MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution
The attack vector for this vulnerability is the Bluetooth stack of Windows Vista and Windows XP computers. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer.
Applies to: Windows Vista and Windows XP
Recommendation: Microsoft rates this update as critical. Although the vulnerability has been privately reported to Microsoft and a public exploit is not presently believed to exist, this vulnerability allows computers, particularly laptops, to be compromised in public places such as airport lounges and coffee shops where many people use laptop computers in proximity to each other. You should test and deploy this update as a part of your organization's accelerated patch management strategy.
MS08-031: Cumulative Security Update for Internet Explorer
The attack vector for this vulnerability is a specially crafted Web page. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletin MS08-024.
Applies to: Internet Explorer 5, 6, and 7
Recommendation: Microsoft rates this update as critical. This update addresses two vulnerabilities, one of which has been publicly disclosed. Given the public nature of the disclosure you should test and deploy this update as a part of your organization's accelerated patch management strategy.
MS08-032: Cumulative Security Update of ActiveX Kill Bits
The attack vector for this vulnerability is a specially crafted Web page viewed in Internet Explorer when the Speech Recognition feature of Windows is enabled. The most severe consequence from an attack leveraging this vulnerability is an attacker being able to execute remote code with the privileges of the logged on user. This bulletin replaces previous bulletin MS08-023.
Applies to: All versions of Windows
Recommendation: Microsoft rates this update as moderate. Although the vulnerability has been publically reported, you should only use an accelerated deployment schedule in the event that your organization deploys Microsoft speech recognition technologies. Otherwise you should test and deploy as a part of your regular patch management cycle.
MS08-033: Vulnerabilities in DirectX Could Allow Remote Code Execution
The attack vector for this vulnerability is a specially crafted media file. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletin MS07-064.
Applies to: DirectX on all versions of Windows
Recommendation: Microsoft rates this update as critical. Although the vulnerability has been privately reported to Microsoft, the large number of systems potentially vulnerable makes the short-term development and deployment of a working exploit by nefarious third parties highly likely. You should test and deploy this update as a part of your organization's accelerated patch management cycle.
MS08-034: Vulnerability in WINS Could Allow Elevation of Privilege
The attack vector for this vulnerability is the Windows Internet Naming Service (WINS). The most severe consequence from an attack leveraging this vulnerability is an elevation of privilege. This bulletin replaces previous bulletin MS04-045.
Applies to: Windows Server 2003 and Windows 2000 Server
Recommendation: Microsoft rates this update as important. You should test and deploy this update as a part of your organization's regular patch management cycle.
MS08-035: Vulnerability in Active Directory Could Allow Denial of Service
The attacker successfully leveraging this vulnerability would cause a Denial of Service (DoS) condition against the targeted system. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletin MS08-003.
Applies to: Windows Server 2008, Windows Server 2003, Windows 2000 Server, and Windows XP with Active Directory Application Mode.
Recommendation: Microsoft rates this update as important. The vulnerability was privately reported and requires the attacker to be on the same network segment as the target computer. You should test and deploy this update as a part of your organization's regular patch management cycle.
MS08-036: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service
The attack vector for this vulnerability is a flood of PGM traffic on the network. The most severe consequence from an attack leveraging this vulnerability is a target computer becoming non-responsive, requiring a reboot to restore normal functionality. This bulletin replaces previous bulletin MS06-052.
Applies to: All versions of Windows (except Windows 2000 which does not support PGM)
Recommendation: Microsoft rates this update as important. The vulnerabilities that this update addresses have been privately rather than publically reported, and PGM is disabled by default on all versions of Windows. PGM is a multicast transport protocol that administrators are likely to be aware of only if they have specifically enabled it for their environment. Unless your organization uses PGM, you should test and deploy this update as a part of your organization's regular patch management cycle.
During his first-ever Consumer Electronics Show (CES) 2009 keynote address last night in Las Vegas, Microsoft CEO Steve Ballmer announced the pending public availability of a feature-complete Windows 7, the final version of Windows Live Essentials, and ...
Microsoft Learning Snack - Green IT Through Virtualization Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.
Order Your Fundamentals CD Today! Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.
Microsoft Learning Snack - Virtualization Basics With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.
Microsoft Learning Snack - Virtualization Basics With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.
Empower Your Processes with PowerShell 201 Paul Robichaux delves deep into PowerShell how-tos in 3 informative lessons, each followed by live Q&A—all on your own computer! Register today!
Microsoft Learning Snack - Green IT Through Virtualization Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.
New Release: Windows IT Pro Master CD 13 years of content archives, fast answers with advanced search tools, and full access to WindowsITPro.com—order today!
Register
