dslreports logo
site
spacer

spacer
 
    All FAQs Site FAQ DSL FAQ Cable Tech About DSL Distance DSL Hurdles »»
spc

spacer




how-to block ads



This FAQ will be updated as bulletins are released throughout the year.

Notes:
  • All Security Bulletins can be found at the Microsoft Security Bulletin Search.
  • A summary of all Bulletins documented beginning in 2005 can be found in these archived FAQs -
  • Update Info
    • Updated MS08-024

    Released 04/08/08 Updated 4/11/08

    MS08-025 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)

    Maximum Severity Rating: Important

    Affected Operating System:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems
    • Windows Vista and Windows Vista Service Pack 1
    • Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
    • Windows Server 2008 for 32-bit Systems
    • Windows Server 2008 for x64-based Systems
    • Windows Server 2008 for Itanium-based Systems
    Revisions
    • V1.0 (April 8, 2008): Bulletin published.
    • V1.1 (April 9, 2008): Bulletin updated to clarify the Known Issues section of the FAQ.
    • V1.2 (April 11, 2008): Vulnerability FAQ updated to clarify the systems at risk and remove a reference to unsupported software.

    Released 04/08/08 Updated 4/22/08

    MS08-024 Cumulative Security Update for Internet Explorer (947864)

    Maximum Severity Rating: Critical

    Affected Component\Operating System:
    • Microsoft Internet Explorer 5.01 Service Pack 4
      • Microsoft Windows 2000 Service Pack 4
    • Microsoft Internet Explorer 6 Service Pack 1
      • Microsoft Windows 2000 Service Pack 4
    • Internet Explorer 6
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Internet Explorer 7
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
      • Windows Vista and Windows Vista Service Pack 1
      • Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
      • Windows Server 2008 for 32-bit Systems
      • Windows Server 2008 for x64-based Systems
      • Windows Server 2008 for Itanium-based Systems
    Revisions
    • V1.0 (April 08, 2008): Bulletin published.
    • V1.1 (April 16, 2008): Corrected the uninstall utility path for Internet Explorer 6 for Windows XP.
    • V2.0 (April 22, 2008): Added Internet Explorer 7 for Windows XP Service Pack 3 and Internet Explorer 7 for Windows XP x64 Edition Service Pack 3 to affected software.

    Released 04/08/08 Updated 4/16/08

    MS08-023 Security Update of ActiveX Kill Bits (948881)

    Maximum Severity Rating: Critical

    Affected Component\Operating System:
    • Microsoft Internet Explorer 5.01 Service Pack 4
      • Microsoft Windows 2000 Service Pack 4
    • Microsoft Internet Explorer 6 Service Pack 1
      • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista and Windows Vista Service Pack 1
    • Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
    • Windows Server 2008 for 32-bit Systems
    • Windows Server 2008 for x64-based Systems
    • Windows Server 2008 for Itanium-based Systems
    Revisions
    • V1.0 (April 08, 2008): Bulletin published.
    • V1.1 (April 16, 2008): Corrected the uninstall utility path for this update on Windows XP (all editions).

    Released 04/08/08 Updated 4/9/08

    MS08-022 Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)

    Maximum Severity Rating: Critical

    Affected Component\Operating System:
    • VBScript 5.1 and JScript 5.1
      • Microsoft Windows 2000 Service Pack 4
    • VBScript 5.6 and JScript 5.6
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems
    Non-Affected Software\Operating System
    • Windows Vista
    • Windows Vista x64 Edition
    • Windows Vista Service Pack 1 (all editions)
    • Windows Server 2008 (all editions)
    Revisions
    • V1.0 (April 8, 2008): Bulletin published.
    • V1.1 (April 9, 2008): Bulletin updated. Combined JScript with VBScript in the Vulnerability Severity rating table.

    Released 04/08/08 Updated 4/11/08

    MS08-021 Vulnerabilities in GDI Could Allow Remote Code Execution (948590)

    Maximum Severity Rating: Critical

    Affected Software\Operating System:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems
    • Windows Vista and Windows Vista Service Pack 1
    • Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
    • Windows Server 2008 for 32-bit Systems
    • Windows Server 2008 for x64-based Systems
    • Windows Server 2008 for Itanium-based Systems
    Revisions
    • V1.0 (April 8, 2008): Bulletin published.
    • V1.1 (April 9, 2008): Bulletin updated to add a Known Issues link to Microsoft Knowledge Base Article 948590, to add a Known Issues section to the FAQ, to update the uninstall registry path, and to update the Acknowledgments.
    • V1.2 (April 11, 2008): Bulletin updated to remove a reference to unsupported software in the Vulnerability FAQs.

