********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: June 19, 2008
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS08-030 - Critical

Bulletin Information:
=====================

* MS08-030 - Critical
http://www.microsoft.com/technet/security/bulletin/ms08-030.mspx

- Reason for Revision: V2.0 (June 18, 2008 Added "Why was this
security update reoffered on June 18, 2008?" entry to the
Update FAQ to advise customers running Windows XP Service
Pack 2 and Windows XP Service Pack 3 that a revised version
of the security update is available.
- Originally posted: June 10, 2008
- Updated: June 19, 2008
- Bulletin Severity Rating: Critical
- Version: 2.0

Title: Microsoft Security Bulletin Revisions
Issued: June 24, 2008
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS07-042 - Critical

Bulletin Information:
=====================

* MS07-042 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx
- Reason for Revision: V4.0 (June 24, 2008): Bulletin updated:
Added Windows XP Service Pack 3, Windows Vista Service Pack
1, Windows Vista x64 Edition Service Pack 1, Windows Server
2008 for 32-bit Systems, Windows Server 2008 for x64-based
Systems, and Windows Server 2008 for Itanium-based Systems as
affected software. This is a detection update only. There
were no changes to the binaries.
- Originally posted: August 14, 2007
- Updated: June 24, 2008
- Bulletin Severity Rating: Critical
- Version: 4.0

Microsoft Security Advisory (954960)
Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates
Published: June 30, 2008

Microsoft is investigating public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft is aware of reports from customers who are experiencing this issue.

Upon completing the investigation, Microsoft will take appropriate action to resolve the issue within Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1.

Note The issue affecting System Center Configuration Manager 2007 first described in Microsoft Security Advisory 954474, where System Center Configuration Manager 2007 systems were blocked from deploying security updates, is separate from the issue described in this advisory.

Mitigating Factors:

• This issue is limited to customers who deploy updates through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1, and have Microsoft Office 2003 installed in their environments.

http://www.microsoft.com/technet/security/advisory/954960.mspx

Microsoft Security Advisory (955179)
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
Published: July 7, 2008

Microsoft is investigating active, targeted attacks leveraging a potential vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

The ActiveX control for the Snapshot Viewer for Microsoft Access enables you to view an Access report snapshot without having the standard or run-time versions of Microsoft Office Access. The vulnerability only affects the ActiveX control for the Snapshot Viewer for Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003.

The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007. The ActiveX control is also shipped with the standalone Snapshot Viewer.

Mitigating Factors

• In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail or Instant Messenger message that takes users to the attacker's Web site.

• An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone.

http://www.microsoft.com/technet/security/advisory/955179.mspx?pf=true

********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: July 10, 2008
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS08-037 - Important

Bulletin Information:
=====================

* MS08-037 - Important

- http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
- Reason for Revision: V2.0 (July 10, 2008): Bulletin revised to
inform users of ZoneAlarm and Check Point Endpoint Security
of an Internet connectivity issue detailed in the section,
Frequently Asked Questions (FAQ) Related to this Security
Update. The revision did not change the security update files
in this bulletin, but users of ZoneAlarm and Check Point
Endpoint Security should read the FAQ entries for guidance.
- Originally posted: July 8, 2008
- Updated: July 10, 2008
- Bulletin Severity Rating: Important
- Version: 2.0

Microsoft Security Advisory (954960)
Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates
Published: June 30, 2008 | Updated: July 10, 2008

Microsoft has completed the investigation into public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft confirmed those reports and has released an update to correct this issue under Microsoft Knowledge Base Article 954960. Microsoft encourages customers affected by this issue to review and install this update.

http://support.microsoft.com/kb/954960

http://www.microsoft.com/technet/security/advisory/954960.mspx

********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: July 16, 2008
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS08-033 - Critical
* MS07-064 - Critical

Bulletin Information:
=====================

* MS08-033 - Critical
http://www.microsoft.com/technet/security/bulletin/ms08-033.mspx

- Reason for Revision: V2.0 (July 16, 2008): Added DirectX 9.0a as
affected software.
- Originally posted: June 10, 2008
- Updated: July 16, 2008
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS07-064 - Critical
http://www.microsoft.com/technet/security/bulletin/ms07-064.mspx

- Reason for Revision: V3.0 (July 16, 2008): Bulletin updated to
reflect that the update for DirectX 9.0 also applies to
DirectX 9.0a.
- Originally posted: December 11, 2007
- Updated: July 16, 2008
- Bulletin Severity Rating: Critical
- Version: 3.0

Other Information
=================

Recognize and avoid fraudulent e-mail to Microsoft customers:
=============================================================
If you receive an e-mail message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious Web sites. Microsoft does not distribute security updates via e-mail.

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, it is not required to read security notifications, security bulletins, security advisories, or install security updates. You can obtain the MSRC public PGP key at
https://www.microsoft.com/technet/security/bulletin/pgp.mspx

Microsoft Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941569)
Brief Description
A security issue has been identified that could allow an attacker to remotely compromise your Windows-based system using Windows Media file formats and gain control over it.

Overview
A security issue has been identified that could allow an attacker to remotely compromise your Windows-based system using Windows Media file formats and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.
http://www.microsoft.com/downloads/details.aspx?FamilyID=bece702a-6e61-433e-8275-20f4e84f2c92&DisplayLang=en#AdditionalInfo

Microsoft Security Advisory Notification - July 25, 2008

***********************************************
Title: Microsoft Security Advisory Notification
Issued: July 25, 2008
***********************************************

Security Advisories Updated or Released Today
==============================================
Microsoft Security Advisory (956187)
Increased Threat for DNS Spoofing Vulnerability
Published: July 25, 2008

Microsoft released Microsoft Security Bulletin MS08-037 on July 8, 2008, offering security updates to protect customers against Windows Domain Name System (DNS) spoofing attacks. Microsoft released this update in coordination with other DNS vendors who were also similarly impacted. Since the coordinated release of these updates, the threat to DNS systems has increased due to a greater public understanding of the attacks, as well as detailed exploit code being published on the Internet.

Microsoft is not currently aware of active attacks utilizing this exploit code or of customer impact at this time. However, attacks are likely imminent due to the publicly posted proof of concept and Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.

Microsoft’s investigation of this exploit code has verified that it does not affect Microsoft customers who have installed the updates detailed in Microsoft Security Bulletin MS08-037. Microsoft continues to recommend that customers apply the updates to the affected products by enabling the Automatic Updates feature in Windows.

Microsoft has identified known issues with the updates offered in Microsoft Security Bulletin MS08-037. For more information about known installation issues, see Frequently Asked Questions (FAQ) Related to This Security Update in Microsoft Security Bulletin MS08-037, and Known issues with this security update in Microsoft Knowledge Base Article 953230
http://www.microsoft.com/technet/security/advisory/956187.mspx

Microsoft Security Advisory (954960)
Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates
Published: June 30, 2008 | Updated: August 1, 2008

Microsoft has completed the investigation into public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft confirmed those reports and has released an update to correct this issue under Microsoft Knowledge Base Article 954960. Microsoft encourages customers affected by this issue to review and install this update.

