Microsoft patches 10 flaws with seven bulletins

Microsoft on Tuesday released its June 2008 security bulletin, which includes three critical, three important, and one moderate patch.

Of the critical, one is for the Bluetooth stack in Windows XP and Windows Vista, one is for DirectX, and another is a cumulative update to Internet Explorer. The one moderate bulletin covers a flaw in the speech recognition feature in Windows 2000, XP, and Windows Vista. Of the important bulletins, one concerns Active Directory and another Pragmatic General Multicast (PGM). All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS08-030: Critical

Titled "Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)", this bulletin is critical for users of Windows XP and Windows Vista (both 32-bit and 64-bit editions). The update addresses vulnerabilities detailed in CVE-2008-1453. The patch modifies the way that the Bluetooth stack handles a large number of service description requests. Microsoft says an attacker could use this to take complete control of an affected system; install programs; view, change, or delete data; or create new accounts with full user rights.

MS08-031: Critical

Titled "Cumulative Security Update for Internet Explorer (950759)", this bulletin affects all users of Windows. However, the critical designation only applies to users of Windows XP and Windows Vista; all others are deemed moderate or important by Microsoft. The update addresses vulnerabilities in CVE-2008-1442 and CVE-2008-1544. The cumulative patch fixes a couple of vulnerabilities including one that could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer and another which could allow information disclosure if a user viewed a specially crafted Web page using Internet Explorer.

MS08-032: Moderate

Titled "Cumulative Security Update of ActiveX Kill Bits (950760)", this bulletin affects users of Microsoft Windows 2000 Service Pack 4; all supported editions of Windows XP; and all editions of Windows Vista including Windows Vista Service Pack 1. The update addresses the issues in CVE-2007-0675. It fixes a publicly reported vulnerability for the Microsoft Speech API that could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer and has the speech recognition feature in Windows enabled.

MS08-033: Critical

Titled "Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)", this bulletin affects all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. This update addresses the vulnerability detailed in CVE-2008-0011 and CVE-2008-1444. Microsoft says the vulnerability "could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

MS08-034: Important

Titled "Vulnerability in WINS Could Allow Elevation of Privilege (948745)", this bulletin affects all supported editions of Microsoft Windows 2000 Server and Windows Server 2003. This update addresses the vulnerability detailed in CVE-2008-1451. Microsoft says an attacker could use an elevation of privilege to take complete control of an affected system, and then install programs; view, change, or delete data; or create new accounts.

MS08-035: Important

Titled "Vulnerability in Active Directory Could Allow Denial of Service (953235)", this bulletin is rated Important for all supported editions of Microsoft Windows 2000 Server, and rated Moderate for select editions of Windows XP Professional, Windows Server 2003, and Windows Server 2008. This update addresses the vulnerability detailed in CVE-2008-1445. Microsoft says the vulnerability could be exploited to allow an attacker to cause a denial-of-service condition.

MS08-036: Important

Titled "Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)", this bulletin is rated Important for all supported editions of Windows XP and Windows Server 2003 and rated Moderate for all supported editions of Windows Vista and Windows Server 2008. This update addresses the vulnerability detailed in CVE-2008-1440 and CVE-2008-1441. Microsoft says "an attacker who successfully exploited this vulnerability could cause a user's system to become non-responsive and to require a restart to restore functionality. Note that the denial-of-service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests."

[JCPayne]

The best patch of all.

http://www.ubuntu.com/
(burn to CD)
then reboot.

[thelemurking]

Can you run COD4 multiplayer on it? How about Crysis? :p

Granted you can use Wine and patch your way to COD4 single player... haven't seen Crysis yet for Wine, but I am addicted to COD4 and therefor require Windows.

[wolivere]

Hmm and how many security pathc's did I get last month on my Ubuntu install?

http://www.ubuntu.com/usn

Hmm strange there be a lot there, and strange some are the same types of issues...

*boggle* that

[Dalkorian]

Wolivere, remind me which of those Ubuntu patches fixed an issue where someone could use a WEB BROWSER vulnerability to run code on your computer (M$08-031) or a media file vulnerability to take the machine over completely (M$08-033). Thelemurking appears to be in the same boat as me, winblows makes a decent gaming console at least!

[pgp_protector]

JC, that's nice, unless I want my current software to work.

[wolivere]

JC intresting and how many security patchs does Ubuntu have out?

http://www.ubuntu.com/usn

[Imalittleteapot]

Maybe they should make an OS with no patches. Less patches means more secure right? Well if you feel that way just don't install these.

[The_Decider]

The real question is how many machines running Linux get owned by ignorant 12 year olds a day vs Windows?

Case closed, Windows is garbage.

[Vegaman_Dan]

I think it is perhaps because the business and consumer world has not moved to Linux for desktop users. Cry all you want, but Linux for end users simply isn't up to the task at this time. Perhaps some day in the future, but after multiple attempts, it has failed every time to meet the needs of the average computer user. Walmart has tried twice and failed and if you can't even get a Walmart customer to use the product, you don't have much chance at success there.

As a trolling attempt, you may want to work on your technique.

[The_happy_switcher]

Just say no to windows and endless patches?you know the rest.

[kojacked]

And say hello to endless quicktime and safari patches...

[jcorkrum]

Just installed these patches in my Athlon XP SP2 computer and am now in continuous reboot mode...even in Safe Mode.

[kojacked]

+1

I honestly believe "The Decider" really is George Bush. He is just as much of a tool as our president is.

[Imalittleteapot]

But, but, but how is this possible? I thought Vista was the most secure OS on the planet! How is it possible they both share problems? These attacks should work on XP only because it is so insecure. I do not for one second believe that Vista has any flaws whatsoever!!! The Vista fan boys have told me so! Microsoft even told us themselves that Vista has less security flaws than XP right here!
http://news.cnet.com/8301-10784_3-9959703-7.html?part=rss&subj=news&tag=2547-1_3-0-5
45 for Vista versus 56 for XP! That's amazing!!! That right there means Vista cannot have these flaws because it has no more flaws! You can't count them if you haven't found them all!!!

Until of course you read this and realize that means they only found 45. The others were/are still lurking somewhere in the background unpatched. Yet again I say, fixing fewer flaws doesn't make me one bit safer. This is Microsoft's number one problem with security. Apparently they do not understand what the word secure means. Anyway, a hacker only needs one way in and there will always be at least a hundred into any box. It is just a matter of finding them.

[cross platform]

Yadda, yadda, yadda,. Same old " Vista is crap. My OS is better " BS.

While I happen to think ( After being both a Mac and Windpws user for years ) that OS X is far superior to any of them. Vista isn't bad at all. I've used it since Oct. 2007 after upgrading my machine from XP SP2. I now have SP 1 on Vista and it runs fine ( like I've been telling you ). The truth of the matter is no matter how secure an OS is if it's top dog it's the one that will be targeted by virus, spyware, and hackers. So if Ubuntu or Linux or even OS X was the number one that most people used trust me it would have the same kind of problems that haved to patched to contain some weakness the bad guys found. Because as we all know they always find a way.

It killed yahoo E-mail on my Vista machine, and seems to resist attempts to go back.

[Seaspray0]

And what 12 year old would this be, decider? Did he/she write the actual code? Of course not; the 12 year old was simply using the code that was given to him. Your statement is analagous to saying any 12 year old can be a general in the army by simply wearing the uniform. Try again.