    Released 04/08/08 Updated 4/11/08

    MS08-020 Vulnerability in DNS Client Could Allow Spoofing (945553)

    Maximum Severity Rating: Important

    Affected Software\Operating System:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista
    • Windows Vista x64 Edition
    Non-Affected Software
    • Windows Vista Service Pack 1 (all editions)
    • Windows Server 2008 (all editions)
    Revisions
    • V1.0 (April 8, 2008): Bulletin published.
    • V1.1 (April 9, 2008): Bulletin updated to add Windows Vista x64 Edition to the list of affected software in the Executive Summary.
    • V1.2 (April 11, 2008): Vulnerability FAQ updated to clarify the systems at risk and remove a reference to unsupported software.

    Released 04/08/08 Updated 4/16/08

    MS08-019 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)

    Maximum Severity Rating: Important

    Affected Component\Office Suite and other Software:
    • Microsoft Office XP Service Pack 2
    • Microsoft Visio 2002 Service Pack 2
    • Microsoft Office 2003 Service Pack 2
    • Microsoft Visio 2003 Service Pack 2
    • Microsoft Office 2003 Service Pack 3
    • Microsoft Visio 2003 Service Pack 3
    • 2007 Microsoft Office System
    • Microsoft Visio 2007
    • 2007 Microsoft Office System Service Pack 1
    Non-Affected Software
    • Microsoft Visio 2002 Viewer
    • Microsoft Visio 2003 Viewer
    • Microsoft Visio 2007 Viewer
    • Microsoft Visio 2007 Viewer Service Pack 1
    Revisions
    • V1.0 (April 8, 2008): Bulletin published.
    • V1.1 (April 9, 2008): Known Issues updated.
    • V1.2 (April 11, 2008): Bulletin updated. FAQ entry added about known issue relating to a Visio 2007 detection problem.
    • V1.3 (April 16, 2008): Bulletin updated: Added entry to Update FAQ to describe additional security features included for Microsoft Office 2003 Service Pack 2. Clarified the affected software table.

    Released 04/08/08 Updated 4/16/08

    MS08-018 Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)

    Maximum Severity Rating: Critical

    Affected Component\Office Suite and other Software:
    • Microsoft Project 2000 Service Release 1
    • Microsoft Project 2002 Service Pack 1
    • Microsoft Project 2003 Service Pack 2

    Non-Affected Software
    • Microsoft Project Server 2003
    • Microsoft Project Server 2003 Service Pack 3
    • Microsoft Project 2007
    • Microsoft Project 2007 Service Pack 1
    • Microsoft Project Portfolio Server 2007
    • Microsoft Project Server 2007
    Revisions
    • V1.0 (April 8, 2008): Bulletin published.
    • V1.1 (April 9, 2008): Bulletin updated to add Microsoft Project 2003 Service Pack 3 to the Non-Affected Software table, to add a link to Microsoft Knowledge Base Article 950183 in Known Issues, and to add a section for Microsoft Project 2003 Service Pack 3 to the FAQ.
    • V1.2 (April 16, 2008): Bulletin updated: Added entry to Update FAQ to describe additional security features included for Microsoft Office 2003 Service Pack 2. Updated Microsoft Baseline Security Analyzer and Systems Management Server tables to match the Affected Software table.

    Released 03/11/08 Updated 3/26/08

    MS08-017 Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)