Notes The issue affecting System Center Configuration Manager 2007 first described in Microsoft Security Advisory 954474, where System Center Configuration Manager 2007 systems were blocked from deploying security updates, is separate from the issue described in this advisory. However, there are similarities in the contributing factors in both issues.

Customers who wish to verify that the update has been installed properly can check that their version of Microsoft.UpdateServices.WebServices.Client.Dll, located at %ProgramFiles%\Update Services\WebServices\ClientWebService\bin\, is 3.1.6001.66.

The update detailed in Microsoft Knowledge Base Article 954960 cannot be uninstalled through Add or Remove Programs. Customers who wish to remove this update must uninstall Windows Server Update Services as detailed in Microsoft Knowledge Base Article 954960.

http://www.microsoft.com/technet/security/advisory/954960.mspx

Microsoft Security Advisory (953839)
Cumulative Security Update of ActiveX Kill Bits
Published: August 12, 2008

Microsoft is releasing a new set of ActiveX kill bits with this advisory.

The update includes kill bits for the following third-party software:

• Aurigma Image Uploader. Aurigma has issued an advisory and an update that addresses vulnerabilities. Please see the advisory from Aurigma for more information. These kill bits are being set at the request of the owner of the ActiveX control. Customers who require support should contact Aurigma. The class identifiers (CLSIDs) for this ActiveX control are as listed in the Frequently Asked Questions section of this advisory.

• HP Instant Support. HP has issued an advisory and an update that addresses vulnerabilities. Please see the advisory from HP for more information and download locations. This kill bits are being set at the request of the owner of the ActiveX control. Customers who require support should contact HP. The class identifiers (CLSIDs) for this ActiveX control are as listed in the Frequently Asked Questions section of this advisory.


For more information about installing this update, see Microsoft Knowledge Base Article 953839.

http://support.microsoft.com/kb/953839

Microsoft Security Bulletin Minor Revisions- August 12, 2008

********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: August 12, 2008
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS08-040 - Important
* MS08-033 - Critical

Bulletin Information:
=====================

* MS08-040 - Important

http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx

- Reason for Revision: V1.6 (August 12, 2008 Added entry to the
Frequently Asked Questions (FAQ) Related to This Security
Update to communicate a change in the installation code for
the security update for SQL Server 2005 Service Pack 2. This
is an installation code change only. There were no changes to
the security update binaries.
- Originally posted: July 8, 2008
- Updated: August 12, 2008
- Bulletin Severity Rating: Important
- Version: 1.6

* MS08-033 - Critical

http://www.microsoft.com/technet/security/bulletin/ms08-033.mspx

- Reason for Revision: V2.1 (August 12, 2008 Added known issues
link. Also added an entry to the section, Frequently Asked
Questions (FAQ) Related to this Security Update, about the
known issues and solutions. The solutions include a change to
Microsoft Baseline Security Analyzer (MBSA) 2.1 to correctly
detect this update.
- Originally posted: June 10, 2008
- Updated: August 12, 2008- Bulletin Severity Rating: Critical
- Version: 2.1


* Microsoft Security Advisory (954960)-

Title: Microsoft Windows Server Update Services
(WSUS) Blocked from Deploying Security Updates

http://www.microsoft.com/technet/security/advisory/954960.mspx

- Revision Note: August 12, 2008:
Added entry to the section,
Frequently Asked Questions (FAQ) Related to This Security
Update to communicate that the re-release of the update to
fix a known installation issue with Windows Server 2008
systems is now available via Microsoft Update.

Microsoft Security Bulletin Minor Revisions
Issued:
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS08-045 - Critical
* MS08-043 - Critical
* MS07-068 - Critical

Bulletin Information:
=====================

* MS08-045 - Critical

http://www.microsoft.com/technet/security/bulletin/ms08-045.mspx

- Reason for Revision: V1.1 (August 20, 2008 Corrected a registry
key verification entry for Windows XP and added a mitigating
factor for CVE-2008-2256.
- Originally posted: August 12, 2008
- Updated: August 20, 2008
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS08-043 - Critical

http://www.microsoft.com/technet/security/bulletin/ms08-043.mspx

- Reason for Revision: V1.2 (August 20, 2008 Added note to the
Affected Software table and a FAQ entry to clarify that this
update applies to servers that have Excel Services installed,
such as the default configuration of Microsoft Office
SharePoint Server 2007 Enterprise and Microsoft Office
SharePoint Server 2007 For Internet Sites. Microsoft Office
SharePoint Server 2007 Standard does not include Excel
Services.
- Originally posted: August 12, 2008
- Updated: August 20, 2008
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS07-068 - Critical

http://www.microsoft.com/technet/security/bulletin/ms07-068.mspx
- Reason for Revision: V2.2 (August 20, 2008 Bulletin updated to
change Windows Media Format Runtime 9 to a non-affected
component for Windows XP Service Pack 3.
- Originally posted: December 11, 2007
- Updated: August 20, 2008
- Bulletin Severity Rating: Critical
- Version: 2.2

Security Update for Internet Explorer 7 for Windows XP (KB938127)
Brief Description
A security issue has been identified in the way Vector Markup Language (VML) is handled that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it. You can help protect your computer by installing this update from Microsoft

Quick Details
File Name: IE7-WindowsXP-KB938127-v2-x86-ENU.exe
Version: 938127
Security Bulletins: MS07-050
Knowledge Base (KB) Articles: KB938127
Date Published: 8/25/2008

Overview
A security issue has been identified in the way Vector Markup Language (VML) is handled that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it. You can help protect your computer by installing this update from Microsoft.

http://www.microsoft.com/technet/security/bulletin/ms07-050.mspx


http://www.microsoft.com/downloads/details.aspx?FamilyId=9F5DA816-194C-478E-8A96-9421A0C52C9F&displaylang=en

Microsoft Security Bulletin MS08-052 – Critical
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
Published: September 9, 2008 | Updated: September 12, 2008

Version: 2.0

General Information
Executive Summary
This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008, Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4, Microsoft Digital Image Suite 2006, SQL Server 2000 Reporting Services Service Pack 2, all supported editions of SQL Server 2005, Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package, and Microsoft Report Viewer 2008 Redistributable Package.

This security update is rated Important for all supported editions of Microsoft Office XP; Microsoft Office 2003; all Office Viewer software for Microsoft Office 2003; 2007 Microsoft Office System; all Office Viewer software for 2007 Microsoft Office System; Microsoft Visio 2002; Microsoft Office PowerPoint Viewer 2003; Microsoft Works 8; and Microsoft Forefront Client Security 1.0. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerabilities by modifying the way that GDI+ handles viewing malformed images. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation. Microsoft recommends that customers apply the update immediately.


Revisions
• V1.0 (September 9, 2008): Bulletin published.

