It's Windows Patch Tuesday: October 2008

Justin James presents a rundown on the October batch of Microsoft Windows patches. He wades through the available resources and brings you the information you need to make the right decision on applying them in your organization.

Hello, and welcome to the October 2008 installment of TechRepublic's Windows Patch Tuesday updates. I would like to thank everyone who took the time to send their kind words and great suggestions last month; we are glad that you like it so much and find it valuable. This month's update is relatively tame, so let's get to it.

Security patches

MS08-058 - Critical: This is a monster-sized "cumulative security update" for Internet Explorer. It covers IE 5.01 SP4 through IE 7, Windows 2000 through Vista and Windows Server 2008, 32-bit and 64-bit versions. In others words, if you have a Windows computer made in the last eight years, this one applies to you, with the exception of Windows Server 2008 server core installations. You will want to install this immediately, particularly if you have been lax about patching IE lately, since it addresses a number of remote code execution attacks (in IE 5 and IE 6) and information disclosure bugs in IE 7. Note that the IE 5 and IE 6 bugs are "critical" while the IE 7 issues are "Important" and "Low" priority. MS08-060/KB956803 - Critical: This patch addresses a problem that could allow an attacker to execute a remote code execution attack using LDAP as the attack vector. The attacker needs to be within the network to execute the attack. This patch is for Windows 2000 Server only. If you have Windows 2000 servers, apply this patch immediately. MS08-061/KB954211 - Important: This patch for Windows 2000, Vista, Server 2003 and 2008 (including server core) fixes three escalation of privilege vulnerabilities. One of the vulnerabilities was public, two were not. The designated importance is only "Important," probably because the attacker needs to be local to begin with; anonymous and remote users could not take advantage of them (small relief there). For a number of systems with XP SP3, who had failed SP3 installations, they may end up having this patch offered to them twice; don't worry about it, and go ahead and install it twice. This patch is not a "right now!" patch, but you should get it installed when you have the opportunity. MS08-062/KB953155 - Important: This is an update that closes a remote code execution hole in Windows 2000, XP, 2003, and 2008 (including server core). Note that Vista is unaffected by this vulnerability. The bug is in the Windows Internet Printing Service and requires that the user be logged in with local administrative rights. You should install this patch when you are installing others, but don't rush to do updates just for this one item. MS08-063/KB957095 - Important: There's a previously undisclosed bug in SMB (used for Windows File Sharing) that allows a remote attacker to execute code on your computer. Luckily, this would require someone to be in your network, so at least anonymous Internet attackers can't exploit it. This problem and the patch affect Windows 2000, XP, Vista, and 2008 (including server core), 32-bit and 64-bit. Microsoft may call this patch "important," but I would plan on installing this sooner rather than later. MS08-064/KB956841 - Important: Yup, another "escalation of privileges" vulnerability that can be exploited through a carefully crafted executable package, this time in the "virtual address descriptor." This patch closes the bug on XP, Vista, Server 2003 and 2008 (including server core), both 32-bit and 64-bit editions. This one is not quite as important since it requires the user to deliberately run something, but we know how users click "Yes" to everything. You will want to install this as part of your normal patch process. MS08-065/KB951071 - Important: This update is only for Windows 2000, and only needed if MSMQ is installed and enabled. It fixes a remote code execution problem. Go ahead and get it installed if your system meets the criteria. MS08-066/KB956803 - Important: The patch corrects an escalation of privileges issue in XP and Server 2003, 32-bit and 64-bit. The problem is that a local attacker can gain control of the system. It is not a high-priority problem, and you should not make a special effort to install this patch. One important thing to keep in mind with this one: if you are using a number of versions of Zone Alarm products (including EndPoint Security), you may find yourself unable to connect to the Internet after applying the patch. The Knowledge Base article contains a list of the problematic Zone Alarm products. At the same time, you will want to make sure that it does get installed during your normal update cycle, unless you are using one of the Zone Alarm products that it conflicts with.

KB956391: The usual ActiveX killbits update. Windows 2000, XP, Vista, Server 2003 and Server 2008 all get this. Install it during your normal update cycle.

Other updates

KB950193: This update for Windows Server SP1 came out a few weeks ago and fixes problems caused by improperly dismounted or removed hard drives.

KB955519: A cumulative update for Vista's Media Center, 32-bit and 64-bit. This fixes a number of minor annoyances in Media Center. No need to install this, unless you use Media Center and have been having problems.

KB956147: This update for Vista's Media Center TV Pack fixes a few minor issues. Like the previous item, you don't need to bother with it unless you are a Media Center user who has been having problems.

KB957000: In case you were worried that Microsoft wasn't properly collecting information from your PC as part of the "Customer Experience Improvement Program" (CEIP), you can apply this patch to ensure that your system is updated to the "latest and greatest" CEIP bits. Hooray.

Ultimate Extras: These were actually released a few weeks ago, but you'll be seeing them now for sure. More DreamScene content and, even better, a new game! I can tell you from personal experience that "Tinker" is a ton of fun; it's a steampunk-ish puzzle game. You'll want to install this ahead of your normal patch cycle; just don't tell the boss! You'll also get a new set of sounds from the game to use in Windows.

"The Usual Suspects": Updates to the Malicious Software Removal Tool, Junk Email filters, Defender, Genuine Advantage updates, root certificates, etc.

Stay on top of the latest XP tips and tricks with TechRepublic's Windows XP newsletter, delivered every Thursday. Automatically sign up today!


Justin James is the Lead Architect for Conigent.

Editor's Picks