MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution
The attack vector for this vulnerability is the Bluetooth stack of Windows Vista and Windows XP computers. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer.
Applies to: Windows Vista and Windows XP
Recommendation: Microsoft rates this update as critical. Although the vulnerability has been privately reported to Microsoft and a public exploit is not presently believed to exist, this vulnerability allows computers, particularly laptops, to be compromised in public places such as airport lounges and coffee shops where many people use laptop computers in proximity to each other. You should test and deploy this update as a part of your organization's accelerated patch management strategy.
MS08-031: Cumulative Security Update for Internet Explorer
The attack vector for this vulnerability is a specially crafted Web page. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletin MS08-024.
Applies to: Internet Explorer 5, 6, and 7
Recommendation: Microsoft rates this update as critical. This update addresses two vulnerabilities, one of which has been publicly disclosed. Given the public nature of the disclosure you should test and deploy this update as a part of your organization's accelerated patch management strategy.
MS08-032: Cumulative Security Update of ActiveX Kill Bits
The attack vector for this vulnerability is a specially crafted Web page viewed in Internet Explorer when the Speech Recognition feature of Windows is enabled. The most severe consequence from an attack leveraging this vulnerability is an attacker being able to execute remote code with the privileges of the logged on user. This bulletin replaces previous bulletin MS08-023.
Applies to: All versions of Windows
Recommendation: Microsoft rates this update as moderate. Although the vulnerability has been publically reported, you should only use an accelerated deployment schedule in the event that your organization deploys Microsoft speech recognition technologies. Otherwise you should test and deploy as a part of your regular patch management cycle.
MS08-033: Vulnerabilities in DirectX Could Allow Remote Code Execution
The attack vector for this vulnerability is a specially crafted media file. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletin MS07-064.
Applies to: DirectX on all versions of Windows
Recommendation: Microsoft rates this update as critical. Although the vulnerability has been privately reported to Microsoft, the large number of systems potentially vulnerable makes the short-term development and deployment of a working exploit by nefarious third parties highly likely. You should test and deploy this update as a part of your organization's accelerated patch management cycle.
MS08-034: Vulnerability in WINS Could Allow Elevation of Privilege
The attack vector for this vulnerability is the Windows Internet Naming Service (WINS). The most severe consequence from an attack leveraging this vulnerability is an elevation of privilege. This bulletin replaces previous bulletin MS04-045.
Applies to: Windows Server 2003 and Windows 2000 Server
Recommendation: Microsoft rates this update as important. You should test and deploy this update as a part of your organization's regular patch management cycle.
MS08-035: Vulnerability in Active Directory Could Allow Denial of Service
The attacker successfully leveraging this vulnerability would cause a Denial of Service (DoS) condition against the targeted system. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletin MS08-003.
Applies to: Windows Server 2008, Windows Server 2003, Windows 2000 Server, and Windows XP with Active Directory Application Mode.
Recommendation: Microsoft rates this update as important. The vulnerability was privately reported and requires the attacker to be on the same network segment as the target computer. You should test and deploy this update as a part of your organization's regular patch management cycle.
MS08-036: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service
The attack vector for this vulnerability is a flood of PGM traffic on the network. The most severe consequence from an attack leveraging this vulnerability is a target computer becoming non-responsive, requiring a reboot to restore normal functionality. This bulletin replaces previous bulletin MS06-052.
Applies to: All versions of Windows (except Windows 2000 which does not support PGM)
Recommendation: Microsoft rates this update as important. The vulnerabilities that this update addresses have been privately rather than publically reported, and PGM is disabled by default on all versions of Windows. PGM is a multicast transport protocol that administrators are likely to be aware of only if they have specifically enabled it for their environment. Unless your organization uses PGM, you should test and deploy this update as a part of your organization's regular patch management cycle.
Master SharePoint with 3 eLearning Seminars Learn how to build a better SharePoint infrastructure and enable powerful collaboration with MVPs Dan Holme and Michael Noel. Register today!
SharePointConnections Conference Fall 2008 Don’t miss the premier event for Microsoft IT Professionals in Las Vegas, November 10-13. Register and book your room by August 25 and receive a FREE room night (based on a three night minimum stay).
VMworld 2008 - Sign Up Today! Join your peers on September 15-18 at The Venetian Hotel in Las Vegas as VMware hosts VMworld 2008, the leading Virtualization event.
Microsoft® Tech•Ed EMEA 2008 IT Professionals Advance your thinking with new ideas and practical real-world solutions at Microsoft’s FIVE day technical infrastructure conference 3-7 Nov., 2008. Register before 26 September 2008 to save €300.
Order Your SQL Fundamentals CD Today! Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.
Are You Really Compliant with Software Regulations? View this web seminar that will help you with compliance best practices and check out a management solution to assure that you won’t be in jeopardy of an audit.
Register