• V2.0 (September 12, 2008): Bulletin updated to add Microsoft Office Project 2002 Service Pack 2, all Office Viewer software for Microsoft Office 2003, and all Office Viewer software for 2007 Microsoft Office System as Affected Software. Details for this bulletin revision are provided in the "Why was this bulletin revised on September 12, 2008?"

http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx

Title: Microsoft Security Bulletin Major Revisions
Issued: September 15, 2008
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS08-054 - Critical
* MS08-053 - Critical

Bulletin Information:
=====================

* MS08-054 - Critical

http://www.microsoft.com/technet/security/bulletin/ms08-054.mspx
- Reason for Revision: V2.0 (September 15, 2008): Added entry to
the Frequently Asked Questions (FAQ) Related to This Security
Update section to communicate the re-release of the Norwegian
language update for Windows Media Player 11 on all supported
32-bit editions of Windows XP. Customers who require the
Norwegian language update need to download and install the
re-released update. Also removed an erroneous entry from the
Non-Affected software table.
- Originally posted: September 9, 2008
- Updated: September 15, 2008
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS08-053 - Critical

http://www.microsoft.com/technet/security/bulletin/ms08-053.mspx
- Reason for Revision: V2.0 (September 15, 2008): Added entry to
the Frequently Asked Questions (FAQ) Related to This Security
Update section to communicate the re-release of the Norwegian
language update for Windows Media Encoder 9 Series running on
Microsoft Windows 2000 Service Pack 4, Windows Media Encoder
9 Series running on Windows XP Service Pack 2 and Windows XP
Service Pack 3, and Windows Media Encoder 9 Series running on
Windows Server 2003 Service Pack 1 and Windows Server 2003
Service Pack 2. Customers who require the Norwegian language
updates need to download and install the re-released updates.
- Originally posted: September 9, 2008
- Updated: September 15, 2008
- Bulletin Severity Rating: Critical
- Version: 2.0

Microsoft Security Advisory Notification - October 14, 2008

************************************************
Title: Microsoft Security Advisory Notification
Issued: October 14, 2008
************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (956391)
- Title: Cumulative Security Update of ActiveX Kill Bits
http://www.microsoft.com/technet/security/advisory/956391.mspx

- Revision Note: Advisory Published.

Microsoft Security Bulletin MS08-041 – Critical
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
Published: August 12, 2008 | Updated: October 14, 2008

General Information

Executive Summary
This security update resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

This security update is rated Critical for the Snapshot Viewer for Microsoft Access and for supported versions of Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003.

The security update addresses the vulnerability by correcting an error in the Microsoft Access Snapshot Viewer control. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 955179.

Recommendation. Microsoft recommends that customers apply the update immediately.

Known Issues. None


http://www.microsoft.com/technet/security/bulletin/ms08-041.mspx

Microsoft Security Advisory (958963)
Exploit Code Published Affecting the Server Service
Published: October 27, 2008


Microsoft is aware that detailed exploit code demonstrating code execution has been published on the Internet for the vulnerability that is addressed by security update MS08-067. This exploit code demonstrates code execution on Windows 2000, Windows XP, and Windows Server 2003. Microsoft is aware of limited, targeted active attacks that use this exploit code. At this time, there are no self-replicating attacks associated with this vulnerability. Microsoft has activated its Software Security Incident Response Process (SSIRP) and is continuing to investigate this issue.
http://www.microsoft.com/technet/security/advisory/958963.mspx

Update for Windows XP (KB959252)
Brief Description
Install this update to resolve an issue in which you receive a 0x0000008e Stop error after you install security update KB954211 (MS08-061).

http://www.microsoft.com/downloads/details.aspx?familyid=ec4b7d80-79b6-4035-92a3-3992a9e09718&displaylang=en&tm

Microsoft Security Bulletin Minor Revisions - November 25, 2

********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: November 25, 2008
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS07-068 - Critical
* MS06-078

Bulletin Information:
=====================

* MS07-068 - Critical

http://www.microsoft.com/technet/security/bulletin/ms07-068.mspx

- Reason for Revision: V2.3 (November 25, 2008): Bulletin updated
to correct the filename of wwmasf.dll to wmasf.dll in the
file information for Windows Media Format 9.5 Runtime for
Windows Server 2003 x64 Edition.
- Originally posted: December 11, 2007
- Updated: November 25, 2008
- Bulletin Severity Rating: Critical
- Version: 2.3

* MS06-078
http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx

- Reason for Revision: V6.1 (November 25, 2008): Bulletin updated
to correct the filename, Wwmvcore.dll, to Wmvcore.dll for
file information for Windows Media Format 9.5 Series Runtime
on Windows XP Professional x64 Edition and Windows Server
2003 x64 Edition.
- Originally posted: December 12, 2006
- Updated: November 25, 2008
- Bulletin Severity Rating: Critical
- Version: 6.1

Microsoft Security Advisory Notification - November 25, 2008

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: November 25, 2008
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (953839)
- Title: Cumulative Security Update of ActiveX Kill Bits
http://www.microsoft.com/technet/security/advisory/953839.mspx
- Revision Note: November 25, 2008: Added an entry to
Frequently Asked Questions to communicate that users with
Windows Server 2008 Server Core installation will still be
offered but do not need to install this update.

Microsoft Security Advisory (960906)
Vulnerability in WordPad Text Converter Could Allow Remote Code Execution
Published: December 9, 2008

Microsoft is investigating new reports of a vulnerability in the WordPad Text Converter for Word 97 files on Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Windows XP Service Pack 3, Windows Vista, and Windows Server 2008 are not affected as these operating systems do not contain the vulnerable code.

Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. Additionally, as the issue has not been publicly disclosed broadly, we believe the risk at this time to be limited.

We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.

Customers who believe that they have been attacked can obtain security support at Get security support and should contact the national law enforcement agency in their country. Customers in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at Internet Crime Complaint Center.

Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.

Mitigating Factors:

• This issue does not affect Windows XP Service Pack 3, Windows Vista, and Windows Server 2008.

• An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

• The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message.

• When Microsoft Office Word is installed, Word 97 documents are by default opened using Microsoft Office Word, which is not affected by this vulnerability. However, an attacker could rename a malicious file to have a Windows Write (.wri) extension, which would still invoke WordPad. This file type can be blocked at the Internet perimeter.
http://www.microsoft.com/technet/security/advisory/960906.mspx

Microsoft Security Bulletin MS08-052 – Critical
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
Published: September 9, 2008 | Updated: December 9, 2008

Revisions
• V1.0 (September 9, 2008 Bulletin published.

• V2.0 (September 12, 2008 Bulletin updated to add Microsoft Office Project 2002 Service Pack 2, all Office Viewer software for Microsoft Office 2003, and all Office Viewer software for 2007 Microsoft Office System as Affected Software. Details for this bulletin revision are provided in the "Why was this bulletin revised on September 12, 2008?" entry in the Frequently Asked Questions (FAQ) Related to this Security Update section.

