Microsoft Security Patches April 2008

Microsoft have released their Security Bulletin Summary for April 2008 today which contains information and download links to eight patches for various Microsoft operating systems and applications like Microsoft Office and Microsoft Internet Explorer. Five of the eight security patches are patching critical vulnerabilities while three patch important ones. The update is recommended for every user that uses Windows and or Microsoft Office.

All critical vulnerabilities which affect Microsoft Windows, Microsoft Office and Internet Explorer allow Remote Code Execution. The easiest way to patch these security vulnerabilities is by visiting the Windows Update website with Internet Explorer and let a script check the available updates for your system. Please note that you will be asked if you want to install Service Pack 3 Refresh 2 for Windows XP if you use that operating system. My advise would be to not install this version yet and wait for the release version.

All security updates will be displayed and are selected for immediate download and installation. You could follow the link above which leads to the Microsoft website that explains the vulnerabilities and leads to downloads of the patches. This means that you have to make sure to pick the correct downloads for your operating system and software.

• Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183) - This security update resolves a privately reported vulnerability in Microsoft Project that could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Vulnerabilities in GDI Could Allow Remote Code Execution (948590) - This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted EMF or WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338) - This security update resolves a privately reported vulnerability in the VBScript and JScript scripting engines in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• Security Update of ActiveX Kill Bits (948881) - This security update resolves one privately reported vulnerability for a Microsoft product. This update also includes a kill bit for the Yahoo! Music Jukebox product. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Cumulative Security Update for Internet Explorer (947864) - This security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.