Microsoft Security Bulletin Re-Releases/Advisories

Discussion in 'Virus Software Updates (Read Only)' started by NICK ADSL UK, Jun 19, 2008.

  1. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    ********************************************************************
    Title: Microsoft Security Bulletin Re-Releases
    Issued: June 19, 2008
    ********************************************************************

    Summary
    =======
    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS08-030 - Critical

    Bulletin Information:
    =====================

    * MS08-030 - Critical
    http://www.microsoft.com/technet/security/bulletin/ms08-030.mspx

    - Reason for Revision: V2.0 (June 18, 2008 Added "Why was this
    security update reoffered on June 18, 2008?" entry to the
    Update FAQ to advise customers running Windows XP Service
    Pack 2 and Windows XP Service Pack 3 that a revised version
    of the security update is available.
    - Originally posted: June 10, 2008
    - Updated: June 19, 2008
    - Bulletin Severity Rating: Critical
    - Version: 2.0
     
  2. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Re: Microsoft Security Bulletin Re-Releases

    Title: Microsoft Security Bulletin Revisions
    Issued: June 24, 2008
    ********************************************************************

    Summary
    =======
    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS07-042 - Critical

    Bulletin Information:
    =====================

    * MS07-042 - Critical

    - http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx
    - Reason for Revision: V4.0 (June 24, 2008): Bulletin updated:
    Added Windows XP Service Pack 3, Windows Vista Service Pack
    1, Windows Vista x64 Edition Service Pack 1, Windows Server
    2008 for 32-bit Systems, Windows Server 2008 for x64-based
    Systems, and Windows Server 2008 for Itanium-based Systems as
    affected software. This is a detection update only. There
    were no changes to the binaries.
    - Originally posted: August 14, 2007
    - Updated: June 24, 2008
    - Bulletin Severity Rating: Critical
    - Version: 4.0
     
  3. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory (954960)
    Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates
    Published: June 30, 2008

    Microsoft is investigating public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft is aware of reports from customers who are experiencing this issue.

    Upon completing the investigation, Microsoft will take appropriate action to resolve the issue within Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1.

    Note The issue affecting System Center Configuration Manager 2007 first described in Microsoft Security Advisory 954474, where System Center Configuration Manager 2007 systems were blocked from deploying security updates, is separate from the issue described in this advisory.

    Mitigating Factors:

    • This issue is limited to customers who deploy updates through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1, and have Microsoft Office 2003 installed in their environments.

    http://www.microsoft.com/technet/security/advisory/954960.mspx
     
  4. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory (955179)
    Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
    Published: July 7, 2008

    Microsoft is investigating active, targeted attacks leveraging a potential vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

    The ActiveX control for the Snapshot Viewer for Microsoft Access enables you to view an Access report snapshot without having the standard or run-time versions of Microsoft Office Access. The vulnerability only affects the ActiveX control for the Snapshot Viewer for Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003.

    The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007. The ActiveX control is also shipped with the standalone Snapshot Viewer.

    Mitigating Factors

    • In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail or Instant Messenger message that takes users to the attacker's Web site.

    • An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    • By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone.

    http://www.microsoft.com/technet/security/advisory/955179.mspx?pf=true
     
  5. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    ********************************************************************
    Title: Microsoft Security Bulletin Major Revisions
    Issued: July 10, 2008
    ********************************************************************

    Summary
    =======
    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS08-037 - Important

    Bulletin Information:
    =====================

    * MS08-037 - Important

    - http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
    - Reason for Revision: V2.0 (July 10, 2008): Bulletin revised to
    inform users of ZoneAlarm and Check Point Endpoint Security
    of an Internet connectivity issue detailed in the section,
    Frequently Asked Questions (FAQ) Related to this Security
    Update. The revision did not change the security update files
    in this bulletin, but users of ZoneAlarm and Check Point
    Endpoint Security should read the FAQ entries for guidance.
    - Originally posted: July 8, 2008
    - Updated: July 10, 2008
    - Bulletin Severity Rating: Important
    - Version: 2.0
     
  6. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory (954960)
    Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates
    Published: June 30, 2008 | Updated: July 10, 2008

    Microsoft has completed the investigation into public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft confirmed those reports and has released an update to correct this issue under Microsoft Knowledge Base Article 954960. Microsoft encourages customers affected by this issue to review and install this update.

    http://support.microsoft.com/kb/954960

    http://www.microsoft.com/technet/security/advisory/954960.mspx
     
  7. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    ********************************************************************
    Title: Microsoft Security Bulletin Major Revisions
    Issued: July 16, 2008
    ********************************************************************

    Summary
    =======
    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS08-033 - Critical
    * MS07-064 - Critical

    Bulletin Information:
    =====================

    * MS08-033 - Critical
    http://www.microsoft.com/technet/security/bulletin/ms08-033.mspx

    - Reason for Revision: V2.0 (July 16, 2008): Added DirectX 9.0a as
    affected software.
    - Originally posted: June 10, 2008
    - Updated: July 16, 2008
    - Bulletin Severity Rating: Critical
    - Version: 2.0

    * MS07-064 - Critical
    http://www.microsoft.com/technet/security/bulletin/ms07-064.mspx

    - Reason for Revision: V3.0 (July 16, 2008): Bulletin updated to
    reflect that the update for DirectX 9.0 also applies to
    DirectX 9.0a.
    - Originally posted: December 11, 2007
    - Updated: July 16, 2008
    - Bulletin Severity Rating: Critical
    - Version: 3.0

    Other Information
    =================

    Recognize and avoid fraudulent e-mail to Microsoft customers:
    =============================================================
    If you receive an e-mail message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious Web sites. Microsoft does not distribute security updates via e-mail.

    The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, it is not required to read security notifications, security bulletins, security advisories, or install security updates. You can obtain the MSRC public PGP key at
    https://www.microsoft.com/technet/security/bulletin/pgp.mspx
     
  8. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Update for Windows XP (KB941569)

    Security Update for Windows XP (KB941569)
    Brief Description
    A security issue has been identified that could allow an attacker to remotely compromise your Windows-based system using Windows Media file formats and gain control over it.

    Overview
    A security issue has been identified that could allow an attacker to remotely compromise your Windows-based system using Windows Media file formats and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.
    http://www.microsoft.com/downloads/...75-20f4e84f2c92&DisplayLang=en#AdditionalInfo
     
  9. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory Notification - July 25, 2008

    ***********************************************
    Title: Microsoft Security Advisory Notification
    Issued: July 25, 2008
    ***********************************************

    Security Advisories Updated or Released Today
    ==============================================
    Microsoft Security Advisory (956187)
    Increased Threat for DNS Spoofing Vulnerability
    Published: July 25, 2008

    Microsoft released Microsoft Security Bulletin MS08-037 on July 8, 2008, offering security updates to protect customers against Windows Domain Name System (DNS) spoofing attacks. Microsoft released this update in coordination with other DNS vendors who were also similarly impacted. Since the coordinated release of these updates, the threat to DNS systems has increased due to a greater public understanding of the attacks, as well as detailed exploit code being published on the Internet.