• V2.1 (September 17, 2008 Changed references to Microsoft Office Project 2002 Service Pack 2 as affected software to Microsoft Office Project 2002 Service Pack 1. This is a name change only. There were no changes to the binaries or detection.

• V2.2 (October 29, 2008 Added an FAQ entry concerning a printing issue with Microsoft SQL Server 2005 Reporting Services and removed Visio Viewer from Affected Software, including other minor changes. For more details, please see the entry in the Frequently Asked Questions (FAQ) Related to this Security Update section.

• V3.0 (December 9, 2008 Added Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1, Microsoft Expression Web and Microsoft Expression Web 2, and Microsoft Office Groove 2007 and Microsoft Office Groove 2007 Service Pack 1 as Affected Software. Also detailed a detection change for Microsoft SQL Server 2005 Service Pack 2 in the "Why was this bulletin revised on December 9, 2008?" entry in the Frequently Asked Questions (FAQ) Related to this Security Update section.

http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx

Microsoft Security Advisory (961051)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: December 10, 2008

Microsoft is investigating new public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.

At this time, we are aware only of limited attacks that attempt to use this vulnerability. Our investigation of these attacks so far has verified that they are not successful against customers who have applied the workarounds listed in this advisory. Additionally, there are mitigations that increase the difficulty of exploiting this vulnerability.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we’re actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.

We are actively investigating the vulnerability these attacks attempt to exploit. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.

Mitigating Factors:

• Protected Mode in Internet Explorer 7 in Windows Vista limits the impact of the vulnerability.

• By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See the FAQ subsection of this vulnerability section for more information about Internet Explorer Enhanced Security Configuration.

• An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

• Currently known attacks cannot exploit this issue automatically through e-mail.

http://www.microsoft.com/technet/security/advisory/961051.mspx

Microsoft Security Advisory (961051)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: December 10, 2008 | Updated: December 17, 2008


Revisions:

• December 10, 2008: Advisory published

• December 11, 2008: Revised to include Microsoft Internet Explorer 5.01 Service Pack 4, Internet Explorer 6 Service Pack 1, Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 as potentially vulnerable software. Also added more workarounds.

• December 12, 2008: Revised to correct operating systems that support Windows Internet Explorer 8 Beta 2. Also added more workarounds and a reference to Microsoft Security Advisory (954462).

• December 13, 2008: Revised to add the workaround, Disable XML Island functionality. Also, in a FAQ entry, clarified the list of recommended workarounds and added the blog post URL for recommended workarounds.

• December 15, 2008: Updated the workarounds, DisableXMLIsland functionality and Disable Row Position functionality of OLEDB32.dll.

• December 17, 2008: Advisory updated to reflect publication of security bulletin.

http://www.microsoft.com/technet/security/advisory/961051.mspx

Microsoft Security Bulletin Minor Revisions - Dec. 17, 2008

**************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: December 17, 2008
**************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS08-072 - Critical
* MS08-069 - Critical

Bulletin Information:
=====================

* MS08-072 - Critical
http://www.microsoft.com/technet/security/bulletin/ms08-072.mspx

- Reason for Revision: V1.1 (December 17, 2008): Changed the
Microsoft Baseline Security Analyzer deployment summary to
"no" for Microsoft Office Word 2000 Service Pack 3 in the
Detection and Deployment Tools and Guidance section. Also,
revised the bulletins replaced by this update for Microsoft
Office Outlook 2007 and Microsoft Office Outlook 2007 Service
Pack 1 in the Affected Software table. There were no changes
to the security update binaries.
- Originally posted: December 9, 2008
- Updated: December 17, 2008
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS08-069 - Critical
http://www.microsoft.com/technet/security/bulletin/ms08-069.mspx

- Reason for Revision: V1.2 (December 17, 2008): Added log file
entries in the Security Update Deployment section Reference
table for Microsoft XML Core Services 6.0 when installed on
Windows Server 2003 Service Pack 1, Windows Server 2003
Service Pack 2, Windows Server 2003 x64 Edition, and Windows
Server 2003 x64 Edition Service Pack 2.
- Originally posted: November 11, 2008
- Updated: December 17, 2008
- Bulletin Severity Rating: Critical
- Version: 1.2

********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: January 13, 2009
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS08-076 - Important
* MS08-072 - Critical

Bulletin Information:
=====================

* MS08-076 - Important

http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx

- Reason for Revision: V3.0 (January 13, 2009): Added entry to the
Frequently Asked Questions (FAQ) Related to This Security
Update section explaining that Microsoft has re-released the
update packages for Windows Media Format Runtime 9.5 on
Windows XP Service Pack 2 (KB952069) and on Windows XP
Service Pack 3 (KB952069). Customers running all other
supported and affected versions of Windows Media components
who have already applied the original security update
packages do not need to take any further action. Also, listed
Windows Media Player 6.4 and Windows Media Services 4.1 as
affected on all editions of Microsoft Windows 2000 Service
Pack 4; customers who were offered but have not applied this
update, KB954600 for Windows Media Player 6.4, or KB952068
for Windows Media Services 4.1, need to do so.
- Originally posted: December 9, 2008
- Updated: January 13, 2009
- Bulletin Severity Rating: Important
- Version: 3.0

* MS08-072 - Critical
http://www.microsoft.com/technet/security/bulletin/ms08-072.mspx

- Reason for Revision: V2.0 (January 13, 2009): Added Microsoft
Office Word Viewer to Affected Software table. Also, added an
entry to the section, Frequently Asked Questions (FAQ)
Related to This Security Update, explaining Microsoft Office
Word Viewer. There were no changes to the security update
binaries or detection. Customers with Microsoft Office Word
Viewer who have successfully installed security update
KB956366 do not need to reinstall.
- Originally posted: December 9, 2008
- Updated: January 13, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

Microsoft Security Bulletin Minor Revisions - Jan. 13, 2009

**************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: January 13, 2009
**************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS08-066 - Important
* MS08-037 - Important

Bulletin Information:
=====================

* MS08-066 - Important

http://www.microsoft.com/technet/security/bulletin/ms08-066.mspx

- Reason for Revision: V1.1 (January 13, 2009): Added an entry to
the section, Frequently Asked Questions (FAQ) Related to this
Security Update, explaining this revision as a detection
change for this security update. The corrected detection
offers the security update to affected systems that
previously were not offered this security update. Customers
who have successfully updated their systems do not need to
reinstall this update.
- Originally posted: October 14, 2008
- Updated: January 13, 2009
- Bulletin Severity Rating: Important
- Version: 1.1

* MS08-037 - Important

http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx

- Reason for Revision: V2.3 (January 13, 2009): Added a new entry
to the Frequently Asked Questions (FAQ) Related to This
Security Update section to communicate the fix to a detection
and deployment issue with Windows XP Service Pack 3. There
were no changes to the binaries or packages for this update.
Customers who have successfully updated their systems do not
need to reinstall this update.
- Originally posted: July 8, 2008
- Updated: January 13, 2009
- Bulletin Severity Rating: Important
- Version: 2.3

