Microsoft Security Bulletin(s) for October 14 2008

NICK ADSL UK · Oct 14, 2008

Microsoft Security Bulletin(s) for October 14 2008

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx

Critical (4 )

Microsoft Security Bulletin MS08-060
Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
http://go.microsoft.com/fwlink/?LinkId=128125

Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)
http://go.microsoft.com/fwlink/?LinkID=128060

Microsoft Security Bulletin MS08-059
Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
http://go.microsoft.com/fwlink/?LinkId=125712

Microsoft Security Bulletin MS08-057
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
http://go.microsoft.com/fwlink/?LinkID=124653

Important (6)

Microsoft Security Bulletin MS08-066
Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
http://go.microsoft.com/fwlink/?LinkId=125709

Microsoft Security Bulletin MS08-061
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx

Microsoft Security Bulletin MS08-062
Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
http://go.microsoft.com/fwlink/?LinkId=120829

Microsoft Security Bulletin MS08-063
Vulnerability in SMB Could Allow Remote Code Execution (957095)
http://go.microsoft.com/fwlink/?LinkID=127994

Microsoft Security Bulletin MS08-064
Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
http://go.microsoft.com/fwlink/?LinkId=128103

Microsoft Security Bulletin MS08-065
Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)
http://www.microsoft.com/technet/security/Bulletin/MS08-065.mspx

Moderate (1)

Microsoft Security Bulletin MS08-056
Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
http://go.microsoft.com/fwlink/?LinkId=128145

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

NICK ADSL UK · Oct 23, 2008

Microsoft out-of-band security bulletin summary for October 2008

Microsoft Security Bulletin Summary for October 2008
Published: October 14, 2008 | Updated: October 23, 2008

Version: 3.0

This bulletin summary lists security bulletins released for October 2008.

With the release of the bulletins for October 2008, this bulletin summary replaces the bulletin advance notification originally issued October 9, 2008. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

Please note that the updates that were posted on october 14 2008 have been either updated or revised with the addition of

Microsoft Security Bulletin MS08-067
Vulnerability in Server Service Could Allow Remote Code Execution (958644)

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

NICK ADSL UK · Oct 27, 2008

Update on MS08-067

Hello everyone,

This is Christopher Budd once again. As I said in my last post, we aren’t done when we release an update. Our response teams are constantly watching the situation around the world to understand as much as possible what’s going on with things like the threat environment and the state of security update deployments.

Based on some of our latest situation reports I wanted to provide you with an update as of this morning. You’ve told us it’s helpful for you to have this information on an ongoing basis.

In terms of the security update itself, we’re seeing strong deployments worldwide. We also have no reports of known issues with the security update at this time.

In terms of the overall threat environment, we’ve not seen any major changes so far. We are aware that people are working to develop reliable public exploit code for the vulnerability. We are aware of discussion about code posted on a public site, but our analysis has shown that code always results in a denial of service, to demonstrate the vulnerability. So far, we’ve not seen evidence of public, reliable exploit code showing code execution.

Additionally, we’re not aware of any broad attacks or new malware seeking to exploit this vulnerability since we’ve released the security update on Thursday. While there have been a couple of reports of a “new worm”, these reports are actually inaccurate: they’re talking about malware we found in our investigation of the original targeted and limited attacks that we talked about in our posting on Thursday. Specifically, these reports are talking about TrojanSpy:Win32/Gimmiv.A and TrojanSpy:Win32/Arpoc.A (which is the specific attack associated with Exploit:Win32/MS08067.gen!A). Both of these are trojans, not self-replicating worms.

While deployments of the updates are happening quickly and relatively smoothly, and the threat environment hasn’t changed significantly since Thursday, we don’t want customers to take that as a sign to decrease their pace of, or even delay, deployments for this update. This is a Critical vulnerability that is being actively attacked, though so far in a limited, targeted fashion. Those were the reasons we released this out-of-band and it is because of this that we continue to urge customers to aggressively test and deploy this update as soon as possible.

In addition, we are not relaxing our vigilance here. Our teams around the world continue to work around the clock, watching for any changes in the threat environment or issues that could impact customers’ ability to deploy these updates. As always, we will let you know through the MSRC weblog of any changes in this situation.

Thanks,

Christopher
Click to expand...

http://blogs.technet.com/msrc/archive/2008/10/26/update-on-ms08-067.aspx

Most common questions that we've been asked regarding MS08-067

http://blogs.technet.com/swi/archiv...that-we-ve-been-asked-regarding-ms08-067.aspx

Log in or Sign up

Microsoft Security Bulletin(s) for October 14 2008

NICK ADSL UK MajorGeeks Forum Administrator Staff Member

NICK ADSL UK MajorGeeks Forum Administrator Staff Member

NICK ADSL UK MajorGeeks Forum Administrator Staff Member