Microsoft Releases 8 Security Patches, 4 Deemed 'Critical'

Microsoft released its latest security update, which includes eight cumulative patches addressing vulnerabilities in Office applications, Windows, and Internet Explorer.

MS08-022, considered critical by the company, secures a vulnerability in the VBScript and JScript scripting engines in Windows 2000, XP and Windows Server 2003. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

MS08-023 and MS08-024, considered critical, address holes that could allow remote code execution if a user viewed specially crafted Web pages using Internet Explorer. Users with administrative rights would be more greatly affected than those with fewer user rights on the system.

MS08-021, also pegged as critical, addresses vulnerabilities in GDI, which could allow remote code execution if a user opened a specially crafted EMF or WMF image file.

MS08-025, considered important, resolves a privately reported vulnerability in the Windows kernel. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. It affects Windows 2000, Windows Server 2003 and 2008, XP and Vista.

MS08-020 addresses a spoofing vulnerability that exists in Windows DNS clients, in which an attacker could send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations.

MS08-018 and MS08-019 address vulnerabilities in Office Project and Visio, respectively, in which the programs could allow code execution if a user opens a specially crafted file.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • open laptop in a college classroom with holographic AI icons like a brain and data charts rising from the screen

    4 Ways Universities Are Using Google AI Tools for Learning and Administration

    In a recent blog post, Google shared an array of education customer stories, showcasing ways institutions are using AI tools like Gemini and NotebookLM to transform both learning and administrative tasks.

  • illustration of a human head with a glowing neural network in the brain, connected to tech icons on a cool blue-gray background

    Meta Launches Stand-Alone AI App

    Meta Platforms has introduced a stand-alone artificial intelligence app built on its proprietary Llama 4 model, intensifying the competitive race in generative AI alongside OpenAI, Google, Anthropic, and xAI.

  • three main icons—a cloud, a user profile, and a padlock—connected by circuit lines on a blue abstract background

    Report: Identity Has Become a Critical Security Perimeter for Cloud Services

    A new threat landscape report points to new cloud vulnerabilities. According to the 2025 Global Threat Landscape Report from Fortinet, while misconfigured cloud storage buckets were once a prime vector for cybersecurity exploits, other cloud missteps are gaining focus.

  • Stylized illustration showing cybersecurity elements like shields, padlocks, and secure cloud icons on a neutral, minimalist digital background

    Microsoft Announces Security Advancements

    Microsoft has announced major security advancements across its product portfolio and practices. The work is part of its Secure Future Initiative (SFI), a multiyear cybersecurity transformation the company calls the largest engineering project in company history.