********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: January 21, 2009
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS05-022

Bulletin Information:
=====================

* MS05-022 - Critical

http://www.microsoft.com/technet/security/bulletin/ms05-022.mspx

- Reason for Revision: V2.0 (January 21, 2009): Bulletin updated.
Replaced the download link for MSN Messenger 6.2 with the
bulletin link to MS07-054. Users may either use the specific
download link in MS07-054 to upgrade, or log on to MSN Messenger
service to accept the required upgrade.
- Originally posted: April 12, 2005
- Updated: January 21, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0


Microsoft Security Bulletin Minor Revisions - Jan. 21, 2009

**************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: January 21, 2009
**************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS08-040 - Important
Bulletin Information:
=====================

* MS08-040 - Important
http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx

- Reason for Revision: V1.7 (January 21, 2009): Listed Microsoft
SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 3a, a
component of Application Center 2000 Service Pack 2, as
non-affected software.
- Originally posted: July 8, 2008
- Updated: January 21, 2009
- Bulletin Severity Rating: Important
- Version: 1.7

********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: January 28, 2009
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS08-074 - Critical

Bulletin Information:
=====================

* MS08-074 - Critical
http://www.microsoft.com/technet/security/bulletin/ms08-074.mspx

- Reason for Revision: V2.0 (January 28, 2009): Added a footnote to
the Affected Software table and two entries to the section,
Frequently Asked Questions (FAQ) Related to this Security
Update, pertaining to security updates KB958437 and KB958439
for supported versions of Microsoft Office Excel 2007. There
were no changes to the security update binaries or detection.
Customers with Microsoft Office Excel 2007 or Microsoft
Office Excel 2007 Service Pack 1 who have already
successfully installed KB958437 and KB958439 do not need to reinstall.
- Originally posted: December 9, 2008
- Updated: January 28, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

Microsoft Security Bulletin Re-Releases - Feb. 16, 2009

**********************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: February 16, 2009
**********************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-003 - Critical

Bulletin Information:
=====================

* MS09-003 - Critical
http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx

- Reason for Revision: V2.0 (February 16, 2009): Added the
Microsoft Exchange Server MAPI Client as affected software.
Also, added several entries to the section, Frequently Asked
Questions (FAQ) Related to This Security Update, relating to
updating the MAPI Client and the Exchange System Management
tools. No other update packages are affected by this
re-release. Customers running all other supported and
affected versions of Microsoft Exchange Server who have
already successfully applied the original security update
packages do not need to take any further action.
- Originally posted: February 10, 2009
- Updated: February 16, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

Microsoft Security Bulletin Minor Revisions - Feb 16, 2009

**************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: February 16, 2009
**************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-002 - Critical

Bulletin Information:
=====================

* MS09-002 - Critical

http://www.microsoft.com/technet/security/bulletin/ms09-002.mspx
- Reason for Revision: V1.1 (February 16, 2009): Added a link to
Microsoft Knowledge Base Article 961260 under Known Issues in
the Executive Summary.
- Originally posted: February 10, 2009
- Updated: February 16, 2009
- Bulletin Severity Rating: Critical
- Version: 1.1

Microsoft Security Advisory (967940)
Update for Windows Autorun
Published: February 24, 2009

Microsoft is announcing the availability of an update that corrects a functionality feature that can help customers in keeping their systems protected. The update corrects an issue that prevents the NoDriveTypeAutoRun registry key from functioning as expected.

When functioning as expected, the NoDriveTypeAutoRun registry key can be used to selectively disable Autorun functionality (e.g. AutoPlay, double click, and contextual menu features associated with Autorun) for drives on a user's system and network. Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file.

We encourage Windows customers to review and install this update. This update is available through automatic updating and from the download center. For more information about this issue, including download links for this non-security update, see Microsoft Knowledge Base Article 967715.
http://www.microsoft.com/technet/security/advisory/967940.mspx

Microsoft Security Advisory (968272)
Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution
Published: February 24, 2009

Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) program to provide information that they can use to provide broader protections to customers.

Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.

International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

Mitigating Factors:

• An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

• In a Web-based attack scenario, an attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.

• The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.

• Users who have installed and are using the Office Document Open Confirmation Tool for Office 2000 will be prompted with Open, Save, or Cancel before opening a document.

http://www.microsoft.com/technet/security/advisory/968272.mspx

Microsoft Security Advisory (967940)

Update for Windows Autorun

Published: February 24, 2009

Microsoft is announcing the availability of an update that corrects a functionality feature that can help customers in keeping their systems protected. The update corrects an issue that prevents the NoDriveTypeAutoRun registry key from functioning as expected.

When functioning as expected, the NoDriveTypeAutoRun registry key can be used to selectively disable Autorun functionality (e.g. AutoPlay, double click, and contextual menu features associated with Autorun) for drives on a user's system and network. Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file.

We encourage Windows customers to review and install this update. This update is available through automatic updating and from the download center. For more information about this issue, including download links for this non-security update, see Microsoft Knowledge Base Article 967715.

http://www.microsoft.com/technet/security/advisory/967940.mspx

Microsoft Security Bulletin Minor Revisions - Mar. 11, 2009

**************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: March 11, 2009
**************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-008 - Important

Bulletin Information:
=====================

* MS09-008 - Important

http://www.microsoft.com/technet/security/bulletin/ms09-008.mspx

- Reason for Revision: V1.1 (March 11, 2009): Clarified that
CVE-2009-0093 does not apply to supported editions of Windows
Server 2008. Added a link to Microsoft Knowledge Base Article
962238 under Known Issues in the Executive Summary. Clarified
what systems are primarily at risk for CVE-2009-2033.
Finally, updated a finder acknowledgment for CVE-2009-0233
and CVE-2009-0234.
- Originally posted: March 10, 2009
- Updated: March 11, 2009
- Bulletin Severity Rating: Important
- Version: 1.1

Microsoft Security Advisory Notification - March 11, 2009

***********************************************
Title: Microsoft Security Advisory Notification
Issued: March 11, 2009
***********************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (953839)
- Title: Update Rollup for ActiveX Kill Bits

http://www.microsoft.com/technet/security/advisory/953839.mspx
- Revision Note: March 11, 2009: Added an entry to Frequently
Asked Questions to communicate that for the purpose of
automatic updating, this update does not replace the
Cumulative Security Update of ActiveX Kill Bits (950760) that
is described in Microsoft Security Bulletin MS08-032.