    Maximum Severity Rating: Critical

    Affected Component\Office Suite and other Software:
    • Microsoft Office Web Components 2000
      • Microsoft Office 2000 Service Pack 3
      • Microsoft Office XP Service Pack 3
      • Visual Studio .NET 2002 Service Pack 1
      • Visual Studio .NET 2003 Service Pack 1
      • Microsoft BizTalk Server 2000
      • Microsoft BizTalk Server 2002
      • Microsoft Commerce Server 2000
      • Internet Security and Acceleration Server 2000 Service Pack 2
    Non-Affected Software
    • Microsoft Works 8
    • Microsoft Works 9
    • Microsoft Works Suite 2005
    • Microsoft Works Suite 2006
    • Microsoft Office 2003 Service Pack 2
    • Microsoft Office 2003 Service Pack 3
    • 2007 Microsoft Office System
    • 2007 Microsoft Office System Service Pack 1
    • Microsoft BizTalk Server 2004
    • Microsoft BizTalk Server 2006
    • Microsoft Commerce Server 2000 Service Pack 1, Microsoft Commerce Server 2000 Service Pack 2, and Microsoft Commerce Server 2000 Service Pack 3
    • Microsoft Commerce Server 2002
    • Microsoft Commerce Server 2007
    • Internet Security and Acceleration Server 2004
    • Internet Security and Acceleration Server 2006
    REVISIONS
    • V1.0 (March 11, 2008): Bulletin published.
    • V1.1 (March 12, 2008): Bulletin updated to reflect new download link for Microsoft Office Web Components 2000 for BizTalk Server 2000 and 2002. Also corrected the registry key for verifying the update for ISA Server.
    • V1.2 (March 26, 2008): Bulletin updated to add a finder for CVE-2006-4695.

    Released 03/11/08 Updated 4/16/08

    MS08-016 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)

    Maximum Severity Rating: Critical

    Affected Office Suite and other Software:
    • Microsoft Office 2000 Service Pack 3
    • Microsoft Office XP Service Pack 3
    • Microsoft Office 2003 Service Pack 2
    • Microsoft Office Excel Viewer 2003
    • Microsoft Office 2004 for Mac
    Non-affected Software:
    • Microsoft Office 2003 Service Pack 3
    • Microsoft PowerPoint Viewer 2003
    • Microsoft Visio 2002 Service Pack 2
    • Microsoft Visio 2003 Viewer
    • Microsoft Word Viewer 2003
    • Microsoft Project 2000 Service Pack 1
    • Microsoft Project 2002 Service Pack 2
    • 2007 Microsoft Office System
    • 2007 Microsoft Office System Service Pack 1
    • Microsoft Office 2008 for Mac
    Revisions
    • V1.0 (March 11, 2008): Bulletin published.
    • V1.1 (March 12, 2008): Bulletin updated. FAQ added to clarify the reason why a non-vulnerable version of Office will be offered this update. Also removed MS07-015 as a replaced bulletin for Microsoft Office XP Service Pack 3.
    • V1.2 (March 26, 2008): Bulletin updated. Added MS07-025 as a replaced bulletin for Microsoft Office 2003 Service Pack 2.
    • V2.0 (April 16, 2008): Bulletin updated. Added Microsoft Office Word Viewer 2003 and Microsoft Office Word Viewer 2003 Service Pack 3 as affected software.

    Released 03/11/08 Updated 4/16/08

    MS08-015 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)

    Maximum Severity Rating: Critical

    Affected Office Suite\Component:
    • Microsoft Office 2000 Service Pack 3\Outlook 2000 Service Pack 3
    • Microsoft Office XP Service Pack 3\Outlook 2002 Service Pack 3
    • Microsoft Office 2003 Service Pack 2\Outlook 2003 Service Pack 2
    • Microsoft Office 2003 Service Pack 3\Outlook 2003 Service Pack 3
    • 2007 Microsoft Office System
    Non-Affected Software
    • 2007 Microsoft Office System Service Pack 1\Outlook 2007 Service Pack 1
    Revisions
    • V1.0 (March 11, 2008): Bulletin published.
    • V1.1 (March 12, 2008): Bulletin updated. FAQ added to clarify the reason why a non-vulnerable version of Office will be offered this update. Also updated the vulnerability FAQs and the file information tables for Outlook 2000 and Outlook 2003.
    • V1.2 (March 26, 2008): Bulletin updated. Updated the file information table for Outlook 2000.
    • V1.3 (April 9, 2008): Bulletin updated. Added link to Microsoft Knowledge Base Article 949031 in Known Issues.
    • V1.4 (April 16, 2008): Bulletin updated: Added entry to Update FAQ to describe additional security features included for Microsoft Office 2003 Service Pack 2.

