14 DAY TRIAL // On April 8, 2008, Microsoft released a total of eight security bulletins for Windows, Office and Internet Explorer as an integral part of its monthly patch cycle. The patches are delivered through the Windows Update infrastructure, but the Redmond company is also making them available as an ISO image through the Microsoft Download Center. The April 2008 Security Releases ISO Image is a package containing all the security updates released for the Windows operating system that have been also distributed through WU starting with April 8. In this regard, this month's Security Releases ISO Image has bundled the patches designed to plug the security vulnerabilities in Windows Vista Service Pack 1 RTM.
Microsoft's eight bulletins resolve "a total of 10 vulnerabilities," said Keith, Symantec Security Response Engineer. "Of those, six are rated 'critical,' three are 'important' and one is 'moderate.' Although all the critical issues are noteworthy, the vulnerability in VBScript/JScript and the vulnerabilities in GDI could be the worst of the bunch. The components are installed on multiple flavors of Windows and are relatively easy to exploit. Customers are advised to follow security best practices, specifically avoiding websites of unknown and questionable integrity and refusing to accept or open files from unknown sources."
The April 2008 Security Releases ISO Image brings to the table the following security bulletins: MS08-020, MS08-021, MS08-022, MS08-023, MS08-024 and MS08-025. No less than four of these impact Windows Vista RTM and SP1. MS08-020 will plug a hole in the DNS Client that allows for spoofing or redirecting of Internet traffic to malicious locations. MS08-025 resolves an issue in the Windows Kernel that leaves even Vista SP1 susceptible to Elevation of Privilege attacks. MS08-023 is an update of ActiveX Kill Bits and MS08-021 deals with two critical vulnerabilities in the GDI, which could allow for remote code execution and the compete takeover of a compromised system.
The April 2008 Security Releases ISO Image is available for download via this link.