    Microsoft is not currently aware of active attacks utilizing this exploit code or of customer impact at this time. However, attacks are likely imminent due to the publicly posted proof of concept and Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.

    Microsoft’s investigation of this exploit code has verified that it does not affect Microsoft customers who have installed the updates detailed in Microsoft Security Bulletin MS08-037. Microsoft continues to recommend that customers apply the updates to the affected products by enabling the Automatic Updates feature in Windows.

    Microsoft has identified known issues with the updates offered in Microsoft Security Bulletin MS08-037. For more information about known installation issues, see Frequently Asked Questions (FAQ) Related to This Security Update in Microsoft Security Bulletin MS08-037, and Known issues with this security update in Microsoft Knowledge Base Article 953230
    http://www.microsoft.com/technet/security/advisory/956187.mspx
     
  10. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory (954960)
    Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates
    Published: June 30, 2008 | Updated: August 1, 2008

    Microsoft has completed the investigation into public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft confirmed those reports and has released an update to correct this issue under Microsoft Knowledge Base Article 954960. Microsoft encourages customers affected by this issue to review and install this update.

    Notes The issue affecting System Center Configuration Manager 2007 first described in Microsoft Security Advisory 954474, where System Center Configuration Manager 2007 systems were blocked from deploying security updates, is separate from the issue described in this advisory. However, there are similarities in the contributing factors in both issues.

    Customers who wish to verify that the update has been installed properly can check that their version of Microsoft.UpdateServices.WebServices.Client.Dll, located at %ProgramFiles%\Update Services\WebServices\ClientWebService\bin\, is 3.1.6001.66.

    The update detailed in Microsoft Knowledge Base Article 954960 cannot be uninstalled through Add or Remove Programs. Customers who wish to remove this update must uninstall Windows Server Update Services as detailed in Microsoft Knowledge Base Article 954960.

    http://www.microsoft.com/technet/security/advisory/954960.mspx
     
  11. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory (953839)
    Cumulative Security Update of ActiveX Kill Bits
    Published: August 12, 2008

    Microsoft is releasing a new set of ActiveX kill bits with this advisory.

    The update includes kill bits for the following third-party software:

    • Aurigma Image Uploader. Aurigma has issued an advisory and an update that addresses vulnerabilities. Please see the advisory from Aurigma for more information. These kill bits are being set at the request of the owner of the ActiveX control. Customers who require support should contact Aurigma. The class identifiers (CLSIDs) for this ActiveX control are as listed in the Frequently Asked Questions section of this advisory.

    • HP Instant Support. HP has issued an advisory and an update that addresses vulnerabilities. Please see the advisory from HP for more information and download locations. This kill bits are being set at the request of the owner of the ActiveX control. Customers who require support should contact HP. The class identifiers (CLSIDs) for this ActiveX control are as listed in the Frequently Asked Questions section of this advisory.


    For more information about installing this update, see Microsoft Knowledge Base Article 953839.

    http://support.microsoft.com/kb/953839
     
  12. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin Minor Revisions- August 12, 2008

    ********************************************************************
    Title: Microsoft Security Bulletin Minor Revisions
    Issued: August 12, 2008
    ********************************************************************

    Summary
    =======
    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS08-040 - Important
    * MS08-033 - Critical

    Bulletin Information:
    =====================

    * MS08-040 - Important


    http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx

    - Reason for Revision: V1.6 (August 12, 2008 Added entry to the
    Frequently Asked Questions (FAQ) Related to This Security
    Update to communicate a change in the installation code for
    the security update for SQL Server 2005 Service Pack 2. This
    is an installation code change only. There were no changes to
    the security update binaries.
    - Originally posted: July 8, 2008
    - Updated: August 12, 2008

    - Bulletin Severity Rating: Important
    - Version: 1.6

    * MS08-033 - Critical

    http://www.microsoft.com/technet/security/bulletin/ms08-033.mspx

    - Reason for Revision: V2.1 (August 12, 2008 Added known issues
    link. Also added an entry to the section, Frequently Asked
    Questions (FAQ) Related to this Security Update, about the
    known issues and solutions. The solutions include a change to
    Microsoft Baseline Security Analyzer (MBSA) 2.1 to correctly
    detect this update.
    - Originally posted: June 10, 2008
    - Updated: August 12, 2008
    - Bulletin Severity Rating: Critical
    - Version: 2.1


    * Microsoft Security Advisory (954960)-

    Title: Microsoft Windows Server Update Services
    (WSUS) Blocked from Deploying Security Updates

    http://www.microsoft.com/technet/security/advisory/954960.mspx

    - Revision Note: August 12, 2008
    :
    Added entry to the section,
    Frequently Asked Questions (FAQ) Related to This Security
    Update to communicate that the re-release of the update to
    fix a known installation issue with Windows Server 2008
    systems is now available via Microsoft Update.
     
  13. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin Minor Revisions
    Issued:
    ********************************************************************

    Summary
    =======
    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS08-045 - Critical
    * MS08-043 - Critical
    * MS07-068 - Critical

    Bulletin Information:
    =====================

    * MS08-045 - Critical

    http://www.microsoft.com/technet/security/bulletin/ms08-045.mspx

    - Reason for Revision: V1.1 (August 20, 2008 Corrected a registry
    key verification entry for Windows XP and added a mitigating
    factor for CVE-2008-2256.
    - Originally posted: August 12, 2008
    - Updated: August 20, 2008
    - Bulletin Severity Rating: Critical
    - Version: 1.1

    * MS08-043 - Critical

    http://www.microsoft.com/technet/security/bulletin/ms08-043.mspx

    - Reason for Revision: V1.2 (August 20, 2008 Added note to the
    Affected Software table and a FAQ entry to clarify that this
    update applies to servers that have Excel Services installed,
    such as the default configuration of Microsoft Office
    SharePoint Server 2007 Enterprise and Microsoft Office
    SharePoint Server 2007 For Internet Sites. Microsoft Office
    SharePoint Server 2007 Standard does not include Excel
    Services.
    - Originally posted: August 12, 2008
    - Updated: August 20, 2008
    - Bulletin Severity Rating: Critical
    - Version: 1.2