    Released 03/11/08 Updated 4/16/08

    MS08-014 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)

    Maximum Severity Rating: Critical

    Affected Office Suite\Component:
    • Microsoft Office 2000 Service Pack 3\Excel 2000 Service Pack 3
    • Microsoft Office XP Service Pack 3\Excel 2002 Service Pack 3
    • Microsoft Office 2003 Service Pack 2\Excel 2003 Service Pack 2
    • 2007 Microsoft Office System\Excel 2007
    • Microsoft Office Excel Viewer 2003
    • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
    • Microsoft Office 2004 for Mac
    • Microsoft Office 2008 for Mac
    Non-Affected Software\Component:
    • Microsoft Office 2003 Service Pack 3\Excel 2003 Service Pack 3
    • 2007 Microsoft Office System Service Pack 1\Excel 2007 Service Pack 1
    • Microsoft Works 8.0
    • Microsoft Works 8.5
    • Microsoft Works 9.0
    • Microsoft Works Suite 2005
    • Microsoft Works Suite 2006
    Revisions
    • V1.0 (March 11, 2008): Bulletin published.
    • V1.1 (March 12, 2008): Bulletin updated. FAQ added to clarify the reason why a non-vulnerable version of Office will be offered this update.
    • V2.0 (March 13, 2008): Bulletin updated. FAQ added about known issues relating to users of Excel 2003 Service Pack 2 or Service Pack 3.
    • V3.0 (March 19, 2008): Bulletin updated. Added Excel Viewer 2003 Service Pack 3 and Compatibility Pack Service Pack 1 to non-affected software. Added FAQ about re-release to fix known issues relating to Excel 2003 Service Pack 2 or Service Pack 3. Updated the file name of the Excel 2003 update executable.
    • V3.1 (April 16, 2008): Bulletin updated: Added entry to Update FAQ to describe additional security features included for Microsoft Office 2003 Service Pack 2.

    Released 02/12/08 Updated 4/16/08

    MS08-013 Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Office 2000 Service Pack 3
    • Microsoft Office XP Service Pack 3
    • Microsoft Office 2003 Service Pack 2
    • Microsoft Office 2004 for Mac

    Non-Affected Software
    • Microsoft Office 2003 Service Pack 3
    • Microsoft Excel Viewer 2003
    • Microsoft PowerPoint 2003 Viewer
    • Microsoft Visio 2003 Viewer
    • Microsoft Word Viewer 2003
    • 2007 Microsoft Office System
    • 2007 Microsoft Office System Service Pack 1
    • Microsoft Office 2008 for Mac

    Revisions
    • V1.0 (February 12, 2008): Bulletin published.
    • V1.1 (February 13, 2008): Bulletin updated to reflect that there are no known issues with installing this security update.
    • V1.2 (February 27, 2008): Bulletin updated to reflect the reason why this update cannot be uninstalled for Office XP and Office 2003.
    • V1.3 (April 16, 2008): Bulletin updated: Added entry to Update FAQ to describe additional security features included for Microsoft Office 2003 Service Pack 2.

    Released 02/12/08 Updated 2/13/08

    MS08-012 Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085)

    Maximum Severity Rating: Critical

    Office Suite and Affected Software:
    • Microsoft Office 2000 Service Pack 3
      • Microsoft Office Publisher 2000
    • Microsoft Office XP Service Pack 3
      • Microsoft Office Publisher 2002
    • Microsoft Office 2003 Service Pack 2
      • Microsoft Office Publisher 2003 Service Pack 2

    Non-Affected Software / Office Suite Application
    • 2007 Microsoft Office System
      • Microsoft Office Publisher 2007
    • 2007 Microsoft Office System Service Pack 1
      • Microsoft Office Publisher 2007 Service Pack 1
    • Microsoft Office 2003 Service Pack 3
      • Microsoft Office Publisher 2003 Service Pack 3
    Revisions
    • V1.0 (February 12, 2008): Bulletin published.
    • V1.1 (February 13, 2008): Bulletin updated to reflect that there are no known issues with installing this security update, and to list Microsoft Publisher 2003 Service Pack 2 (instead of Service Pack 3) in the MBSA and SMS tables under Detection and Deployment.