Microsoft Security Bulletin Minor Revisions - Apr 2, 2009

********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: April 2, 2009
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS08-032 - Moderate

Bulletin Information:
=====================

* MS08-032 - Moderate


http://www.microsoft.com/technet/security/bulletin/ms08-032.mspx
- Reason for Revision: V1.1 (April 1, 2009): Clarified in
footnotes under the Affected Software and Severity Ratings
tables that Windows Server 2008 server core installations are
not affected by the vulnerability discussed in this bulletin,
but will still be offered this update. Added an entry in the
section, Frequently Asked Questions (FAQ) Related to This
Security Update, to reiterate that such installations do not
need to install this update.
- Originally posted: June 10, 2008
- Updated: April 1, 2009
- Bulletin Severity Rating: Moderate
- Version: 1.1

Microsoft Security Advisory Notification - April 14, 2009

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: April 14, 2009
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (968272)
- Title: Vulnerability in Microsoft Office Excel
Could Allow Remote Code Execution
- Revision Note: V3.0 (April 14, 2009) Advisory updated to
reflect publication of security bulletin.
http://www.microsoft.com/technet/security/advisory/968272.mspx

* Microsoft Security Advisory (960906)
- Title: Vulnerability in WordPad Text Converter
Could Allow Remote Code Execution
- Revision Note: V2.0 (April 14, 2009): Advisory updated to
reflect publication of security bulletin.
http://www.microsoft.com/technet/security/advisory/960906.mspx

* Microsoft Security Advisory (953818)
- Title: Blended Threat from Combined Attack Using
Apple's Safari on the Windows Platform
- Revision Note: V2.0 (April 14, 2009): Added references and
links to MS09-014 and MS09-015, which address the issue in
this advisory.
http://www.microsoft.com/technet/security/advisory/953818.mspx

* Microsoft Security Advisory (951306)
- Title: Vulnerability in Windows Could Allow
Elevation of Privilege Revision Note: V3.0 (April 14, 2009): Advisory updated to
reflect publication of security bulletin.
http://www.microsoft.com/technet/security/advisory/951306.mspx

*Microsoft Security Bulletin Minor Revisions - Apr. 29, 2009


MS09-012 - Important

http://www.microsoft.com/technet/security/bulletin/ms09-012.mspx

- Reason for Revision: V2.0 (April 29, 2009): Added an entry to the
section, Frequently Asked Questions (FAQ) Related to This
Security Update to communicate the rerelease of the
Norwegian-language update for Microsoft Windows 2000 Service
Pack 4 (KB952004). Customers who require the
Norwegian-language update need to download and install the
rereleased update. No other updates or locales are affected
by this rerelease.
- Originally posted: April 14, 2009
- Updated: April 29, 2009
- Bulletin Severity Rating: Important
- Version: 2.0

* MS08-076 - Important

http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx
- Reason for Revision: V4.0 (April 29, 2009): Added Windows Media
Services 2008 (KB952068) on 32-bit and x64-based editions of
Windows Server 2008 Service Pack 2 as affected software.
Also, added Windows Server 2008 for Itanium-based Systems
Service Pack 2 as non-affected software. This is a detection
change only; there were no changes to the binaries. Customers
who have already successfully installed KB952068 do not need
to reinstall.
- Originally posted: December 9, 2008
- Updated: April 29, 2009
- Bulletin Severity Rating: Important
- Version: 4.0

* MS08-069 - Critical

http://www.microsoft.com/technet/security/bulletin/ms08-069.mspx
- Reason for Revision: V2.0 (April 29, 2009): Added Microsoft XML
Core Services 4.0 (KB954430) on 32-bit and x64-based editions
of Windows Vista Service Pack 2 and on 32-bit, x64-based, and
Itanium-based editions of Windows Server 2008 Service Pack 2
as affected software. Also added as non-affected software:
Microsoft XML Core Services 3.0 and Microsoft XML Core
Services 6.0 on 32-bit and x64-based editions of Windows
Vista Service Pack 2 and on 32-bit, x64-based, and
Itanium-based editions of Windows Server 2008 Service Pack 2.
This is a detection change only; there were no changes to the
binaries. Customers who have already successfully installed
KB954430 do not need to reinstall.
- Originally posted: November 11, 2008
- Updated: April 29, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

MS09-013 - Critical

Bulletin Information:

* MS09-013 - Critical

http://www.microsoft.com/technet/security/bulletin/ms09-013.mspx
- Reason for Revision: V1.1 (April 29, 2009): Added entry to the
section, Frequently Asked Questions (FAQ) Related to This
Security Update, to communicate that the Known issues with
this security update section in the associated Microsoft
Knowledge Base Article 960803 has been updated. This is an
informational change only.
- Originally posted: April 14, 2009
- Updated: April 29, 2009
- Bulletin Severity Rating: Critical
- Version: 1.1

Microsoft Security Bulletin Minor Revisions - May 26, 2009

Title: Microsoft Security Bulletin Minor Revisions
Issued: May 26, 2009

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS07-026

Bulletin Information:
=====================

* MS07-026

http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx
- Reason for Revision: V1.1 (May 26, 2009): Added an entry in the
section, Frequently Asked Questions (FAQ) Related to This
Security Update, to announce a detection change. The
detection no longer offers the MS06-019 and MS06-029 updates,
but instead will only offer MS07-026. There were no changes
to the binaries. Customers who have already successfully
installed the MS07-026 update do not need to reinstall.
- Originally posted: May 8, 2007
- Updated: May 26, 2009
- Bulletin Severity Rating: Critical
- Version: 1.1

Microsoft Security Bulletin Major Revision - May 26, 2009

Title: Microsoft Security Bulletin Major Revision
Issued: May 26, 2009

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-003 - Critical

Bulletin Information:
=====================

* MS09-003 - Critical


http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx

- Reason for Revision: V3.0 (May 26, 2009): Added an entry in the
section, Frequently Asked Questions (FAQ) Related to This
Security Update, to announce a detection change to the update
for Microsoft Exchange Server 2003 Service Pack 2 (KB959897).
This is a detection change only. There were no changes to the
security update files in this bulletin. Customers who have
already installed the KB959897 update successfully do not
need to reinstall.
- Originally posted: February 10, 2009
- Updated: May 26, 2009
- Bulletin Severity Rating: Critical
- Version: 3.0

Microsoft Security Advisory (971888)
Update for DNS Devolution
Published: June 9, 2009

Version: 1.0

Microsoft is announcing the availability of an update to DNS devolution that can help customers in keeping their systems protected. Customers whose domain name has three or more labels, such as "contoso.co.us", or who do not have a DNS suffix list configured, or for whom the following mitigating factors do not apply may inadvertently be allowing client systems to treat systems outside of the organizational boundary as though they were internal to the organization's boundary.

Mitigating Factors:

• Customers who are joined to a domain and have a DNS suffix search list configured on their system are not at risk of inadvertently treating external systems as though they were internal. Microsoft encourages all enterprise customers to set DNS suffix search lists on client systems in order to ensure all DNS queries stay within organizational boundaries.

• In most cases, home users who are not members of a domain do not use DNS devolution and therefore are not exposed to this risk. Home users who are not members of a domain but have configured a primary DNS suffix, however, do use DNS devolution and are at risk of inadvertently treating external systems as though they were internal.

