> I am not happy that the security updates that where there to protect my
> computer protected me a little bit too much by stopping connecting to the
> internet.
>
> NIK
>
> "Donna Buenaventura" <> wrote in message
> news:4AFE2E5D-07FA-4873-AE6E-...
>> Note: There may be latency issues due to replication, if the page does
>> not display keep refreshing or try later.
>>
>> MS08-018 - Vulnerability in Microsoft Project Could Allow Remote Code
>> Execution (950183)
>> http://www.microsoft.com/technet/sec.../MS08-018.mspx
>> MS08-019 - Vulnerabilities in Microsoft Visio Could Allow Remote Code
>> Execution (949032)
>> http://www.microsoft.com/technet/sec.../MS08-019.mspx
>> MS08-020 - Vulnerability in DNS Client Could Allow Spoofing (945553)
>> http://www.microsoft.com/technet/sec.../MS08-020.mspx
>> MS08-021 - Vulnerabilities in GDI Could Allow Remote Code Execution
>> (948590)
>> http://www.microsoft.com/technet/sec.../MS08-021.mspx
>> MS08-022 - Vulnerability in VBScript and JScript Scripting Engines Could
>> Allow Remote Code Execution (944338)
>> http://www.microsoft.com/technet/sec.../MS08-022.mspx
>> MS08-023 - Security Update of ActiveX Kill Bits (948881)
>> http://www.microsoft.com/technet/sec.../MS08-023.mspx
>> MS08-024 - Cumulative Security Update for Internet Explorer (947864)
>> http://www.microsoft.com/technet/sec.../MS08-024.mspx
>> MS08-025 - Vulnerability in Windows Kernel Could Allow Elevation of
>> Privilege (941693)
>> http://www.microsoft.com/technet/sec.../MS08-025.mspx
>>
>> For information about non-security releases on Windows Update and
>> Microsoft update, please see:
>> http://support.microsoft.com/kb/894199/en-us
>> http://technet.microsoft.com/en-us/wsus/bb466214.aspx
>>
>> The monthly security bulletin webcast is scheduled tomorrow, April 9,
>> 2008 at 11 a.m., PST:
>> http://msevents.microsoft.com/CUI/Ev...&Culture=en-US
>>
>> Please scan your system using Microsoft Baseline Security Analyzer for
>> missing security updates as well as common security misconfigurations:
>> http://www.microsoft.com/technet/sec.../mbsahome.mspx
>>
>> Customers in the U.S. and Canada can receive technical support from
>> Microsoft Product Support Services at 1-866-PCSAFETY.
>> International customers can receive support from their local Microsoft
>> subsidiaries http://support.microsoft.com/common/international.aspx
>> There is no charge for support that is associated with security updates.
>>
>> Security Bulletin Summary:
>> http://www.microsoft.com/technet/sec.../ms08-apr.mspx
>> http://www.microsoft.com/protect/com...ns/200804.mspx
>> Microsoft Security Response Center Blog: http://blogs.technet.com/msrc/
>> Microsoft Security Vulnerability Research and Defense Blog:
>> http://blogs.technet.com/swi/
>> For other Microsoft security tools and resources, visit
>> http://www.microsoft.com/security/portal/resources.aspx
>>
>> Regards,
>>
>> Donna Buenaventura
>> Calendar of Updates: http://cou.dozleng.com
>>
>

[Crossposting to Office Update and XP Security_Admin newsgroups eliminated]

Please begin a new thread in an appropriate newsgroup about your problem,
Larry.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

Larry wrote:
> I had a different problem. I use IE to access aol. I can get to the msg.
> bds. ok. But when I try to get to the email I get linked to something
> called
> MyMobile (or some nonsense like that). I tried to roll back to before
> the updates. I got some kind of failure msg. So for now I installed the
> AOL
> s/w. Anyone have any ideas?
<snip>

Ok, but where do you suggest I post it under? I thought this was an
appropriate group to post it under.

"PA Bear [MS MVP]" <> wrote in message
news:eRD5l$...
> [Crossposting to Office Update and XP Security_Admin newsgroups
> eliminated]
>
> Please begin a new thread in an appropriate newsgroup about your problem,
> Larry.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> AumHa VSOP & Admin http://aumha.net
> DTS-L http://dts-l.net/
>
> Larry wrote:
>> I had a different problem. I use IE to access aol. I can get to the msg.
>> bds. ok. But when I try to get to the email I get linked to something
>> called
>> MyMobile (or some nonsense like that). I tried to roll back to before
>> the updates. I got some kind of failure msg. So for now I installed the
>> AOL
>> s/w. Anyone have any ideas?
> <snip>