    Released 02/12/08 UPdated 4/16/08

    MS08-011 Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)

    Maximum Severity Rating: Important

    Office Suite and Affected Software:
    • Microsoft Office 2003 Service Pack 2
      • Microsoft Works 6 File Converter
    • Microsoft Office 2003 Service Pack 3
      • Microsoft Works 6 File Converter
    • Microsoft Works 8.0
      • Microsoft Works 6 File Converter
    • Microsoft Works Suite 2005
      • Microsoft Works 6 File Converter

      Non-Affected Software / Office Suite
      • Microsoft Works 8.5
      • Microsoft Works 9.0
      • Microsoft Works Suite 2006
      • 2007 Microsoft Office System
      • Microsoft Office 2000
      • Microsoft Office XP
      Revisions
      • V1.0 (February 12, 2008): Bulletin published.
      • V1.1 (April 16, 2008): Bulletin updated: Added entry to Update FAQ to describe additional security features included for Microsoft Office 2003 Service Pack 2.

      Released 02/12/08 Updated 4/16/08

      MS08-010 Cumulative Security Update for Internet Explorer (944533)

      Maximum Severity Rating: Critical

      Affected Software / Operating System:
      • Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1
        • Microsoft Windows 2000 Service Pack 4
      • Internet Explorer 6
        • Windows XP Service Pack 2
        • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
        • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
      • Internet Explorer 7
        • Windows XP Service Pack 2
        • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
        • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
        • Windows Vista
        • Windows Vista x64 Edition
      Non-Affected Software / Operating System:
      • Internet Explorer 7 on Windows Vista Service Pack 1 (all editions)
      • Internet Explorer 7 on Windows Server 2008 (all editions)

      Revisions
      • V1.0 (February 12, 2008): Bulletin published.
      • V1.1 (February 13, 2008): Bulletin revised to include Vista Service Pack 1 and Windows Server 2008 to the Non-Affected Software section. Known issues corrected.
      • V1.2 (February 27, 2008): Corrected the registry key verification path for Internet Explorer 6 for all supported x64-based editions of Windows Server 2003.
      • V1.3 (April 16, 2008): Corrected the uninstall utility path for Internet Explorer 6 for Windows XP.

      Released 02/12/08 Updated 4/16/08

      MS08-009 Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077)

      Maximum Severity Rating: Critical

      Affected Office Suite / Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft Word 2000 Service Pack 3
      • Microsoft Office XP Service Pack 3
        • Microsoft Word 2002 Service Pack 3
      • Microsoft Office 2003 Service Pack 2
        • Microsoft Word 2003 Service Pack 2
      • Microsoft Office Word Viewer 2003

    Non-Affected Software / Office Suite
    • Microsoft Office 2003 Service Pack 3
    • Microsoft Office Word Viewer 2003 Service Pack 3
    • 2007 Microsoft Office System
    • 2007 Microsoft Office System Service Pack 1
    • Microsoft Office 2004 for Mac
    • Microsoft Office 2008 for Mac
    Revisions
    • V1.0 (February 12, 2008): Bulletin published.
    • V1.1 (April 16, 2008): Bulletin updated: Added entry to Update FAQ to describe additional security features included for Microsoft Office 2003 Service Pack 2.

    Released 02/12/08 Updated 2/20/08

    MS08-008
    Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)

    Maximum Severity Rating: Critical

    Affected Software / Operating System:
    • Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista
    • Windows Vista x64 Edition
    • Microsoft Office 2004 for Mac
    • Microsoft Visual Basic 6.0 Service Pack 6

    Non-Affected Software / Operating System:
    • Windows Vista Service Pack 1 (all editions)
    • Windows Server 2008 (all editions)
    • Microsoft Office 2008 for Mac

    Revisions
    • V1.0 (February 12, 2008): Bulletin published.
    • V1.1 (February 13, 2008): Bulletin updated: The security update for Visual Basic 6.0 Service Pack 6 (KB946235) now lists MS07-043 as a previous Bulletin that this update replaces.
    • V1.2 (February 20, 2008): Bulletin updated: Corrected the file timestamps for the security update for all supported 32-bit editions of Windows XP.

    Released 02/12/08 Updated 2/13/08

    MS08-007 Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)

    Maximum Severity Rating: Critical

    Affected Software / Operating System:
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows 2003 Server x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems
    • Windows Vista
    • Windows Vista x64 Edition

    Non-Affected Software / Operating System:
    • Microsoft Windows 2000 Service Pack 4
    • Windows Vista Service Pack 1 (all editions)
    • Windows Server 2008 (all editions)

    Revisions
    • V1.0 (February 12, 2008): Bulletin published.
    • V1.1 (February 13, 2008): Revised the FAQ to emphasize the role of user interaction in how an attacker could exploit the vulnerability.