• Customers whose DNS domain name consists of two labels are not exposed to this risk. An example of a customer who is not affected is contoso.com or fabrikam.gov, where "contoso" and "fabrikam" are customer registered domain names under their respective ".com" and ".gov" top-level domains (TLDs).

http://www.microsoft.com/technet/security/advisory/971888.mspx

Microsoft Security Bulletin Major Revisions - July 1, 2009

Title: Microsoft Security Bulletin Major Revisions
Issued: July 1, 2009

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS03-011
* MS02-069
* MS02-052
* MS02-013
* MS00-081
* MS00-075
* MS00-059
* MS00-011
* MS99-045
* MS99-031

Bulletin Information:

* MS03-011

http://www.microsoft.com/technet/security/bulletin/ms03-011.mspx
- Reason for Revision: V2.0 (July 1, 2009): Removed download
information because Microsoft Java Virtual Machine is no
longer available for distribution from Microsoft. For more
information, see Patch availability.
- Originally posted:
- Updated: July 1, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS02-069


http://www.microsoft.com/technet/security/bulletin/ms02-069.mspx
- Reason for Revision: V2.0 (July 1, 2009): Removed download
information because Microsoft Java Virtual Machine is no
longer available for distribution from Microsoft. For more
information, see Patch availability.
- Originally posted:
- Updated: July 1, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS02-052


http://www.microsoft.com/technet/security/bulletin/ms02-052.mspx
- Reason for Revision: V2.0 (July 1, 2009): Removed download
information because Microsoft Java Virtual Machine is no
longer available for distribution from Microsoft. For more
information, see Patch availability.
- Originally posted:
- Updated: July 1, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS02-013


http://www.microsoft.com/technet/security/bulletin/ms02-013.mspx
- Reason for Revision: V3.0 (July 1, 2009): Removed download
information because Microsoft Java Virtual Machine is no
longer available for distribution from Microsoft. For more
information, see Patch availability.
- Originally posted:
- Updated: July 1, 2009
- Bulletin Severity Rating: Critical
- Version: 3.0

* (MS00-081)


http://www.microsoft.com/technet/security/bulletin/ms00-081.mspx
- Reason for Revision: V2.0 (July 1, 2009): Removed download
information because Microsoft Java Virtual Machine is no
longer available for distribution from Microsoft. For more
information, see Patch availability.
- Originally posted:
- Updated: July 1, 2009
- Bulletin Severity Rating:
- Version: 2.0

* (MS00-075)


http://www.microsoft.com/technet/security/bulletin/ms00-075.mspx
- Reason for Revision: V2.0 (July 1, 2009): Removed download
information because Microsoft Java Virtual Machine is no
longer available for distribution from Microsoft. For more
information, see Patch availability.
- Originally posted:
- Updated: July 1, 2009
- Bulletin Severity Rating:
- Version: 2.0

* (MS00-059)

http://www.microsoft.com/technet/security/bulletin/ms00-059.mspx
- Reason for Revision: V2.0 (July 1, 2009): Removed download
information because Microsoft Java Virtual Machine is no
longer available for distribution from Microsoft. For more
information, see Patch availability.
- Originally posted:
- Updated: July 1, 2009
- Bulletin Severity Rating:
- Version: 2.0

* (MS00-011)

http://www.microsoft.com/technet/security/bulletin/ms00-011.mspx
- Reason for Revision: V3.0 (July 1, 2009): Removed download
information because Microsoft Java Virtual Machine is no
longer available for distribution from Microsoft. For more
information, see Patch Availability.
- Originally posted:
- Updated: July 1, 2009
- Bulletin Severity Rating:
- Version: 3.0

* (MS99-045)

http://www.microsoft.com/technet/security/bulletin/ms99-045.mspx
- Reason for Revision: V3.0 (July 1, 2009): Removed download
information because Microsoft Java Virtual Machine is no
longer available for distribution from Microsoft. For more
information, see Patch Availability.
- Originally posted:
- Updated: July 1, 2009
- Bulletin Severity Rating:
- Version: 3.0

* (MS99-031

http://www.microsoft.com/technet/security/bulletin/ms99-031.mspx
Reason for Revision: V3.0 (July 1, 2009): Removed download
information because Microsoft Java Virtual Machine is no
longer available for distribution from Microsoft. For more
information, see New Version Availability.
- Originally posted:
- Updated: July 1, 2009
- Bulletin Severity Rating:
- Version: 3.0

Microsoft Security Bulletin Minor Revisions - July 23, 2009

Title: Microsoft Security Bulletin Minor Revisions
Issued: July 23, 2009

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-032 - Critical
* MS09-016 - Important

Bulletin Information:


* MS09-032 - Critical-
Reason for Revision: V1.2 (July 23, 2009): Clarified the FAQ
about Microsoft-specific kill bits contained in this update.
- Originally posted: July 14, 2009
- Updated: July 23, 2009
- Bulletin Severity Rating: Critical
- Version: 1.2
http://www.microsoft.com/technet/security/bulletin/ms09-032.mspx


* MS09-016 - Important

- Reason for Revision: V1.2 (July 23, 2009): Added a link to
Microsoft Knowledge Base Article 961759 under Known Issues in
the Executive Summary.
- Originally posted: April 14, 2009
- Updated: July 23, 2009
- Bulletin Severity Rating: Important
- Version: 1.2
http://www.microsoft.com/technet/security/bulletin/ms09-016.mspx

Microsoft Security Advisory (973472)
Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
Published: July 13, 2009 | Updated: July 23, 2009

http://www.microsoft.com/technet/security/advisory/973472.mspx

Microsoft Security Advisory (973811)
Extended Protection for Authentication
Published: August 11, 2009

Version: 1.0

Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Windows platform. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA).

The update itself does not directly provide protection against specific attacks such as credential forwarding, but allows applications to opt-in to Extended Protection for Authentication. This advisory briefs developers and system administrators on this new functionality and how it can be deployed to help protect authentication credentials.

Mitigating Factors:

• Internet Explorer will never send credentials automatically to servers hosted in the Internet zone. This reduces the risk that credentials can be forwarded by an attacker within this zone.

• Applications that use session signing and encryption (such as remote procedure call (RPC) with privacy and integrity, or server message block (SMB) with signing enabled) are not affected by credential forwarding.

http://www.microsoft.com/technet/security/advisory/973811.mspx

Microsoft Security Bulletin Minor Revisions - Aug. 12, 2009

Title: Microsoft Security Bulletin Minor Revisions
Issued: August 12, 2009

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-043 - Critical
* MS09-042 - Important
* MS09-039 - Critical
* MS09-037 - Critical
* MS09-035 - Moderate

Bulletin Information:

* MS09-043 - Critical
http://www.microsoft.com/technet/security/bulletin/ms09-043.mspx

* MS09-042 - Important
http://www.microsoft.com/technet/security/bulletin/ms09-042.mspx

MS09-037 - Critical
http://www.microsoft.com/technet/security/bulletin/ms09-037.mspx

* MS09-035 - Moderate
http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx

Microsoft Security Advisory (975497)

Microsoft Security Advisory (975497)
Vulnerabilities in SMB Could Allow Remote Code Execution
Published: September 08, 2009 | Updated: September 17, 2009


Revisions
• V1.0 (September 8, 2009): Advisory published.

