Added support for April 2008 Microsoft security updates

The information in this article applies to:

• GFI LANguard 9.0
• GFI LANguard Network Security Scanner 7
• GFI LANguard Network Security Scanner 8

Article ID: KBID003328

Query keywords: Patch Detection update, Security Updates

Support for the following Microsoft security updates have been released by GFI for GFI LANguard.
These updates will be automatically downloaded and added to your security vulnerability scanning database on your next restart of GFI LANguard.

New Security Updates Supported:

• MS08-025 - Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)
• MS08-024 - Cumulative Security Update for Internet Explorer (947864)
• MS08-023 - Security Update of ActiveX Kill Bits (948881)
• MS08-022 - Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
• MS08-021 - Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
• MS08-020 - Vulnerability in DNS Client Could Allow Spoofing (945553)
• MS08-019 - Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)
• MS08-018 - Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)

More Information:

MS08-025
Severity Rating: Important
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)

Description:

This security update resolves a privately reported vulnerability in the Windows kernel. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. This is an important security update for all supported editions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

Included Updates:

• Security Update for Windows XP x64 Edition (KB941693)
• Security Update for Windows XP (KB941693)
• Security Update for Windows Server 2003 x64 Edition (KB941693)
• Security Update for Windows Server 2003 for Itanium-based Systems (KB941693)
• Security Update for Windows Server 2003 (KB941693)
• Security Update for Windows 2000 (KB941693)
• Security Update for Windows Vista (KB941693)
• Security Update for Windows Server 2008 for Itanium-based Systems (KB941693)
• Security Update for Windows Server 2008 x64 Edition (KB941693)
• Security Update for Windows Server 2008 (KB941693)
• Security Update for Windows Vista for x64-based Systems (KB941693)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-025.mspx

MS08-024
Severity Rating: Critical
Cumulative Security Update for Internet Explorer (947864)

Description:

This security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update is rated Critical for all supported releases of Internet Explorer.

Included Updates:

• Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB947864)
• Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB947864)
• Cumulative Security Update for Internet Explorer 7 for Windows XP (KB947864)
• Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB947864)
• Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 for Itanium-based Systems (KB947864)
• Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows XP x64 Edition (KB947864)
• Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows XP (KB947864)
• Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 x64 Edition (KB947864)
• Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 for Itanium-based Systems (KB947864)
• Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 (KB947864)
• Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB947864)
• Cumulative Security Update for Internet Explorer 6 for Windows XP x64 Edition (KB947864)
• Cumulative Security Update for Internet Explorer 6 for Windows XP (KB947864)
• Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 x64 Edition (KB947864)
• Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems (KB947864)
• Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 (KB947864)
• Cumulative Security Update for Internet Explorer 5.01 Service Pack 4 (KB947864)
• Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB947864)
• Cumulative Security Update for Internet Explorer 7 in Windows Vista for x64-based Systems (KB947864)
• Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems (KB947864)
• Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB947864)
• Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB947864)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-024.mspx

MS08-023
Severity Rating: Critical
Security Update of ActiveX Kill Bits (948881)

Description:

This security update resolves one privately reported vulnerability for a Microsoft product. This update also includes a kill bit for the Yahoo! Music Jukebox product. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update is rated Critical for Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4; Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4; Windows XP Service Pack 2; and Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2. The security update is rated Important for Windows Vista and Windows Vista Service Pack 1; and Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1. The security update is rated Moderate for all supported editions of Windows Server 2003. For all other supported versions of Windows, this security update is rated Low.

Included Updates:

• Security Update for ActiveX Killbits for Windows XP x64 Edition (KB948881)
• Security Update for ActiveX Killbits for Windows XP (KB948881)
• Security Update for ActiveX Killbits for Windows Server 2003 x64 Edition (KB948881)
• Security Update for ActiveX Killbits for Windows Server 2003 for Itanium-based Systems (KB948881)
• Security Update for ActiveX Killbits for Windows Server 2003 (KB948881)
• Security Update for ActiveX Killbits for Internet Explorer 6 for Windows 2000 (KB948881)
• Security Update for ActiveX Killbits for Internet Explorer 5.01 for Windows 2000 (KB948881)
• Security Update for ActiveX Killbits for Windows Server 2008 (KB948881)
• Security Update for ActiveX Killbits for Windows Vista (KB948881)
• Security Update for ActiveX Killbits for Windows Server 2008 x64 Edition (KB948881)
• Security Update for ActiveX Killbits for Windows Vista for x64-based Systems (KB948881)
• Security Update for ActiveX Killbits for Windows Server 2008 for Itanium-based Systems (KB948881)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-023.mspx