    * MS07-068 - Critical

    http://www.microsoft.com/technet/security/bulletin/ms07-068.mspx
    - Reason for Revision: V2.2 (August 20, 2008 Bulletin updated to
    change Windows Media Format Runtime 9 to a non-affected
    component for Windows XP Service Pack 3.
    - Originally posted: December 11, 2007
    - Updated: August 20, 2008
    - Bulletin Severity Rating: Critical
    - Version: 2.2
     
  14. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Security Update for Internet Explorer 7 for Windows XP (KB938127)
    Brief Description

    A security issue has been identified in the way Vector Markup Language (VML) is handled that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it. You can help protect your computer by installing this update from Microsoft

    Quick Details
    File Name: IE7-WindowsXP-KB938127-v2-x86-ENU.exe
    Version: 938127
    Security Bulletins: MS07-050
    Knowledge Base (KB) Articles: KB938127
    Date Published: 8/25/2008


    Overview
    A security issue has been identified in the way Vector Markup Language (VML) is handled that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it. You can help protect your computer by installing this update from Microsoft.

    http://www.microsoft.com/technet/security/bulletin/ms07-050.mspx


    http://www.microsoft.com/downloads/...16-194C-478E-8A96-9421A0C52C9F&displaylang=en
     
  15. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin MS08-052 – Critical
    Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
    Published: September 9, 2008 | Updated: September 12, 2008

    Version: 2.0

    General Information
    Executive Summary
    This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    This security update is rated Critical for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008, Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4, Microsoft Digital Image Suite 2006, SQL Server 2000 Reporting Services Service Pack 2, all supported editions of SQL Server 2005, Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package, and Microsoft Report Viewer 2008 Redistributable Package.

    This security update is rated Important for all supported editions of Microsoft Office XP; Microsoft Office 2003; all Office Viewer software for Microsoft Office 2003; 2007 Microsoft Office System; all Office Viewer software for 2007 Microsoft Office System; Microsoft Visio 2002; Microsoft Office PowerPoint Viewer 2003; Microsoft Works 8; and Microsoft Forefront Client Security 1.0. For more information, see the subsection, Affected and Non-Affected Software, in this section.

    The security update addresses the vulnerabilities by modifying the way that GDI+ handles viewing malformed images. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

    Recommendation. Microsoft recommends that customers apply the update immediately.


    Revisions
    • V1.0 (September 9, 2008): Bulletin published.

    • V2.0 (September 12, 2008): Bulletin updated to add Microsoft Office Project 2002 Service Pack 2, all Office Viewer software for Microsoft Office 2003, and all Office Viewer software for 2007 Microsoft Office System as Affected Software. Details for this bulletin revision are provided in the "Why was this bulletin revised on September 12, 2008?"

    http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx
     
  16. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Title: Microsoft Security Bulletin Major Revisions
    Issued: September 15, 2008
    ********************************************************************

    Summary
    =======
    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS08-054 - Critical
    * MS08-053 - Critical

    Bulletin Information:
    =====================

    * MS08-054 - Critical

    http://www.microsoft.com/technet/security/bulletin/ms08-054.mspx
    - Reason for Revision: V2.0 (September 15, 2008): Added entry to
    the Frequently Asked Questions (FAQ) Related to This Security
    Update section to communicate the re-release of the Norwegian
    language update for Windows Media Player 11 on all supported
    32-bit editions of Windows XP. Customers who require the
    Norwegian language update need to download and install the
    re-released update. Also removed an erroneous entry from the
    Non-Affected software table.
    - Originally posted: September 9, 2008
    - Updated: September 15, 2008
    - Bulletin Severity Rating: Critical
    - Version: 2.0

    * MS08-053 - Critical

    http://www.microsoft.com/technet/security/bulletin/ms08-053.mspx
    - Reason for Revision: V2.0 (September 15, 2008): Added entry to
    the Frequently Asked Questions (FAQ) Related to This Security
    Update section to communicate the re-release of the Norwegian
    language update for Windows Media Encoder 9 Series running on
    Microsoft Windows 2000 Service Pack 4, Windows Media Encoder
    9 Series running on Windows XP Service Pack 2 and Windows XP
    Service Pack 3, and Windows Media Encoder 9 Series running on
    Windows Server 2003 Service Pack 1 and Windows Server 2003
    Service Pack 2. Customers who require the Norwegian language
    updates need to download and install the re-released updates.
    - Originally posted: September 9, 2008
    - Updated: September 15, 2008
    - Bulletin Severity Rating: Critical
    - Version: 2.0
     
  17. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory Notification - October 14, 2008

    ************************************************
    Title: Microsoft Security Advisory Notification
    Issued: October 14, 2008
    ************************************************

    Security Advisories Updated or Released Today
    ==============================================

    * Microsoft Security Advisory (956391)
    - Title: Cumulative Security Update of ActiveX Kill Bits
    http://www.microsoft.com/technet/security/advisory/956391.mspx

    - Revision Note: Advisory Published.
     
  18. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin MS08-041 – Critical
    Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
    Published: August 12, 2008 | Updated: October 14, 2008


    General Information

    Executive Summary
    This security update resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

    This security update is rated Critical for the Snapshot Viewer for Microsoft Access and for supported versions of Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003.

    The security update addresses the vulnerability by correcting an error in the Microsoft Access Snapshot Viewer control. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

    This security update also addresses the vulnerability first described in Microsoft Security Advisory 955179.

    Recommendation. Microsoft recommends that customers apply the update immediately.

    Known Issues. None


    http://www.microsoft.com/technet/security/bulletin/ms08-041.mspx
     
  19. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory (958963)
    Exploit Code Published Affecting the Server Service
    Published: October 27, 2008


    Microsoft is aware that detailed exploit code demonstrating code execution has been published on the Internet for the vulnerability that is addressed by security update MS08-067. This exploit code demonstrates code execution on Windows 2000, Windows XP, and Windows Server 2003. Microsoft is aware of limited, targeted active attacks that use this exploit code. At this time, there are no self-replicating attacks associated with this vulnerability. Microsoft has activated its Software Security Incident Response Process (SSIRP) and is continuing to investigate this issue.
    http://www.microsoft.com/technet/security/advisory/958963.mspx
     
  20. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

  21. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin Minor Revisions - November 25, 2

    ********************************************************************
    Title: Microsoft Security Bulletin Minor Revisions
    Issued: November 25, 2008
    ********************************************************************

    Summary
    =======
    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS07-068 - Critical
    * MS06-078