• V1.1 (September 17, 2009): Clarified the FAQ, What is SMBv2? Added a link to Microsoft Knowledge Base Article 975497 to provide an automated Microsoft Fix it solution for the workaround, Disable SMB v2.

http://www.microsoft.com/technet/security/advisory/975497.mspx

Microsoft Security Bulletin MS09-045 - Critical
Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961)
Published: September 08, 2009 | Updated: September 30, 2009

Revisions
• V1.0 (September 8, 2009): Bulletin published.

• V1.1 (September 9, 2009): Corrected the update package file name for JScript 5.6 on all supported x64-based editions of Windows Server 2003.

• V1.2 (September 30, 2009): Added information about known issues related to uninstalling the security update and verifying the registry key on Windows XP and Windows Server 2003.

http://www.microsoft.com/technet/security/bulletin/ms09-045.mspx

Microsoft Security Advisory Notification - Oct. 14, 2009

Issued: October 14, 2009

Security Advisory Updated or Released Today

* Microsoft Security Advisory (973811)
- Title: Extended Protection for Authentication
http://www.microsoft.com/technet/security/advisory/973811.mspx

Revisions:

• V1.0 (August 11, 2009): Advisory published.

• V1.1 (October 14, 2009): Updated the FAQ with information about a non-security update included in MS09-054 relating to WinINET.

Microsoft Security Bulletin Minor Revision - Oct. 13, 2009

Issued: October 13, 2009

Summary

The following bulletin has undergone a minor revision increment.

* MS09-024 - Critical

Bulletin Information:

* MS09-024 - Critical
http://www.microsoft.com/technet/security/bulletin/ms09-024.mspx

- Reason for Revision: V1.1 (October 13, 2009): Bulletin revised to
announce the addition of language localizations to the update
for Works 9. Customers who have already successfully applied
the original update to Works 9 are not affected by this revision.
- Originally posted: June 9, 2009
- Updated: October 13, 2009
- Bulletin Severity Rating: Critical
- Version: 1.1

Microsoft Security Advisory Notification - Oct. 13, 2009

Issued: October 13, 2009

Security Advisories Updated or Released Today

* Microsoft Security Advisory (975497)
- Title: Vulnerabilities in SMB Could Allow Remote
Code Execution
Revision Note: V2.0 (October 13, 2009): Advisory updated to
reflect publication of security bulletin.
http://www.microsoft.com/technet/security/advisory/975497.mspx



* Microsoft Security Advisory (975191)
- Title: Vulnerabilities in the FTP Service in
Internet Information Service
- Revision Note: V3.0 (October 13, 2009): Advisory updated to
reflect publication of security bulletin.
http://www.microsoft.com/technet/security/advisory/975191.mspx


Microsoft Security Advisory (973882)
- Title: Vulnerabilities in Microsoft Active Template
Library (ATL) Could Allow Remote Code Execution
- Revision Note: V4.0 (October 13, 2009): Advisory revised to
add an entry in the Updates related to ATL section to
communicate the release of Microsoft Security Bulletin
MS09-060, "Vulnerabilities in Microsoft Active Template
http://www.microsoft.com/technet/security/advisory/973882.mspx

Microsoft Security Bulletin Major Revision - Oct. 13, 2009

Issued: October 13, 2009

Summary

The following bulletin has undergone a major revision increment.

* MS08-069 - Critical

Bulletin Information:

* MS08-069 - Critical

http://www.microsoft.com/technet/security/bulletin/ms08-069.mspx

Microsoft Security Bulletin MS09-061 - Critical
Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
Published: October 13, 2009 | Updated: October 21, 2009

Revisions
• V1.0 (October 13, 2009): Bulletin published.

• V1.1 (October 21, 2009): Corrected the deployment information for Microsoft .NET Framework on all supported releases of Microsoft Windows. This is an informational change only. Customers who have successfully installed this update do not need to reinstall.


http://www.microsoft.com/technet/security/bulletin/ms09-061.mspx


Microsoft Security Bulletin MS09-060 - Critical
Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
Published: October 13, 2009 | Updated: October 21, 2009
Revisions
• V1.0 (October 13, 2009): Bulletin published.

• V1.1 (October 21, 2009): Added entries to the section, Frequently Asked Questions (FAQ) Related to This Security Update, to describe the known issue update available from KB974554, KB974556, or KB974234.

http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx

Microsoft Security Bulletin MS09-045 - Critical
Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961)
Published: September 08, 2009 | Updated: November 10, 2009

Revisions
• V1.0 (September 8, 2009): Bulletin published.

• V1.1 (September 9, 2009): Corrected the update package file name for JScript 5.6 on all supported x64-based editions of Windows Server 2003.

• V1.2 (September 30, 2009): Added information about known issues related to uninstalling the security update and verifying the registry key on Windows XP and Windows Server 2003.

• V2.0 (November 10, 2009): Added JScript 5.7 on Microsoft Windows 2000 Service Pack 4 (KB975542) to the Affected Software table and the Security Update Deployment section.

http://www.microsoft.com/technet/security/bulletin/ms09-045.mspx

Microsoft Security Bulletin MS09-051 - Critical
Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
Published: October 13, 2009 | Updated: November 10, 2009


Revisions
• V1.0 (October 13, 2009): Bulletin published.

• V1.1 (October 14, 2009): Clarified the entry, "I have Windows Media Player installed on my system. Why am I not being offered some of the updates?" in the FAQ section. Also corrected the FAQ for CVE-2009-0555 to indicate that Microsoft is aware of limited attacks attempting to exploit the vulnerability.

• V2.0 (November 10, 2009): Bulletin revised to communicate the rerelease of the update for Audio Compression Manager on Microsoft Windows 2000 Service Pack 4 to fix a detection issue. This is a detection change only; there were no changes to the binaries. Customers who have successfully updated their systems do not need to reinstall this update. Also corrected the registry key verification for DirectShow WMA Voice Codec on Windows Server 2003.

http://www.microsoft.com/technet/security/bulletin/ms09-051.mspx

Microsoft Security Bulletin MS09-065 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
Published: November 10, 2009 | Updated: November 12, 2009


Revisions
• V1.0 (November 10, 2009): Bulletin published.

• V1.1 (November 12, 2009): Added a link to Microsoft Knowledge Base Article 969947 under Known Issues in the Executive Summary.

http://www.microsoft.com/technet/security/bulletin/ms09-065.mspx

Microsoft Security Advisory (977544)
Vulnerability in SMB Could Allow Denial of Service
Published: November 13, 2009

Revisions
• V1.0 (November 13, 2009): Advisory published.

http://www.microsoft.com/technet/security/advisory/977544.mspx