    Released 02/12/08 Updated 2/20/08

    MS08-006 Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)

    Maximum Severity Rating: Important

    Affected Component / Operating System:
    • Microsoft Internet Information Services 5.1
      • Windows XP Professional Service Pack 2
    • Microsoft Internet Information Services 6.0
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems

    Non-Affected Software / Operating System:
    • Microsoft Windows 2000 Service Pack 4
    • Windows Vista
    • Windows Vista x64 Edition
    • Windows Vista Service Pack 1 (all editions)
    • Windows Server 2008 (all editions)
    Revisions
    • V1.0 (February 12, 2008) Bulletin published.
    • V1.1 (February 20, 2008) Bulletin updated: update filenames changed in the file information table for all supported 32-bit editions of Windows XP.

    Released 02/12/08 Updated 2/13/08

    MS08-005 Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)

    Maximum Severity Rating: Important

    Affected Component / Operating System:
    • Microsoft Internet Information Services 5.0
      • Microsoft Windows 2000 Service Pack 4
    • Microsoft Internet Information Services 5.1
      • Windows XP Professional Service Pack 2
    • Microsoft Internet Information Services 6.0
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Microsoft Internet Information Services 7.0
      • Windows Vista
      • Windows Vista x64 Edition
    Non-Affected Software / Operating System
    • Windows Vista Service Pack 1 (all editions)
    • Windows Server 2008 (all editions)

    Revisions
    • V1.0 (February 12, 2008) Bulletin published.
    • V1.1 (February 13, 2008) Bulletin updated: Corrected the download link reference for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 to reference Internet Information Services 6.0. The download link correctly directed customers to the IIS 6.0 update but the reference link incorrectly stated IIS 5.1.

    Released 02/12/08

    MS08-004 Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)

    Maximum Severity Rating: Important

    Affected Software / Operating System:
    • Windows Vista
    • Windows Vista x64 Edition

    Non-Affected Software / Operating System
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows 2003 Server x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems
    • Windows Vista Service Pack 1 (all editions)
    • Windows Server 2008 (all editions)

    Released 02/12/08 Updated 2/13/08

    MS08-003 Vulnerability in Active Directory Could Allow Denial of Service (946538)

    Maximum Severity Rating: Important

    Affected Component / Operating System:
    • Active Directory
      • Microsoft Windows 2000 Server Service Pack 4
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • ADAM
      • Windows XP Professional Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2

    Non-Affected Software / Operating System:
    • Windows Vista
    • Windows Vista Service Pack 1 (all editions)
    • Windows Vista x64 Edition
    • Windows Server 2008 (all editions)
    • Windows XP Home Service Pack 2
    • Windows XP Tablet Edition Service Pack 2
    • Windows XP Media Center Edition Service Pack 2
    • Windows 2000 Professional Service Pack 4

    Revisions
    • V1.0 (February 12, 2008): Bulletin published.
    • V1.1 (February 13, 2008): Bulletin updated to reflect the correct KB number in the Registry Key Verification section for all supported x64-based editions of Windows XP Professional with ADAM installed.

    Released 01/08/08

    MS08-002 Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)

    Maximum Severity Rating: Important

    Affected Software/Operating System:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows 2003 Server x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems
    Non-Affected Software/Operating System
    • Windows Vista
    • Windows Vista x64 Edition

    Released 01/08/08 Updated 1/25/08

    MS08-001 Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)

    Maximum Severity Rating: Critical

    Affected Software/Operating System:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista
    • Windows Vista x64 Edition
    Revisions
    • V1.0 (January 8, 2008): Bulletin published.
    • V2.0 (January 23, 2008): Bulletin updated to add Windows Small Business Server 2003 Service Pack 2 as an affected product. Also added an FAQ to clarify that current Microsoft detection and deployment tools already correctly offer the update to Windows Small Business Server 2003 Service Pack 2 customers.
    • V3.0 (January 25 2008): This bulletin was revised to clarify the impact of Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability (CVE-2007-0069) on supported editions of Windows Small Business Server 2003 and Windows Home Server. Also included is an explanation and clarification that current Microsoft detection and deployment tools already correctly offer the update to systems running Windows Small Business Server 2003 and Windows Home Server.



    Expand got feedback?

    by MSeng See Profile
    last modified: 2008-04-22 21:17:19