April 2008 Monthly Release

April 2008 Monthly Bulletin Release

I’m Simon, Release Manager in the MSRC.  The April 2008 release contains 8 new bulletins, 5 of which have maximum severities of “Critical”.

MS08-018            Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)

MS08-019            Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)

MS08-020            Vulnerability in DNS Client Could Allow Spoofing (945553)

MS08-021            Vulnerabilities in GDI Could Allow Remote Code Execution (948590)

MS08-022            Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)

MS08-023            Security Update of ActiveX Kill Bits (948881)

MS08-024            Cumulative Security Update for Internet Explorer (947864)

MS08-025            Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)


I’d also like to tell you about an improvement we’re introducing to the bulletins this month.

Back in December, you might have noticed a change in the IE bulletins.  We had been looking at moving the File Specifications lists out of the bulletins and into their associated bulletin Knowledge Base (KB) article.  We decided to pilot this with the IE bulletin because it has typically the largest file manifest.  We’ve successfully piloted this with two IE releases, and now it’s time to roll this change out to the rest of our bulletins.

By moving the file manifest out of the bulletins and into the KBs, this significantly reduces the size of the bulletins which will improve the rendering time when you open a bulletin.  Also, the KB tends to be more of a repository of specific package deployment details, and as such, the file manifests are better located there in order to serve those looking for reference-level material on the bulletins.  For bulletins which contain multiple distinct package KBs (such as Office), each KB will contain only the file manifest that directly relates to the associated package.

We hope that you find this improves both rendering performance and readability.

Please join us for the regular monthly security bulletin webcast, Wednesday April 9 11:00 AM PDT (GMT -7). We’ll have an overview of the April bulletins, and you’ll have the opportunity to ask us questions around the release.



*This posting is provided “AS IS” with no warranties, and confers no rights.*