    Bulletin Information:
    =====================

    * MS07-068 - Critical

    http://www.microsoft.com/technet/security/bulletin/ms07-068.mspx

    - Reason for Revision: V2.3 (November 25, 2008): Bulletin updated
    to correct the filename of wwmasf.dll to wmasf.dll in the
    file information for Windows Media Format 9.5 Runtime for
    Windows Server 2003 x64 Edition.
    - Originally posted: December 11, 2007
    - Updated: November 25, 2008
    - Bulletin Severity Rating: Critical
    - Version: 2.3

    * MS06-078
    http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx

    - Reason for Revision: V6.1 (November 25, 2008): Bulletin updated
    to correct the filename, Wwmvcore.dll, to Wmvcore.dll for
    file information for Windows Media Format 9.5 Series Runtime
    on Windows XP Professional x64 Edition and Windows Server
    2003 x64 Edition.
    - Originally posted: December 12, 2006
    - Updated: November 25, 2008
    - Bulletin Severity Rating: Critical
    - Version: 6.1
     
  22. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory Notification - November 25, 2008

    ********************************************************************
    Title: Microsoft Security Advisory Notification
    Issued: November 25, 2008
    ********************************************************************

    Security Advisories Updated or Released Today
    ==============================================

    * Microsoft Security Advisory (953839)
    - Title: Cumulative Security Update of ActiveX Kill Bits
    http://www.microsoft.com/technet/security/advisory/953839.mspx
    - Revision Note: November 25, 2008: Added an entry to
    Frequently Asked Questions to communicate that users with
    Windows Server 2008 Server Core installation will still be
    offered but do not need to install this update.
     
  23. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory (960906)
    Vulnerability in WordPad Text Converter Could Allow Remote Code Execution
    Published: December 9, 2008


    Microsoft is investigating new reports of a vulnerability in the WordPad Text Converter for Word 97 files on Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Windows XP Service Pack 3, Windows Vista, and Windows Server 2008 are not affected as these operating systems do not contain the vulnerable code.

    Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

    At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. Additionally, as the issue has not been publicly disclosed broadly, we believe the risk at this time to be limited.

    We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.

    Customers who believe that they have been attacked can obtain security support at Get security support and should contact the national law enforcement agency in their country. Customers in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at Internet Crime Complaint Center.

    Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.

    Mitigating Factors:

    • This issue does not affect Windows XP Service Pack 3, Windows Vista, and Windows Server 2008.

    • An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

    • The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message.

    • When Microsoft Office Word is installed, Word 97 documents are by default opened using Microsoft Office Word, which is not affected by this vulnerability. However, an attacker could rename a malicious file to have a Windows Write (.wri) extension, which would still invoke WordPad. This file type can be blocked at the Internet perimeter.

    http://www.microsoft.com/technet/security/advisory/960906.mspx
     
  24. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin MS08-052 – Critical
    Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
    Published: September 9, 2008 | Updated: December 9, 2008


    Revisions
    • V1.0 (September 9, 2008 Bulletin published.

    • V2.0 (September 12, 2008 Bulletin updated to add Microsoft Office Project 2002 Service Pack 2, all Office Viewer software for Microsoft Office 2003, and all Office Viewer software for 2007 Microsoft Office System as Affected Software. Details for this bulletin revision are provided in the "Why was this bulletin revised on September 12, 2008?" entry in the Frequently Asked Questions (FAQ) Related to this Security Update section.

    • V2.1 (September 17, 2008 Changed references to Microsoft Office Project 2002 Service Pack 2 as affected software to Microsoft Office Project 2002 Service Pack 1. This is a name change only. There were no changes to the binaries or detection.

    • V2.2 (October 29, 2008 Added an FAQ entry concerning a printing issue with Microsoft SQL Server 2005 Reporting Services and removed Visio Viewer from Affected Software, including other minor changes. For more details, please see the entry in the Frequently Asked Questions (FAQ) Related to this Security Update section.

    • V3.0 (December 9, 2008 Added Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1, Microsoft Expression Web and Microsoft Expression Web 2, and Microsoft Office Groove 2007 and Microsoft Office Groove 2007 Service Pack 1 as Affected Software. Also detailed a detection change for Microsoft SQL Server 2005 Service Pack 2 in the "Why was this bulletin revised on December 9, 2008?" entry in the Frequently Asked Questions (FAQ) Related to this Security Update section.

    http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx
     
  25. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory (961051)
    Vulnerability in Internet Explorer Could Allow Remote Code Execution
    Published: December 10, 2008

    Microsoft is investigating new public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.

    At this time, we are aware only of limited attacks that attempt to use this vulnerability. Our investigation of these attacks so far has verified that they are not successful against customers who have applied the workarounds listed in this advisory. Additionally, there are mitigations that increase the difficulty of exploiting this vulnerability.

    We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we’re actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.

    We are actively investigating the vulnerability these attacks attempt to exploit. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

    Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.

    Mitigating Factors:

    • Protected Mode in Internet Explorer 7 in Windows Vista limits the impact of the vulnerability.

    • By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See the FAQ subsection of this vulnerability section for more information about Internet Explorer Enhanced Security Configuration.

    • An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

    • Currently known attacks cannot exploit this issue automatically through e-mail.

    http://www.microsoft.com/technet/security/advisory/961051.mspx
     
  26. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory (961051)
    Vulnerability in Internet Explorer Could Allow Remote Code Execution
    Published: December 10, 2008 | Updated: December 17, 2008


    Revisions:

    • December 10, 2008: Advisory published

    • December 11, 2008: Revised to include Microsoft Internet Explorer 5.01 Service Pack 4, Internet Explorer 6 Service Pack 1, Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 as potentially vulnerable software. Also added more workarounds.

    • December 12, 2008: Revised to correct operating systems that support Windows Internet Explorer 8 Beta 2. Also added more workarounds and a reference to Microsoft Security Advisory (954462).

    • December 13, 2008: Revised to add the workaround, Disable XML Island functionality. Also, in a FAQ entry, clarified the list of recommended workarounds and added the blog post URL for recommended workarounds.

    • December 15, 2008: Updated the workarounds, DisableXMLIsland functionality and Disable Row Position functionality of OLEDB32.dll.

