14 DAY TRIAL // Yes, it's that time of the month again... For Microsoft, January 8th, 2008 was synonymous with the first Patch Tuesday of this year. The Redmond company releases security update for its software products on a monthly basis, and the availability date coincides with the second Tuesday of every month. But, in addition to delivering the updates via the Microsoft Download Center, Windows Update, Automatic Updates and Windows Server Update Services, the company also drops an ISO image with the security bulletins, made available as an integer part of its monthly patch cycle. Exception to this rhythm of security releases is made only by Critical patches, designed to plug vulnerabilities that are already been exploited in the wild, putting end users at risk.
"We're starting off the year here in MSRC-land with the release of two bulletins and a security advisory. The first bulletin, MS08-001, addresses a vulnerability in TCP(IP)/IGMP that could allow remote code execution. It has a maximum severity of Critical. The other bulletin, MS08-002, addresses a vulnerability in LSASS that could allow local elevation of privilege. It has a maximum severity of Important. We also released a security advisory (943411) for currently supported editions of the Windows Vista operating system. This update, to improve Windows Sidebar Protection, enables Windows Sidebar to block potentially vulnerable gadgets", revealed Tami Gallupe, MSRC Release Manager.
The January 2008 Security Releases ISO Image contains both of the security bulletins issued for the Windows platform. In this manner, users will be able to access both MS08-001 and MS08-002. The first security bulletin will patch two vulnerabilities residing in Transmission Control Protocol/Internet Protocol (TCP/IP) processing, the Critical flaw affecting Windows Vista. MS08-002 deals with a hole in the Microsoft Windows Local Security Authority Subsystem Service (LSASS).
"This DVD5 ISO image file contains the security updates for Windows released on Windows Update on January 8th, 2008. The image does not contain security updates for other Microsoft products. This DVD5 ISO image is intended for administrators that need to download multiple individual language versions of each security update and that do not use an automated solution such as Windows Server Update Services (WSUS). You can use this ISO image to download multiple updates in all languages at the same time", Microsoft informed.