MS08-022
Severity Rating: Critical
Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)

Description:

This security update resolves a privately reported vulnerability in the VBScript and JScript scripting engines in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This is a critical security update for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.

Included Updates:

• Security Update for Windows XP x64 Edition (KB944338)
• Security Update for Windows XP (KB944338)
• Security Update for Windows Server 2003 x64 Edition (KB944338)
• Security Update for Windows Server 2003 for Itanium-based Systems (KB944338)
• Security Update for Windows Server 2003 (KB944338)
• Security Update for Windows 2000 (KB944338)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-022.mspx

MS08-021
Severity Rating: Critical
Vulnerabilities in GDI Could Allow Remote Code Execution (948590)

Description:

This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted EMF or WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This is a critical security update for Microsoft Windows 2000 Service Pack 4, and all supported releases of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

Included Updates:

• Security Update for Windows XP x64 Edition (KB948590)
• Security Update for Windows XP (KB948590)
• Security Update for Windows Server 2003 x64 Edition (KB948590)
• Security Update for Windows Server 2003 for Itanium-based Systems (KB948590)
• Security Update for Windows Server 2003 (KB948590)
• Security Update for Windows 2000 (KB948590)
• Security Update for Windows Server 2008 for Itanium-based Systems (KB948590)
• Security Update for Windows Vista for x64-based Systems (KB948590)
• Security Update for Windows Server 2008 (KB948590)
• Security Update for Windows Server 2008 x64 Edition (KB948590)
• Security Update for Windows Vista (KB948590)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-021.mspx

MS08-020
Severity Rating: Important
Vulnerability in DNS Client Could Allow Spoofing (945553)

Description:

This security update resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS clients and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations. This is an important security update for Windows Vista and all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.

Included Updates:

• Security Update for Windows XP x64 Edition (KB945553)
• Security Update for Windows XP (KB945553)
• Security Update for Windows Server 2003 x64 Edition (KB945553)
• Security Update for Windows Server 2003 for Itanium-based Systems (KB945553)
• Security Update for Windows Server 2003 (KB945553)
• Security Update for Windows 2000 (KB945553)
• Security Update for Windows Vista for x64-based Systems (KB945553)
• Security Update for Windows Vista (KB945553)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx

MS08-019
Severity Rating: Important
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)

Description:

This security update resolves privately reported vulnerabilities in Microsoft Office Visio that could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Important for Microsoft Office Visio 2002 Service Pack 2, Microsoft Office Visio 2003 Service Pack 2, Microsoft Office Visio 2003 Service Pack 3, Microsoft Office Visio 2007, and Microsoft Office Visio 2007 Service Pack 1.

Included Updates:

• Security Update for Microsoft Office Visio 2007 (KB947590)
• Security Update for Microsoft Office Visio 2003 (KB947650)
• Security Update for Microsoft Visio 2002 (KB947896)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-019.mspx

MS08-018
Severity Rating: Critical
Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)

Description:

This security update resolves a privately reported vulnerability in Microsoft Office Project that could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Microsoft Project 2000 Service Release 1 and rated Important for Microsoft Project 2002 Service Pack 1, and Microsoft Office Project 2003 Service Pack 2.

Included Updates:

• Security Update for Microsoft Office Project 2003 (KB948962)
• Security Update for Microsoft Project 2002 (KB949005)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS08-018.mspx

Note

• The above patches may not be supported on all Operating System or product languages. A list of languages supported by GFI LANguard 7 is found at: http://kbase.gfi.com/showarticle.asp?id=KBID002517
  
  
• A list of bulletins supported by GFI LANguard can be found in the following page:
  http://gfi.com/lannetscan/msfullreport.htm