    • December 17, 2008: Advisory updated to reflect publication of security bulletin.


    http://www.microsoft.com/technet/security/advisory/961051.mspx
     
  27. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin Minor Revisions - Dec. 17, 2008

    **************************************************
    Title: Microsoft Security Bulletin Minor Revisions
    Issued: December 17, 2008
    **************************************************

    Summary
    =======
    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS08-072 - Critical
    * MS08-069 - Critical

    Bulletin Information:
    =====================

    * MS08-072 - Critical
    http://www.microsoft.com/technet/security/bulletin/ms08-072.mspx

    - Reason for Revision: V1.1 (December 17, 2008): Changed the
    Microsoft Baseline Security Analyzer deployment summary to
    "no" for Microsoft Office Word 2000 Service Pack 3 in the
    Detection and Deployment Tools and Guidance section. Also,
    revised the bulletins replaced by this update for Microsoft
    Office Outlook 2007 and Microsoft Office Outlook 2007 Service
    Pack 1 in the Affected Software table. There were no changes
    to the security update binaries.
    - Originally posted: December 9, 2008
    - Updated: December 17, 2008
    - Bulletin Severity Rating: Critical
    - Version: 1.1

    * MS08-069 - Critical
    http://www.microsoft.com/technet/security/bulletin/ms08-069.mspx

    - Reason for Revision: V1.2 (December 17, 2008): Added log file
    entries in the Security Update Deployment section Reference
    table for Microsoft XML Core Services 6.0 when installed on
    Windows Server 2003 Service Pack 1, Windows Server 2003
    Service Pack 2, Windows Server 2003 x64 Edition, and Windows
    Server 2003 x64 Edition Service Pack 2.
    - Originally posted: November 11, 2008
    - Updated: December 17, 2008
    - Bulletin Severity Rating: Critical
    - Version: 1.2
     
  28. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    ********************************************************************
    Title: Microsoft Security Bulletin Major Revisions
    Issued: January 13, 2009
    ********************************************************************

    Summary
    =======
    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS08-076 - Important
    * MS08-072 - Critical


    Bulletin Information:
    =====================

    * MS08-076 - Important


    http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx

    - Reason for Revision: V3.0 (January 13, 2009): Added entry to the
    Frequently Asked Questions (FAQ) Related to This Security
    Update section explaining that Microsoft has re-released the
    update packages for Windows Media Format Runtime 9.5 on
    Windows XP Service Pack 2 (KB952069) and on Windows XP
    Service Pack 3 (KB952069). Customers running all other
    supported and affected versions of Windows Media components
    who have already applied the original security update
    packages do not need to take any further action. Also, listed
    Windows Media Player 6.4 and Windows Media Services 4.1 as
    affected on all editions of Microsoft Windows 2000 Service
    Pack 4; customers who were offered but have not applied this
    update, KB954600 for Windows Media Player 6.4, or KB952068
    for Windows Media Services 4.1, need to do so.
    - Originally posted: December 9, 2008
    - Updated: January 13, 2009
    - Bulletin Severity Rating: Important
    - Version: 3.0

    * MS08-072 - Critical
    http://www.microsoft.com/technet/security/bulletin/ms08-072.mspx

    - Reason for Revision: V2.0 (January 13, 2009): Added Microsoft
    Office Word Viewer to Affected Software table. Also, added an
    entry to the section, Frequently Asked Questions (FAQ)
    Related to This Security Update, explaining Microsoft Office
    Word Viewer. There were no changes to the security update
    binaries or detection. Customers with Microsoft Office Word
    Viewer who have successfully installed security update
    KB956366 do not need to reinstall.
    - Originally posted: December 9, 2008
    - Updated: January 13, 2009
    - Bulletin Severity Rating: Critical
    - Version: 2.0
     
  29. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin Minor Revisions - Jan. 13, 2009

    **************************************************
    Title: Microsoft Security Bulletin Minor Revisions
    Issued: January 13, 2009
    **************************************************


    Summary
    =======
    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS08-066 - Important
    * MS08-037 - Important


    Bulletin Information:
    =====================

    * MS08-066 - Important


    http://www.microsoft.com/technet/security/bulletin/ms08-066.mspx

    - Reason for Revision: V1.1 (January 13, 2009): Added an entry to
    the section, Frequently Asked Questions (FAQ) Related to this
    Security Update, explaining this revision as a detection
    change for this security update. The corrected detection
    offers the security update to affected systems that
    previously were not offered this security update. Customers
    who have successfully updated their systems do not need to
    reinstall this update.
    - Originally posted: October 14, 2008
    - Updated: January 13, 2009
    - Bulletin Severity Rating: Important
    - Version: 1.1

    * MS08-037 - Important

    http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx

    - Reason for Revision: V2.3 (January 13, 2009): Added a new entry
    to the Frequently Asked Questions (FAQ) Related to This
    Security Update section to communicate the fix to a detection
    and deployment issue with Windows XP Service Pack 3. There
    were no changes to the binaries or packages for this update.
    Customers who have successfully updated their systems do not
    need to reinstall this update.
    - Originally posted: July 8, 2008
    - Updated: January 13, 2009
    - Bulletin Severity Rating: Important
    - Version: 2.3
     
  30. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    ********************************************************************
    Title: Microsoft Security Bulletin Major Revisions
    Issued: January 21, 2009

    ********************************************************************

    Summary
    =======
    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS05-022

    Bulletin Information:
    =====================

    * MS05-022 - Critical


    http://www.microsoft.com/technet/security/bulletin/ms05-022.mspx

    - Reason for Revision: V2.0 (January 21, 2009): Bulletin updated.
    Replaced the download link for MSN Messenger 6.2 with the
    bulletin link to MS07-054. Users may either use the specific
    download link in MS07-054 to upgrade, or log on to MSN Messenger
    service to accept the required upgrade.
    - Originally posted: April 12, 2005
    - Updated: January 21, 2009
    - Bulletin Severity Rating: Critical
    - Version: 2.0


    Microsoft Security Bulletin Minor Revisions - Jan. 21, 2009

    **************************************************
    Title: Microsoft Security Bulletin Minor Revisions
    Issued: January 21, 2009
    **************************************************

    Summary
    =======
    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS08-040 - Important

    Bulletin Information:
    =====================

    * MS08-040 - Important

    http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx

    - Reason for Revision: V1.7 (January 21, 2009): Listed Microsoft
    SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 3a, a
    component of Application Center 2000 Service Pack 2, as
    non-affected software.
    - Originally posted: July 8, 2008
    - Updated: January 21, 2009
    - Bulletin Severity Rating: Important
    - Version: 1.7
     
  31. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    ********************************************************************
    Title: Microsoft Security Bulletin Major Revisions
    Issued: January 28, 2009
    ********************************************************************


    Summary
    =======
    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS08-074 - Critical

    Bulletin Information:
    =====================

    * MS08-074 - Critical
    http://www.microsoft.com/technet/security/bulletin/ms08-074.mspx

    - Reason for Revision: V2.0 (January 28, 2009): Added a footnote to
    the Affected Software table and two entries to the section,
    Frequently Asked Questions (FAQ) Related to this Security
    Update, pertaining to security updates KB958437 and KB958439
    for supported versions of Microsoft Office Excel 2007. There
    were no changes to the security update binaries or detection.
    Customers with Microsoft Office Excel 2007 or Microsoft
    Office Excel 2007 Service Pack 1 who have already
    successfully installed KB958437 and KB958439 do not need to reinstall.
    - Originally posted: December 9, 2008
    - Updated: January 28, 2009
    - Bulletin Severity Rating: Critical
    - Version: 2.0
     
  32. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin Re-Releases - Feb. 16, 2009

    **********************************************
    Title: Microsoft Security Bulletin Re-Releases
    Issued: February 16, 2009
    **********************************************

    Summary
    =======
    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS09-003 - Critical

    Bulletin Information:
    =====================

    * MS09-003 - Critical
    http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx

    - Reason for Revision: V2.0 (February 16, 2009): Added the
    Microsoft Exchange Server MAPI Client as affected software.
    Also, added several entries to the section, Frequently Asked
    Questions (FAQ) Related to This Security Update, relating to
    updating the MAPI Client and the Exchange System Management
    tools. No other update packages are affected by this
    re-release. Customers running all other supported and
    affected versions of Microsoft Exchange Server who have
    already successfully applied the original security update
    packages do not need to take any further action.
    - Originally posted: February 10, 2009
    - Updated: February 16, 2009
    - Bulletin Severity Rating: Critical
    - Version: 2.0
     
  33. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin Minor Revisions - Feb 16, 2009

    **************************************************
    Title: Microsoft Security Bulletin Minor Revisions
    Issued: February 16, 2009
    **************************************************

    Summary
    =======
    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS09-002 - Critical

    Bulletin Information:
    =====================

    * MS09-002 - Critical

    http://www.microsoft.com/technet/security/bulletin/ms09-002.mspx
    - Reason for Revision: V1.1 (February 16, 2009): Added a link to
    Microsoft Knowledge Base Article 961260 under Known Issues in
    the Executive Summary.
    - Originally posted: February 10, 2009
    - Updated: February 16, 2009
    - Bulletin Severity Rating: Critical
    - Version: 1.1
     
  34. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory (967940)
    Update for Windows Autorun
    Published: February 24, 2009

    Microsoft is announcing the availability of an update that corrects a functionality feature that can help customers in keeping their systems protected. The update corrects an issue that prevents the NoDriveTypeAutoRun registry key from functioning as expected.

    When functioning as expected, the NoDriveTypeAutoRun registry key can be used to selectively disable Autorun functionality (e.g. AutoPlay, double click, and contextual menu features associated with Autorun) for drives on a user's system and network. Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file.

    We encourage Windows customers to review and install this update. This update is available through automatic updating and from the download center. For more information about this issue, including download links for this non-security update, see Microsoft Knowledge Base Article 967715.
    http://www.microsoft.com/technet/security/advisory/967940.mspx
     
  35. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory (968272)
    Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution
    Published: February 24, 2009

    Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability.

    We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) program to provide information that they can use to provide broader protections to customers.

    Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

    Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.

    International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

    Mitigating Factors:

    • An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

    • In a Web-based attack scenario, an attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.

    • The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.

    • Users who have installed and are using the Office Document Open Confirmation Tool for Office 2000 will be prompted with Open, Save, or Cancel before opening a document.

    http://www.microsoft.com/technet/security/advisory/968272.mspx
     
  36. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory (967940)

    Update for Windows Autorun

    Published: February 24, 2009

    Microsoft is announcing the availability of an update that corrects a functionality feature that can help customers in keeping their systems protected. The update corrects an issue that prevents the NoDriveTypeAutoRun registry key from functioning as expected.

    When functioning as expected, the NoDriveTypeAutoRun registry key can be used to selectively disable Autorun functionality (e.g. AutoPlay, double click, and contextual menu features associated with Autorun) for drives on a user's system and network. Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file.

    We encourage Windows customers to review and install this update. This update is available through automatic updating and from the download center. For more information about this issue, including download links for this non-security update, see Microsoft Knowledge Base Article 967715.

    http://www.microsoft.com/technet/security/advisory/967940.mspx
     
  37. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin Minor Revisions - Mar. 11, 2009

    **************************************************
    Title: Microsoft Security Bulletin Minor Revisions
    Issued: March 11, 2009
    **************************************************

    Summary
    =======
    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS09-008 - Important

    Bulletin Information:
    =====================

    * MS09-008 - Important

    http://www.microsoft.com/technet/security/bulletin/ms09-008.mspx

    - Reason for Revision: V1.1 (March 11, 2009): Clarified that
    CVE-2009-0093 does not apply to supported editions of Windows
    Server 2008. Added a link to Microsoft Knowledge Base Article
    962238 under Known Issues in the Executive Summary. Clarified
    what systems are primarily at risk for CVE-2009-2033.
    Finally, updated a finder acknowledgment for CVE-2009-0233
    and CVE-2009-0234.
    - Originally posted: March 10, 2009
    - Updated: March 11, 2009
    - Bulletin Severity Rating: Important
    - Version: 1.1
     
  38. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory Notification - March 11, 2009

    ***********************************************
    Title: Microsoft Security Advisory Notification
    Issued: March 11, 2009
    ***********************************************

    Security Advisories Updated or Released Today
    ==============================================

    * Microsoft Security Advisory (953839)
    - Title: Update Rollup for ActiveX Kill Bits

    http://www.microsoft.com/technet/security/advisory/953839.mspx
    - Revision Note: March 11, 2009: Added an entry to Frequently
    Asked Questions to communicate that for the purpose of
    automatic updating, this update does not replace the
    Cumulative Security Update of ActiveX Kill Bits (950760) that
    is described in Microsoft Security Bulletin MS08-032.
     
  39. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin Minor Revisions - Apr 2, 2009

    ********************************************************************
    Title: Microsoft Security Bulletin Minor Revisions
    Issued: April 2, 2009
    ********************************************************************

    Summary
    =======
    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS08-032 - Moderate

    Bulletin Information:
    =====================

    * MS08-032 - Moderate


    http://www.microsoft.com/technet/security/bulletin/ms08-032.mspx
    - Reason for Revision: V1.1 (April 1, 2009): Clarified in
    footnotes under the Affected Software and Severity Ratings
    tables that Windows Server 2008 server core installations are
    not affected by the vulnerability discussed in this bulletin,
    but will still be offered this update. Added an entry in the
    section, Frequently Asked Questions (FAQ) Related to This
    Security Update, to reiterate that such installations do not
    need to install this update.
    - Originally posted: June 10, 2008
    - Updated: April 1, 2009
    - Bulletin Severity Rating: Moderate
    - Version: 1.1
     
  40. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory Notification - April 14, 2009

    ********************************************************************
    Title: Microsoft Security Advisory Notification
    Issued: April 14, 2009
    ********************************************************************

    Security Advisories Updated or Released Today
    ==============================================

    * Microsoft Security Advisory (968272)
    - Title: Vulnerability in Microsoft Office Excel
    Could Allow Remote Code Execution
    - Revision Note: V3.0 (April 14, 2009) Advisory updated to
    reflect publication of security bulletin.
    http://www.microsoft.com/technet/security/advisory/968272.mspx

    * Microsoft Security Advisory (960906)
    - Title: Vulnerability in WordPad Text Converter
    Could Allow Remote Code Execution
    - Revision Note: V2.0 (April 14, 2009): Advisory updated to
    reflect publication of security bulletin.
    http://www.microsoft.com/technet/security/advisory/960906.mspx

    * Microsoft Security Advisory (953818)
    - Title: Blended Threat from Combined Attack Using
    Apple's Safari on the Windows Platform
    - Revision Note: V2.0 (April 14, 2009): Added references and
    links to MS09-014 and MS09-015, which address the issue in
    this advisory.
    http://www.microsoft.com/technet/security/advisory/953818.mspx

    * Microsoft Security Advisory (951306)
    - Title: Vulnerability in Windows Could Allow
    Elevation of Privilege Revision Note: V3.0 (April 14, 2009): Advisory updated to
    reflect publication of security bulletin.
    http://www.microsoft.com/technet/security/advisory/951306.mspx
     
  41. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    *Microsoft Security Bulletin Minor Revisions - Apr. 29, 2009


    MS09-012 - Important

    http://www.microsoft.com/technet/security/bulletin/ms09-012.mspx

    - Reason for Revision: V2.0 (April 29, 2009): Added an entry to the
    section, Frequently Asked Questions (FAQ) Related to This
    Security Update to communicate the rerelease of the
    Norwegian-language update for Microsoft Windows 2000 Service
    Pack 4 (KB952004). Customers who require the
    Norwegian-language update need to download and install the
    rereleased update. No other updates or locales are affected
    by this rerelease.
    - Originally posted: April 14, 2009
    - Updated: April 29, 2009
    - Bulletin Severity Rating: Important
    - Version: 2.0

    * MS08-076 - Important

    http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx
    - Reason for Revision: V4.0 (April 29, 2009): Added Windows Media
    Services 2008 (KB952068) on 32-bit and x64-based editions of
    Windows Server 2008 Service Pack 2 as affected software.
    Also, added Windows Server 2008 for Itanium-based Systems
    Service Pack 2 as non-affected software. This is a detection
    change only; there were no changes to the binaries. Customers
    who have already successfully installed KB952068 do not need
    to reinstall.
    - Originally posted: December 9, 2008
    - Updated: April 29, 2009
    - Bulletin Severity Rating: Important
    - Version: 4.0

    * MS08-069 - Critical

    http://www.microsoft.com/technet/security/bulletin/ms08-069.mspx
    - Reason for Revision: V2.0 (April 29, 2009): Added Microsoft XML
    Core Services 4.0 (KB954430) on 32-bit and x64-based editions
    of Windows Vista Service Pack 2 and on 32-bit, x64-based, and
    Itanium-based editions of Windows Server 2008 Service Pack 2
    as affected software. Also added as non-affected software:
    Microsoft XML Core Services 3.0 and Microsoft XML Core
    Services 6.0 on 32-bit and x64-based editions of Windows
    Vista Service Pack 2 and on 32-bit, x64-based, and
    Itanium-based editions of Windows Server 2008 Service Pack 2.
    This is a detection change only; there were no changes to the
    binaries. Customers who have already successfully installed
    KB954430 do not need to reinstall.
    - Originally posted: November 11, 2008
    - Updated: April 29, 2009
    - Bulletin Severity Rating: Critical
    - Version: 2.0

    MS09-013 - Critical

    Bulletin Information:

    * MS09-013 - Critical

    http://www.microsoft.com/technet/security/bulletin/ms09-013.mspx
    - Reason for Revision: V1.1 (April 29, 2009): Added entry to the
    section, Frequently Asked Questions (FAQ) Related to This
    Security Update, to communicate that the Known issues with
    this security update section in the associated Microsoft
    Knowledge Base Article 960803 has been updated. This is an
    informational change only.
    - Originally posted: April 14, 2009
    - Updated: April 29, 2009
    - Bulletin Severity Rating: Critical
    - Version: 1.1
     
  42. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin Minor Revisions - May 26, 2009

    Title: Microsoft Security Bulletin Minor Revisions
    Issued: May 26, 2009

    Summary
    =======
    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS07-026

    Bulletin Information:
    =====================

    * MS07-026

    http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx
    - Reason for Revision: V1.1 (May 26, 2009): Added an entry in the
    section, Frequently Asked Questions (FAQ) Related to This
    Security Update, to announce a detection change. The
    detection no longer offers the MS06-019 and MS06-029 updates,
    but instead will only offer MS07-026. There were no changes
    to the binaries. Customers who have already successfully
    installed the MS07-026 update do not need to reinstall.
    - Originally posted: May 8, 2007
    - Updated: May 26, 2009
    - Bulletin Severity Rating: Critical
    - Version: 1.1
     
  43. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin Major Revision - May 26, 2009

    Title: Microsoft Security Bulletin Major Revision
    Issued: May 26, 2009

    Summary
    =======
    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS09-003 - Critical

    Bulletin Information:
    =====================

    * MS09-003 - Critical


    http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx

    - Reason for Revision: V3.0 (May 26, 2009): Added an entry in the
    section, Frequently Asked Questions (FAQ) Related to This
    Security Update, to announce a detection change to the update
    for Microsoft Exchange Server 2003 Service Pack 2 (KB959897).
    This is a detection change only. There were no changes to the
    security update files in this bulletin. Customers who have
    already installed the KB959897 update successfully do not
    need to reinstall.
    - Originally posted: February 10, 2009
    - Updated: May 26, 2009
    - Bulletin Severity Rating: Critical
    - Version: 3.0
     
  44. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory (971888)
    Update for DNS Devolution
    Published: June 9, 2009

    Version: 1.0


    Microsoft is announcing the availability of an update to DNS devolution that can help customers in keeping their systems protected. Customers whose domain name has three or more labels, such as "contoso.co.us", or who do not have a DNS suffix list configured, or for whom the following mitigating factors do not apply may inadvertently be allowing client systems to treat systems outside of the organizational boundary as though they were internal to the organization's boundary.

    Mitigating Factors:

    • Customers who are joined to a domain and have a DNS suffix search list configured on their system are not at risk of inadvertently treating external systems as though they were internal. Microsoft encourages all enterprise customers to set DNS suffix search lists on client systems in order to ensure all DNS queries stay within organizational boundaries.

    • In most cases, home users who are not members of a domain do not use DNS devolution and therefore are not exposed to this risk. Home users who are not members of a domain but have configured a primary DNS suffix, however, do use DNS devolution and are at risk of inadvertently treating external systems as though they were internal.

    • Customers whose DNS domain name consists of two labels are not exposed to this risk. An example of a customer who is not affected is contoso.com or fabrikam.gov, where "contoso" and "fabrikam" are customer registered domain names under their respective ".com" and ".gov" top-level domains (TLDs).

    http://www.microsoft.com/technet/security/advisory/971888.mspx
     
  45. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin Major Revisions - July 1, 2009

    Title: Microsoft Security Bulletin Major Revisions
    Issued: July 1, 2009

    Summary


    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS03-011
    * MS02-069
    * MS02-052
    * MS02-013
    * MS00-081
    * MS00-075
    * MS00-059
    * MS00-011
    * MS99-045
    * MS99-031

    Bulletin Information:

    * MS03-011

    http://www.microsoft.com/technet/security/bulletin/ms03-011.mspx
    - Reason for Revision: V2.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see Patch availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating: Critical
    - Version: 2.0

    * MS02-069


    http://www.microsoft.com/technet/security/bulletin/ms02-069.mspx
    - Reason for Revision: V2.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see Patch availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating: Critical
    - Version: 2.0

    * MS02-052


    http://www.microsoft.com/technet/security/bulletin/ms02-052.mspx
    - Reason for Revision: V2.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see Patch availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating: Critical
    - Version: 2.0

    * MS02-013


    http://www.microsoft.com/technet/security/bulletin/ms02-013.mspx
    - Reason for Revision: V3.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see Patch availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating: Critical
    - Version: 3.0

    * (MS00-081)


    http://www.microsoft.com/technet/security/bulletin/ms00-081.mspx
    - Reason for Revision: V2.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see Patch availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating:
    - Version: 2.0

    * (MS00-075)


    http://www.microsoft.com/technet/security/bulletin/ms00-075.mspx
    - Reason for Revision: V2.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see Patch availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating:
    - Version: 2.0

    * (MS00-059)

    http://www.microsoft.com/technet/security/bulletin/ms00-059.mspx
    - Reason for Revision: V2.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see Patch availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating:
    - Version: 2.0

    * (MS00-011)

    http://www.microsoft.com/technet/security/bulletin/ms00-011.mspx
    - Reason for Revision: V3.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see Patch Availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating:
    - Version: 3.0

    * (MS99-045)

    http://www.microsoft.com/technet/security/bulletin/ms99-045.mspx
    - Reason for Revision: V3.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see Patch Availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating:
    - Version: 3.0

    * (MS99-031

    http://www.microsoft.com/technet/security/bulletin/ms99-031.mspx
    Reason for Revision: V3.0 (July 1, 2009): Removed download
    information because Microsoft Java Virtual Machine is no
    longer available for distribution from Microsoft. For more
    information, see New Version Availability.
    - Originally posted:
    - Updated: July 1, 2009
    - Bulletin Severity Rating:
    - Version: 3.0
     
  46. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin Minor Revisions - July 23, 2009

    Title: Microsoft Security Bulletin Minor Revisions
    Issued: July 23, 2009

    Summary

    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS09-032 - Critical
    * MS09-016 - Important

    Bulletin Information:


    * MS09-032 - Critical-
    Reason for Revision: V1.2 (July 23, 2009): Clarified the FAQ
    about Microsoft-specific kill bits contained in this update.
    - Originally posted: July 14, 2009
    - Updated: July 23, 2009
    - Bulletin Severity Rating: Critical
    - Version: 1.2
    http://www.microsoft.com/technet/security/bulletin/ms09-032.mspx


    * MS09-016 - Important

    - Reason for Revision: V1.2 (July 23, 2009): Added a link to
    Microsoft Knowledge Base Article 961759 under Known Issues in
    the Executive Summary.
    - Originally posted: April 14, 2009
    - Updated: July 23, 2009
    - Bulletin Severity Rating: Important
    - Version: 1.2
    http://www.microsoft.com/technet/security/bulletin/ms09-016.mspx
     
  47. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

  48. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory (973811)
    Extended Protection for Authentication
    Published: August 11, 2009

    Version: 1.0

    Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Windows platform. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA).

    The update itself does not directly provide protection against specific attacks such as credential forwarding, but allows applications to opt-in to Extended Protection for Authentication. This advisory briefs developers and system administrators on this new functionality and how it can be deployed to help protect authentication credentials.

    Mitigating Factors:

    • Internet Explorer will never send credentials automatically to servers hosted in the Internet zone. This reduces the risk that credentials can be forwarded by an attacker within this zone.

    • Applications that use session signing and encryption (such as remote procedure call (RPC) with privacy and integrity, or server message block (SMB) with signing enabled) are not affected by credential forwarding.

    http://www.microsoft.com/technet/security/advisory/973811.mspx
     
  49. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Bulletin Minor Revisions - Aug. 12, 2009

    Title: Microsoft Security Bulletin Minor Revisions
    Issued: August 12, 2009


    Summary

    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS09-043 - Critical
    * MS09-042 - Important
    * MS09-039 - Critical
    * MS09-037 - Critical
    * MS09-035 - Moderate

    Bulletin Information:

    * MS09-043 - Critical
    http://www.microsoft.com/technet/security/bulletin/ms09-043.mspx

    * MS09-042 - Important

    http://www.microsoft.com/technet/security/bulletin/ms09-042.mspx

    MS09-037 - Critical

    http://www.microsoft.com/technet/security/bulletin/ms09-037.mspx

    * MS09-035 - Moderate
    http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx
     
  50. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory (975497)

    Microsoft Security Advisory (975497)
    Vulnerabilities in SMB Could Allow Remote Code Execution
    Published: September 08, 2009 | Updated: September 17, 2009


    Revisions
    • V1.0 (September 8, 2009): Advisory published.

    • V1.1 (September 17, 2009): Clarified the FAQ, What is SMBv2? Added a link to Microsoft Knowledge Base Article 975497 to provide an automated Microsoft Fix it solution for the workaround, Disable SMB v2.


    http://www.microsoft.com/technet/security/advisory/975497.mspx
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds