Microsoft Alerts [Archive] - Safer Networking Forums

AplusWebMaster

2008-01-02, 19:54

FYI...

MS Office2003 SP3 disables older file formats
- http://it.slashdot.org/it/08/01/01/137257.shtml
January 02, 2008 - "In Service Pack 3 for Office 2003, Microsoft disabled support for many older file formats. If you have old Word, Excel, 1-2-3, Quattro, or Corel Draw documents, watch out! They did this because the old formats are 'less secure', which actually makes some sense, but only if you got the files from some untrustworthy source. Naturally, they did this by default, and then documented a mind-bogglingly complex workaround (KB 938810*) rather than providing a user interface for adjusting it, or even a set of awkward 'Do you really want to do this?' dialog boxes to click through. And of course because these are, after all, old file formats ... many users will encounter the problem only months or years after the software change, while groping around in dusty and now-inaccessible archives."
* http://support.microsoft.com/kb/938810/en-us
Last Review: December 6, 2007
Revision: 2.0

:nono::crazy:
------------------------------

- http://preview.tinyurl.com/2h5md8
January 05, 2008 (Computerworld) - "Microsoft Corp. apologized to a software rival yesterday for saying its file format posed a security risk and issued new tools to let users of Office 2003 SP3 unblock a host of barred file types. In a posting to his own blog*, David LeBlanc, a senior software development engineer with the Microsoft Office team, admitted the company's mistake in blaming insecure file formats, including the one used by CorelDraw... The revised support document** lists four downloads that users can run to unblock Word, Excel, PowerPoint and Corel files... "We'll try harder to make enabling older formats much more user-friendly in the future," he said."

* http://blogs.msdn.com/david_leblanc/archive/2008/01/04/office-sp3-and-file-formats.aspx
"...The .reg files you can use to change the security settings can be downloaded here..."

** http://support.microsoft.com/kb/938810/en-us
Last Review: January 4, 2008
Revision: 3.0
------------------------------
- http://preview.tinyurl.com/2gkwxt
January 10, 2008 (Computerworld) - "Microsoft Corp. will not post new tools that would allow users of Office 2007 to access blocked file formats, as it has done for customers running Office 2003 Service Pack 3 (SP3). It cited a lack of interest in such tools and said existing work-arounds accomplish the same thing... the Office Web site* explains how to set up a "trusted location," a special folder on a local or network drive. Files in a trusted folder aren't checked by Office 2007's security tools before opening, and thus the older file formats open normally..."
* http://office.microsoft.com/en-us/help/HA100319991033.aspx

:clown:

AplusWebMaster

2008-02-22, 15:15

FYI...

Vista SP1 Blocks AV Programs
- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206801120
Feb. 21, 2008 - "A major update to Microsoft's Windows Vista operating system could leave computers vulnerable to hackers and malware as the service pack prevents several widely used antivirus programs from operating, the company said. The list of security products that Windows Vista Service Pack 1 blocks includes Zone Alarm Security Suite 7.1, Trend Micro Internet Security 2008, and BitDefender 10. It also blocks the 2008 version of the Jiangmin antivirus product. Microsoft said the blocks occur because the antivirus programs are not compatible with Vista SP1. "For reliability reasons, Microsoft blocks these programs from starting after you install Windows Vista SP1," the company said in a statement posted Wednesday on its support Web site*..."
* http://support.microsoft.com/kb/935796
Last Review: February 22, 2008
Revision: 3.0

:lip:

AplusWebMaster

2008-03-04, 13:58

FYI...

Vista SP1 Survival Guide
- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=205917537
March 4, 2008

.

AplusWebMaster

2008-03-21, 13:18

FYI...

Vista SP1 Chokes On Widely Used Intel Chipset Drivers
- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206904946
March 20, 2008 - "PCs from Hewlett-Packard, Gateway, Lenovo, and other major computer makers that contain a widely used Intel chipset can't be upgraded to Windows Vista Service Pack 1 if they're running certain drivers. Microsoft has said that Vista SP1 won't work with "a small number of device drivers." The list, however, includes drivers for an Intel chipset that's found in thousands of PCs and laptops. The affected chipset is Intel's 945G Express series, which is used in computers from virtually all major system vendors. It's also found on standalone motherboards sold by Asus. The 945G Express chipset driver versions between numbers 7.14.10.1322 and 7.14.10.1403 won't work with Vista SP1, according to Microsoft. Chipsets provide a connection point for all key subsystems within a PC. The 945G Express chipset includes Intel's GMA 950 graphics core, which also won't work with Vista SP1 if those drivers are used. Microsoft is urging Vista users to update all of their hardware to the latest drivers before even attempting to install SP1... The service pack also won't work with computers that use certain, widely-deployed audio drivers from Realtek and certain drivers for security devices manufactured by Symantec. Microsoft has published a full list of drivers that are incompatible with the service pack*. Meanwhile, Microsoft is continuing to receive reports from computer users who say Vista SP1 is wreaking havoc on their systems..."
* http://support.microsoft.com/?kbid=948343#method5
Last Review: March 20, 2008
Revision: 3.0

('Shades of the XPSP2 installs... 'Like Yogi said, "It's deja vu all over again"...)

:fear:

AplusWebMaster

2008-04-24, 17:34

FYI...

- http://preview.tinyurl.com/5vu4aw
April 23, 2008 (Infoworld) -"...Vista Service Pack 1 will download automatically to PCs that have the automatic update feature of the OS turned on, the company said. Previously, Vista was available to customers via Windows Update, but people had to specifically download it. Not all customers will receive SP1 immediately via Automatic Update, however. The company is distributing it in phases to "ensure a seamless download experience," Microsoft said. A timeline for when all customers would receive Vista SP1 via Automatic Update was not immediately available..."

- http://support.microsoft.com/?kbid=948343
Last Review: April 23, 2008
Revision: 7.0...

AplusWebMaster

2008-04-29, 21:16

FYI...

- http://isc.sans.org/diary.html?storyid=4358
Last Updated: 2008-04-29 17:03:11 UTC - "...the Windows Service Pack blocker tool can now block the following service packs from installation...
* Windows XP Service Pack 3 (valid for 12 months following general availability)
* Windows Vista Service Pack 1 (valid for 12 months following general availability)
So, if you want to prevent your machines from automatic updates (provided you don't use WSUS), you can download this handy tool from here*..."
* http://preview.tinyurl.com/2uryvq
Windows Service Pack Blocker Tool Kit
Quick Details
File Name: SPBlockerTools.EXE
Version: SPBlockerToolKit
Date Published: 12/6/2007
Language: English
Download Size: 96 KB

:spider:

AplusWebMaster

2008-05-06, 14:58

FYI...

Windows Vista SP1 Disaster Recovery Guide
- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207402843
May 6, 2008

.

AplusWebMaster

2008-05-06, 23:48

FYI...

- http://isc.sans.org/diary.html?storyid=4387
Last Updated: 2008-05-06 20:10:06 UTC - "Microsoft, it appears, has just released Windows XP Service Pack 3*. For the most part, it is a bundle of all the updates since Service Pack 2, but there are some key differences.
First, the big gotcha:
- If you are an IE 6 user, SP3 will simply updated your IE 6 installation. You will continue to be able to upgrade to IE 7 as an option.
- If you are an IE 7 user, it will update your IE 7 installation. HOWEVER, you will NOT be able to go back to IE 6 after applying this service back.
- If you are an IE 8 (beta) user, you will need to uninstall IE 8, apply the service pack, and then reinstall IE 8.
This link** has a list of all the Knowledge Base articles that this service pack addresses. Some of the bigger notes is that it does retrofit some of the Vista functionality into XP, namely in the area of Network Access Protection, Black Hole Router Detection, enhanced security for administrator and service policy entries (basically some better default settings) and a kernel mode crypto driver. Additionally, some of the "optional" updates released since SP2 will be installed with SP3 (MMC 3.0, MXSXML6, WPA2 support, etc). The good news is that TechNet provides installation media that can be used to slipstream install the service pack so workstations can be updated off the net."

Windows XP SP3 Network Installation Package for IT Professionals and Developers
* http://preview.tinyurl.com/6k9zo3
316.4 MB
"...Note: Customers running Microsoft Dynamics Retail Management System (RMS) are advised to install a hotfix for a Microsoft Dynamics RMS issue -prior- to installing Windows XP SP3. http://support.microsoft.com/kb/951937
DO NOT CLICK DOWNLOAD IF YOU ARE UPDATING JUST ONE COMPUTER: A smaller, more appropriate download is now available on Windows Update..."

Release notes for Windows XP Service Pack 3
** http://support.microsoft.com/kb/936929
Last Review: May 6, 2008
Revision: 5.0...

:fear:

AplusWebMaster

2008-05-09, 13:52

FYI...

XP SP3 crashes AMD machines
- http://www.theinquirer.net/gb/inquirer/news/2008/05/09/xp-sp3-crashes-amd-machines
9 May 2008 - "...Windows XP, Service Pack 3, is giving owners of machines with AMD hardware headaches aplenty it seems. The problems, which first arose just one day after the push, have been causing lots of noise on Microsoft support sites and angry user bogs. One user reported, "I just installed Windows XP SP3 and after completing the processes and when the system reboots, the system cannot proceed to load the Windows. It just displays the flash screen of Windows then after it reboots again." Angry users have also reported that, after the installation, it is not even possible to boot in safe mode, usually the last resort before setting up a repeated forehead/screen interface... there appears to be two separate problems. One affects only AMD-equipped PCs sold by Hewlett-Packard. "The problem is that HP, apparently along with other OEMs, deploys the same image to Intel-based computers that they do to AMD-based computers," said Johansson. "Because the image for both Intel and AMD is the same all have the intelppm.sys driver installed and running. That driver provides power management on Intel-based computers. On an AMD-based computer, amdk8.sys provides the same functionality." There's a whole bunch of other info and some useful fixes for those of you stuck in the dreaded loop of death over on Jesper's Bog*."
* http://preview.tinyurl.com/6zs52d
(MSinfluentials.com/blogs/jesper)

:sad::trample::thud:

AplusWebMaster

2008-05-20, 15:10

HP - AMD - XPSP3...

XP SP3 Upgrade Utility for systems with AMD processors
- http://preview.tinyurl.com/4g2b6y
Release Date: 2008-05-14 - Version: 1.0 (HP Customer Care)
Description: Microsoft Windows XP SP3 Upgrade Utility prevents continuous system restarts or "Stop: 0x0000007E" errors after upgrading to Windows XP SP3 on systems with AMD processors.
Fixes: Prevents a condition from occurring that causes continuous system restarts or "Stop: 0x0000007E" errors after upgrading to Microsoft Windows XP Service Pack 3 on systems with an AMD processor.
Example: "A problem has been detected and Windows has been shut down to prevent damage to your computer..."

Download: sp37394.exe (1.85M)

.

AplusWebMaster

2008-05-21, 16:35

FYI...

XPSP3 chokes on ISP versions of IE7
- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207801330
May 20, 2008 - "Private label versions of Microsoft's Internet Explorer 7 browser, including those provided to customers by Internet Service Providers Comcast and Qwest, are prone to crash during installation on computers running Windows XP SP3 because they tend to be outdated, Microsoft is warning. The problem generally occurs when a so-called "branded" version of IE7 is installed for the first time on a computer that's running XP SP3, said Microsoft program manager Jane Maliouta, in a blog post*. "The reason is that the IE7 package you are trying to install uses old IE7 files," said Maliouta. The trouble? Some ISPs are still distributing versions of IE7 that don't contain updates designed to make the browser compatible with Windows XP SP3. Specifically, XP3 runs a version of an essential dynamic-link library file called XMLLite.dll that's not compatible with versions of IE7 released prior to October..."
* http://preview.tinyurl.com/6rwwf8
May 12, 2008 (blogs.msdn.com)

:fear:

AplusWebMaster

2008-05-29, 17:20

FYI...

- http://windowssecrets.com/comp/080529#patch0
2008-05-29 - "Antivirus software from Symantec Corp. may cause the installation of Service Pack 3 for XP to corrupt the Windows Registry by adding unnecessary keys.
Symantec advises users to disable the SymProtect security feature of its products before applying XP SP3.
A Registry fix is needed by the latest XP patch..."

(More detail at the URL above.)

:fear:

AplusWebMaster

2008-06-06, 13:20

FYI...

PCpitstop XPSP3 review:
- http://preview.tinyurl.com/4y7zqc
May 25, 2008 - Windows XP SP3 Issues and Fixes Continued

:sad:

AplusWebMaster

2008-06-20, 13:22

FYI...

MS08-030 - new patch, for XPSP2 & XPSP3
- http://isc.sans.org/diary.html?storyid=4600
Last Updated: 2008-06-20 01:20:41 UTC - "Microsoft issued a new patch, for XPSP2 & XPSP3, for MS08-030*: Vulnerability in Bluetooth stack could allow remote code execution. "Customers who are running Windows XP Service Pack 2 and Windows XP Service Pack 3 should download and deploy this new security update. Customers running Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 and all supported versions of Windows Vista who have already applied these original security updates do not need to take any further action"... The Technet Security Vulnerability Research & Defense blog** on the vulnerability was "MS08-030: All bark and no bite? The case of the Bluetooth update".
Related update- KB KB951376 Security Update for Windows XP:
http://support.microsoft.com/kb/951376/en-us ..."
Last Review: June 19, 2008
Revision: 2.0

* http://www.microsoft.com/technet/security/bulletin/ms08-030.mspx
Revisions:
• V1.0 (June 10, 2008): Bulletin published.
• V2.0 (June 19, 2008): Added "Why was this security update reoffered on June 19, 2008?" entry to the Update FAQ to advise customers running Windows XP Service Pack 2 and Windows XP Service Pack 3 that a revised version of the security update is available.
"...Customers who are running Windows XP Service Pack 2 and Windows XP Service Pack 3 should download and deploy this new security update..."

** http://preview.tinyurl.com/67t4uw
(blogs.technet.com)

:fear:

AplusWebMaster

2008-06-25, 14:59

FYI...

Microsoft Security Advisory (954462)
Rise in SQL Injection Attacks Exploiting Unverified User Data Input
- http://www.microsoft.com/technet/security/advisory/954462.mspx
June 24, 2008 - "Microsoft is aware of a recent escalation in a class of attacks targeting Web sites that use Microsoft ASP and ASP.NET technologies but do not follow best practices for secure Web application development. These SQL injection attacks do not exploit a specific software vulnerability, but instead target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. When a SQL injection attack succeeds, an attacker can compromise data stored in these databases and possibly execute remote code. Clients browsing to a compromised server could be forwarded unknowingly to malicious sites that may install malware on the client machine.
Mitigating Factors:
This vulnerability is not exploitable in Web applications that follow generally accepted best practices for secure Web application development by verifying user data input...
(See) Suggested Actions..."
• Detection – HP Scrawlr - http://preview.tinyurl.com/4qkk6g ...
• Defense – UrlScan - http://learn.iis.net/page.aspx/473/using-urlscan
• Identifying - Source Code Analyzer for SQL Injection - http://support.microsoft.com/kb/954476
• Additional Info...

Microsoft SQL Injection Prevention Strategy
- http://isc.sans.org/diary.html?storyid=4621
Last Updated: 2008-06-24 22:17:41 UTC - "...Microsoft recommends three approaches to help mitigate SQL Injection.
• Runtime scanning...
• URLScan...
• Code Scanning..."

- http://atlas.arbor.net/briefs/index#361782669
June 25, 2008 - "Microsoft today released security tools to help customers deal with SQL Injection Attacks. UrlScan, Microsoft Source Code Analyzer for SQL Injection and Scrawlr can be used by customers to check for SQL Injection issues in their applications.
Analysis: The release of these tools comes in a time when SQL injection is increasingly exploited. UrlScan is used to restrict HTTP requests that IIS will process."
* http://preview.tinyurl.com/5t2sbh
(blogs.technet.com)

:fear:

AplusWebMaster

2008-06-29, 14:24

FYI...

Device Manager may not show any devices and Network Connections may not show any network connections after you install Windows XP Service Pack 3 (SP3)
- http://support.microsoft.com/?kbid=953979
Last Review: June 25, 2008
Revision: -4.2-
SYMPTOMS:
After you install Windows XP Service Pack 3 (SP3), Device Manager may not show any devices and Network Connections may not show any network connections.
This problem may occur when an antivirus application is running during the installation of Windows XP SP3.
CAUSE
This problem occurs when the Fixccs.exe process is called during the Windows XP SP3 installation. This process creates some intermediate registry subkeys, and it later deletes these subkeys. In some cases, some antivirus applications may not let the Fixccs.exe process delete these intermediate registry subkeys.
When this problem occurs, certain applications, such as Device Manager and Network Connections, may be unable to enumerate the device or the connection instances. These applications will report a blank status even though devices and connections still function as expected.
RESOLUTION
Hotfix information:
The following file is available for download from the Microsoft Download Center:
Download the Update for Windows XP (KB953979) package now:
- http://preview.tinyurl.com/3jgjap
File Name: WindowsXP-KB953979-x86-ENU.exe
Download Size: 64 KB...
Prerequisites:
To use this hotfix, you must have Windows XP Service Pack 3 installed on the computer...
Restart requirement:
To apply this hotfix, you must restart the computer in Safe Mode..."

Steps to take -before- you install Windows XP Service Pack 3
- http://support.microsoft.com/kb/950717/
Last Review: May 21, 2008 - Revision: 3.0 - "...Important
• If the configuration of your antivirus software prevents certain system files from being changed, the Windows XP SP3 installation may fail. Try temporarily disabling your antivirus software. To do this, right-click your antivirus program icon, and then click Disable. This icon typically appears in the lower right corner of the computer screen.
• If you disable your antivirus software before you install Windows XP SP3, make sure that you know the risks that are involved, and make sure that you enable the antivirus software after Windows XP SP3 is installed..."

:fear:

AplusWebMaster

2008-07-01, 13:52

FYI...

Microsoft Security Advisory (954960)
Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates
- http://www.microsoft.com/technet/security/advisory/954960.mspx
June 30, 2008 - "Microsoft is investigating public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft is aware of reports from customers who are experiencing this issue. Upon completing the investigation, Microsoft will take appropriate action to resolve the issue within Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1.

Note: The issue affecting System Center Configuration Manager 2007 first described in Microsoft Security Advisory 954474, where System Center Configuration Manager 2007 systems were blocked from deploying security updates, is separate from the issue described in this advisory.
Mitigating Factors:
• This issue is limited to customers who deploy updates through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1, and have Microsoft Office 2003 installed in their environments..."

- http://preview.tinyurl.com/6xdp79
June 30, 2008 (MSRC blog)

:fear::spider:

AplusWebMaster

2008-07-08, 00:15

FYI...

Microsoft Security Advisory (955179)
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
- http://www.microsoft.com/TechNet/security/advisory/955179.mspx
July 7, 2008 - "Microsoft is investigating active, targeted attacks leveraging a potential vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. The ActiveX control for the Snapshot Viewer for Microsoft Access enables you to view an Access report snapshot without having the standard or run-time versions of Microsoft Office Access. The vulnerability only affects the ActiveX control for the Snapshot Viewer for Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003. The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007. The ActiveX control is also shipped with the standalone Snapshot Viewer...
Suggested Actions / Workarounds:
Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, this is stated in the entry.
• Prevent COM objects from running in Internet Explorer
You can disable attempts to instantiate a COM object in Internet Explorer by setting the kill bit for the control in the registry..."

(Kill bit listings shown in the advisory at the URL above.)

:fear:

AplusWebMaster

2008-07-08, 22:00

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-jul.mspx
July 8, 2008 - "This bulletin summary lists security bulletins released for July 2008...

Important (4)

Microsoft Security Bulletin MS08-040
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
- http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows, Microsoft SQL Server...

Microsoft Security Bulletin MS08-038
Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
- http://www.microsoft.com/technet/security/bulletin/ms08-038.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-037
Vulnerabilities in DNS Could Allow Spoofing (953230)
- http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Spoofing...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-039
Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
- http://www.microsoft.com/technet/security/bulletin/ms08-039.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows...

-
ISC Analysis
- http://isc.sans.org/diary.html?storyid=4684
Last Updated: 2008-07-08 18:22:23 UTC
---

MS08-038 exploit/fix available
- http://isc.sans.org/diary.html?storyid=4684
Last Updated: 2008-07-08 18:22:23 UTC
"...MS08-038 - Multiple vulnerabilities in Windows explorer allow code execution with the rights of the logged on user... Publicly disclosed... CVE-2008-0951* is a well known vulnerability: CERT VU#889747** (march 2008)..."
- http://www.microsoft.com/technet/security/bulletin/ms08-038.mspx
July 8, 2008
* http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0951
Last revised: 3/25/2008
** http://www.kb.cert.org/vuls/id/889747
First Published 03/20/2008
---
Updated / CVE references:
- http://isc.sans.org/diary.html?storyid=4684
Last Updated: 2008-07-09 08:21:40 UTC ...(Version: 3)
MS08-037: Windows DNS
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1454
MS08-038: Windows explorer / Vista
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1435
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0951
MS08-039: Exchange server
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2247
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2248
MS08-040: SQL server
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0085
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0086
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0106
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0107

//

:fear:

AplusWebMaster

2008-07-09, 05:55

FYI... updated:

- http://isc.sans.org/diary.html?storyid=4684
Last Updated: 2008-07-09 08:21:40 UTC ...(Version: 3)
"...MS08-037 - Windows DNS ...ZoneAlarm users report* trouble with their firewall set to "high" for the Internet zone..."

Update - Important! - see: http://forums.spybot.info/showpost.php?p=211128&postcount=78 -prior- to MS08-037 install.

** http://support.microsoft.com/?kbid=951748
MS08-037 ...Windows XP... (client side)

//

AplusWebMaster

2008-07-09, 22:54

FYI...

- http://www.theinquirer.net/gb/inquirer/news/2008/07/09/windows-xp-sp3-automatic
9 July 2008 - "AS ANNOUNCED previously by Microsoft, automatic updates for Windows XP SP3 will be launched Wednesday, July 10 2008, starting at 10:00 am Pacific Time. For most Windows XP users who haven't already manually downloaded and applied SP3, the automatic update process should work properly. After all, Microsoft has had almost three months to test, tweak and polish it since it was first released. Microsoft's Automatic Updates process should know about and scan for configurations that are problematic, and prevent the Windows XP SP3 update installation process from proceeding if it detects a troublesome situation. However, if there's any hiccough in the automatic update process, your computer could become unusable. Therefore, certain technical advisors recommend using Microsoft's Automatic Updates facility only to provide notification that the update is available, then applying it manually. They caution that you should also take care to follow Microsoft's service pack pre-installation instructions, including:
* Disable antivirus programs,
* Make sure no other applications are running,
* Have your system plugged in during the update, that is, not on battery power, and
* Make sure that you have sufficient free space available on your system's hard disk.
You can make certain that the Windows Automatic Update facility doesn't attempt to, er... automatically update your system by using Microsoft's Windows Service Pack Blocker Tool Kit, and that's available here: http://preview.tinyurl.com/2tadkt
Should you find that Windows XP SP3 causes problems on your system, instructions on how to remove it are available here: http://www.iaps.com/blog/2008/07/how-to-remove-windows-xp-service-pack-3.html ..."

//

AplusWebMaster

2008-07-11, 05:54

FYI...

- http://blogs.technet.com/msrc/archive/2008/07/10/revision-for-ms08-037.aspx
July 10, 2008 (MSRC) - "...After the release of MS08-037, we became aware of reports of ZoneAlarm customers experiencing issues after applying the security updates. We started investigating these reports as soon as we heard about them and have been working to research this issue. We’re still working on this issue but we do have some information from our investigation so far, which we’ve put into the bulletin. Specifically, we’ve identified that customers who are running either ZoneAlarm or Check Point Endpoint Security (previously named Check Point Integrity) who apply MS08-037 may lose network connectivity after applying these updates. Our investigation so far has shown that no other customers are affected by this issue. We’re still investigating this issue but we encourage customers who are using ZoneAlarm to review the appropriate ZoneAlarm Web site** and Check Point Endpoint customers to review the appropriate Check Point Web site*** for the latest guidance or software updates and factor this information into your risk assessment, testing, and deployment planning..."

* http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx
• V2.0 (July 10, 2008): Bulletin revised to inform users of ZoneAlarm and Check Point Endpoint Security of an Internet connectivity issue detailed in the section, Frequently Asked Questions (FAQ) Related to this Security Update. The revision did -not- change the security update files in this bulletin, but users of ZoneAlarm and Check Point Endpoint Security should read the FAQ entries for guidance.

** http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html
Last Revised : 14 July 2008

*** https://supportcenter.checkpoint.com/supportcenter/index.jsp

//

AplusWebMaster

2008-08-02, 04:12

FYI...

- http://securitylabs.websense.com/content/Blogs/3148.aspx
08.01.2008 - "...We've been closely monitoring this exploit since its release, and are now tracking several hundred occurrences in the wild, found mostly in China. There is currently no patch available, but Microsoft has several workarounds listed in their advisory. We recommend setting the killbit for this ActiveX control on all workstations where it is installed.
Vulnerable ActiveX CLSIDs:
* F0E42D50-368C-11D0-AD81-00A0C90DC8D9
* F0E42D60-368C-11D0-AD81-00A0C90DC8D9
* F2175210-368C-11D0-AD81-00A0C90DC8D9
This vulnerability is a simple design flaw, and does not require any complicated exploit code. Attackers are able to compromise remote systems simply by calling methods provided by the Snapshot Viewer ActiveX control. This is very similar to the November 9, 2005 ADODB.Stream vulnerability, which was widely taken advantage of because it was easy to exploit. Luckily, the vulnerable ActiveX control does NOT appear in a default Microsoft Windows installation. It does appear, however, to be included by default with Microsoft Office 2000 - 2003."

- http://www.symantec.com/security_response/threatconlearn.jsp
"The ThreatCon is at level 2. On August 1, 2008, a new attack vector for the Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download Vulnerability (BID 30114) was identified being exploited in the wild. This vulnerability is currently unpatched. Microsoft Access ActiveX Control Arbitrary File Download Vulnerability ( http://www.securityfocus.com/bid/30114 ) Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access ( http://www.microsoft.com/technet/security/advisory/955179.mspx ) The new attack vector allows an attacker to install a vulnerable version of the ActiveX control on target systems that did not originally contain the associated software. This is possible because the control is digitally signed and marked safe for scripting by Microsoft. This is known to affect users of Internet Explorer 6. Note that Internet Explorer 7 requires user interaction to confirm the installation of the ActiveX control. As a result of this discovery, we urge all Microsoft Windows users, even those whose systems do not currently have the vulnerable control installed, to set the kill bit on the three CLSIDs associated with Snapshot Viewer.
F0E42D50-368C-11D0-AD81-00A0C90DC8D9
F0E42D60-368C-11D0-AD81-00A0C90DC8D9
F2175210-368C-11D0-AD81-00A0C90DC8D9
For instructions on how to set the kill bit on an ActiveX control, please see the following article: Microsoft Knowledge Base Article 240797 (Microsoft) Microsoft ( http://support.microsoft.com/kb/240797 )."

:fear:

AplusWebMaster

2008-08-12, 23:46

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-aug.mspx
August 12, 2008 - "This bulletin summary lists security bulletins released for August 2008..." (Total 11)

Critical (6)

Microsoft Security Bulletin MS08-046
Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)
- http://www.microsoft.com/technet/security/bulletin/MS08-046.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)
- http://www.microsoft.com/technet/security/bulletin/MS08-045.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer...

Microsoft Security Bulletin MS08-041
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
- http://www.microsoft.com/technet/security/bulletin/MS08-041.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-043
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
- http://www.microsoft.com/technet/security/bulletin/MS08-043.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-051
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)
- http://www.microsoft.com/technet/security/bulletin/MS08-051.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-044
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)
- http://www.microsoft.com/technet/security/bulletin/MS08-044.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Important (5)

Microsoft Security Bulletin MS08-047
Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)
- http://www.microsoft.com/technet/security/bulletin/MS08-047.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-049
Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
- http://www.microsoft.com/technet/security/bulletin/MS08-049.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-048
Security Update for Outlook Express and Windows Mail (951066)
- http://www.microsoft.com/technet/security/bulletin/MS08-048.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Windows, Outlook Express, Windows Mail...

Microsoft Security Bulletin MS08-050
Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)
- http://www.microsoft.com/technet/security/bulletin/MS08-050.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Windows, Windows Messenger...

Microsoft Security Bulletin MS08-042
Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)
- http://www.microsoft.com/technet/security/bulletin/MS08-042.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

---

ISC Analysis
- http://isc.sans.org/diary.html?storyid=4876
Last Updated: 2008-08-12 19:06:35 UTC

---
Revised (4):

Microsoft Security Bulletin MS08-022 – Critical
Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
- http://www.microsoft.com/technet/security/Bulletin/MS08-022.mspx
• V2.0 (August 12, 2008): Added known issues link. Also added an entry to the section, Frequently Asked Questions (FAQ) Related to this Security Update, about the known issues and solutions. The solutions include a deployment change for this security update for one issue and a workaround for another. Customers who have successfully updated their systems do not need to reinstall this update.

Microsoft Security Bulletin MS08-033 – Critical
Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
- http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx
• V2.1 (August 12, 2008): Added known issues link. Also added an entry to the section, Frequently Asked Questions (FAQ) Related to this Security Update, about the known issues and solutions. The solutions include a change to Microsoft Baseline Security Analyzer (MBSA) 2.1 to correctly detect this update.

Microsoft Security Bulletin MS07-047 - Important
Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)
- http://www.microsoft.com/technet/security/Bulletin/MS07-047.mspx
• V2.0 (August 12, 2008): Added Windows XP Service Pack 3 as affected software. This is a detection change only; there were no changes to the binaries. Customers who have successfully updated their systems do not need to reinstall this update.

Microsoft Security Bulletin MS08-040 – Important
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
- http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx
• V1.6 (August 12, 2008): Added entry to the Frequently Asked Questions (FAQ) Related to this Security Update to communicate a change in the installation code for the security update for SQL Server 2005 Service Pack 2. This is an installation code change only. There were no changes to the security update binaries.

//

AplusWebMaster

2008-08-13, 15:44

FYI...

Microsoft Security Advisory (953839)
Cumulative Security Update of -ActiveX- Kill Bits
- http://www.microsoft.com/technet/security/advisory/953839.mspx
August 12, 2008 - "Microsoft is releasing a new set of ActiveX kill bits with this advisory. The update includes kill bits for the following third-party software:
• Aurigma Image Uploader. Aurigma has issued an advisory and an update that addresses vulnerabilities...
http://blogs.aurigma.com/post/2008/03/Official-security-bulletin.aspx ...
• HP Instant Support. HP has issued an advisory and an update that addresses vulnerabilities. Please see the advisory from HP for more information...
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01422264 ...
...Customers who are interested in learning more about this update should review Microsoft Knowledge Base Article 953839
- http://support.microsoft.com/kb/953839
August 12, 2008

- http://www.microsoft.com/technet/security/advisory/953839.mspx
• August 13, 2008: Updated to include links to HP’s Advisories
"...HP has issued -2- advisories..."
* http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01422264
** http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01439758

:fear:

AplusWebMaster

2008-08-22, 13:50

FYI...

MS08-051 V2.0 Patch issued August 20, 2008
- http://isc.sans.org/diary.html?storyid=4918
Last Updated: 2008-08-22 00:30:51 UTC - "Microsoft has posted new update packages, labeled Version 2, for Microsoft Office PowerPoint 2003 Service Pack 2 and Microsoft Office PowerPoint 2003 Service Pack 3" described in MS08-051*, Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution... Others should check with their patch management vendors. The original patch "contained incorrect versions of the binaries. While these versions did protect against the vulnerabilities discussed in the bulletin, they lacked other important security and reliability updates..."

* http://www.microsoft.com/technet/security/bulletin/ms08-051.mspx
• V2.0 (August 20, 2008): ...Customers who manually installed Version 1 of this update from Microsoft Download Center need to reinstall Version 2 of this update. Customers who have installed this update using Microsoft Update or Office Update do not need to reinstall..."

:fear:

AplusWebMaster

2008-09-09, 03:08

FYI...

Gotcha: IE8 Lock-In With XP SP3
- http://www.wservernews.com/?id=690
Sep 1, 2008 - "...Redmond on its IE blog* warned XP SP3 users that in some circumstances they will not be able to uninstall either SP3 or IE8. This heads-up was similar to an earlier warning in May, when XP SP3 had just been released. Redmond said then that you wouldn't be able to downgrade from IE7 to the older IE6 browser without uninstalling SP3. Jane Maliouta, an IE program manager, gave specifics about this new gotcha, which impacts you when you downloaded and installed IE8 Beta 1 prior to updating XP to SP3. If you then upgrade IE8 to Beta 2, which Redmond unveiled on the 28th, you will be stuck with both IE8 and Windows XP SP3. You will get a warning dialog:
"If you continue, XP SP3 and IE8 Beta 2 will become permanent, you will still be able to upgrade to later IE8 builds as they become available, but you won't be able to uninstall them."
So how to get around this lock-in? First uninstall XP SP3, then uninstall IE8 Beta 1; then reinstall XP SP3 and follow that by installing IE8 Beta 2. Dang, that's a hassle..."
* http://blogs.msdn.com/ie/archive/2008/08/27/upgrading-to-internet-explorer-8-beta-2.aspx

:thud: :fear:

AplusWebMaster

2008-09-09, 22:27

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-sep.mspx
September 9, 2008 - "The security bulletins for this month are as follows, in order of severity: (Total of -4-)

Critical (4)

Microsoft Security Bulletin MS08-054
Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
- http://www.microsoft.com/technet/security/Bulletin/ms08-054.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-052
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
- http://www.microsoft.com/technet/security/Bulletin/ms08-052.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, Visual Studio...

Microsoft Security Bulletin MS08-053
Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
- http://www.microsoft.com/technet/security/Bulletin/ms08-053.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-055
Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)
- http://www.microsoft.com/technet/security/Bulletin/ms08-055.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

---
ISC Analysis:
- http://isc.sans.org/diary.html?storyid=5009
Last Updated: 2008-09-09 17:46:41 UTC

- http://blogs.technet.com/swi/
Sep. 9, 2008

---
MS08-052
- http://secunia.com/advisories/31675/

MS08-053
- http://secunia.com/advisories/31724/

MS08-054
- http://secunia.com/advisories/31726/

MS08-055
- http://secunia.com/advisories/31744/

---
Revisions...

MS08-052:
- http://www.microsoft.com/technet/security/Bulletin/ms08-052.mspx
• V2.0 (September 12, 2008): Bulletin updated to add Microsoft Office Project 2002 Service Pack 2, all Office Viewer software for Microsoft Office 2003, and all Office Viewer software for 2007 Microsoft Office System as Affected Software...

MS08-053:
- http://www.microsoft.com/technet/security/Bulletin/ms08-053.mspx
• V1.1 (September 10, 2008): Corrected the "Installing without user intervention" and "Installing without restarting" switches in the Security Update Deployment sections for Windows Vista and Windows Server 2008. Also changed "C:\Program Files" to "%programfiles%" in the Workarounds for Windows Media Encoder Buffer Overrun Vulnerability - CVE-2008-3008 commands.

MS08-054:
- http://www.microsoft.com/technet/security/Bulletin/ms08-054.mspx
• V1.1 (September 10, 2008): Removed erroneous entry from Mitigating Factors for Windows Media Player Sampling Rate Vulnerability - CVE-2008-2253.

MS08-055:
- http://www.microsoft.com/technet/security/Bulletin/ms08-055.mspx
• V1.1 (September 10, 2008): Corrected the installation switches and deployment information for OneNote 2007, and added to the list of non-affected software. Also, updated FAQ entries explaining why this update is offered to systems with non-affected software.

:-(

AplusWebMaster

2008-09-19, 16:54

FYI...

- http://www.symantec.com/security_response/threatconlearn.jsp
Sep. 19, 2008 - "The ThreatCon is currently at Level 1. Symantec is currently monitoring in-the-wild attacks leveraging the recently patched Windows Media Player ActiveX vulnerability associated with MS08-053. On September 15, 2008, the DeepSight honeynet observed active exploitation of this flaw as part of a web exploit kit. Successful exploitation of this, or any of the other targeted vulnerabilities, will install malicious code on victim computers. For details on the vulnerability, see the following: Microsoft Windows Media Encoder 9 'wmex.dll' ActiveX Control Remote Buffer Overflow Vulnerability ( http://www.securityfocus.com/bid/31065 ) We strongly urge all users to apply the patches made available in the MS08-053 security bulletin immediately. Those who cannot do so should set the kill bit on the associated CLSID (A8D3AD02-7508-4004-B2E9-AD33F087F43C) until patches can be applied. For more information and patches, see the Microsoft bulletin: Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution ( http://www.microsoft.com/technet/security/bulletin/MS08-053.mspx ) ."

:fear:

AplusWebMaster

2008-10-10, 08:05

FYI...

Microsoft Security Advisory (951306)
Vulnerability in Windows Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/951306.mspx
Published: April 17, 2008 | Updated: October 9, 2008
"Microsoft is investigating new public reports of a vulnerability which could allow elevation of privilege from authenticated user to LocalSystem, affecting Windows XP Professional Service Pack 2, Windows XP Professional Service Pack 3, and all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008. Customers who allow user-provided code to run in an authenticated context, such as within Internet Information Services (IIS) and SQL Server, should review this advisory. Hosting providers may be at increased risk from this elevation of privilege vulnerability.
Microsoft is aware that exploit code has been published on the Internet for the vulnerability addressed by this advisory. Our investigation of this exploit code has verified that it does not affect customers who have applied the workarounds listed...
Revisions:
• April 17, 2008: Advisory published
• April 23, 2008: Added clarification to impact of workaround for IIS 6.0
• August 27, 2008: Added Windows XP Professional Service Pack 3 as affected software.
• October 9, 2008: Added information regarding the public availability of exploit code...

:fear:

AplusWebMaster

2008-10-14, 15:24

FYI...

MS e-mail spoofs with malware
- http://blogs.technet.com/msrc/archive/2008/10/13/microsoft-security-e-mail-spoofs-with-malware.aspx
October 13, 2008 - "... While malicious e-mails posing as Microsoft security notifications with attached malware aren’t new (we’ve seen this problem for several years) this particular one is a bit different in that it claims to be signed by our own Steve Lipner and has what appears to be a PGP signature block attached to it. While those are clever attempts to increase the credibility of the mail, I can tell you categorically that this is -not- a legitimate e-mail: it is a piece of malicious spam and the attachment is malware. Specifically, it contains Backdoor:Win32/Haxdoor... we never, ever, ever send attachments with our security notification e-mails. And, as a matter of company policy, Microsoft will never send you an executable attachment. If you get an e-mail that claims to be a security notification with an attachment, delete it. It is always a spoof..."

:fear::fear:

AplusWebMaster

2008-10-14, 20:22

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-oct.mspx
October 14, 2008
"This bulletin summary lists security bulletins released for October 2008...

Critical (4)

Microsoft Security Bulletin MS08-060
Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
- http://www.microsoft.com/technet/security/Bulletin/MS08-060.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)
- http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer...

Microsoft Security Bulletin MS08-059
Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
- http://www.microsoft.com/technet/security/Bulletin/MS08-059.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Host Integration Server...

Microsoft Security Bulletin MS08-057
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
- http://www.microsoft.com/technet/security/Bulletin/MS08-057.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Important (6)

Microsoft Security Bulletin MS08-066
Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
- http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-061
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
- http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-062
Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
- http://www.microsoft.com/technet/security/Bulletin/MS08-062.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-063
Vulnerability in SMB Could Allow Remote Code Execution (957095)
- http://www.microsoft.com/technet/security/Bulletin/MS08-063.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-064
Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
- http://www.microsoft.com/technet/security/Bulletin/MS08-064.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-065
Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)
- http://www.microsoft.com/technet/security/Bulletin/MS08-065.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege
Affected Software: Microsoft Windows...

Moderate (1)

Microsoft Security Bulletin MS08-056
Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
- http://www.microsoft.com/technet/security/Bulletin/MS08-056.mspx
Maximum Severity Rating: Moderate
Impact of Vulnerability: Information Disclosure
Affected Software: Microsoft Office...

---

ISC Anaylsis
- http://isc.sans.org/diary.html?storyid=5180
Last Updated: 2008-10-14 18:30:09 UTC

AplusWebMaster

2008-10-14, 21:59

FYI...

Microsoft Security Advisory (956391)
Cumulative Security Update of ActiveX Kill Bits
- http://www.microsoft.com/technet/security/advisory/956391.mspx
October 14, 2008 - "Microsoft is releasing a new set of ActiveX kill bits with this advisory...
This update sets the kill bits for the following third-party software:
• Microgaming Download Helper...
• System Requirements Lab...
• PhotoStockPlus Uploader Tool...
This update sets the kill bits for ActiveX controls addressed in previous Microsoft Security Bulletins. These kill bits are being set in this update as a defense in depth measure:
• Unsafe Functions in Office Web Components (328130), MS02-044.
• Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103), MS08-017.
• Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617), MS08-041.
• Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593), MS08-052.
For more information about installing this update, see Microsoft Knowledge Base Article 956391*."
* http://support.microsoft.com/kb/956391
Last Review: October 14, 2008

:spider:

AplusWebMaster

2008-10-23, 23:56

FYI...

Microsoft Security Bulletin MS08-067
Vulnerability in Server Service Could Allow Remote Code Execution (958644)
- http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx
October 23, 2008 - "...This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit..."
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...
Exploitability Index: 1 - Consistent exploit code likely...

- http://blogs.technet.com/msrc/archive/2008/10/23/ms08-067-released.aspx
October 23, 2008
- http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx

---
MS08-067 - exploit in the wild
- http://www.symantec.com/security_response/threatconlearn.jsp
Oct. 23, 2008 - "The ThreatCon is currently at Level 2: Elevated. The DeepSight Threat Analysis Team has updated the ThreatCon to Level 2. Microsoft has released an out-of-band security bulletin to address a Critical flaw in the Server Service (SVRSVC). The vulnerability occurs because of a failure in processing malformed RPC packets sent to the service. By default this issue can be exploited without authentication on Windows 2000, Windows XP, and Windows 2003. Both Windows Vista and Windows Server 2008 are vulnerable, but require authentication by default.
MS08-067 - Vulnerability in Server Service Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
According to the bulletin this vulnerability is being actively exploited in the wild..."
---

- http://securitylabs.websense.com/content/Alerts/3218.aspx
10.23.2008

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4250
10.23.2008

- http://secunia.com/advisories/32326
Release Date: 2008-10-23
Critical: Highly critical
Impact: System access...

- http://isc.sans.org/diary.html?storyid=5227
Last Updated: 2008-10-23 20:58:46 UTC ...Version: 3
"...we believe that client computers need to be updated with all due haste..."

:fear:

AplusWebMaster

2008-10-28, 05:14

FYI...

Microsoft Security Advisory (958963)
Exploit Code Published Affecting the Server Service
- http://www.microsoft.com/technet/security/advisory/958963.mspx
October 27, 2008 - "Microsoft is aware that detailed exploit code demonstrating code execution has been published on the Internet for the vulnerability that is addressed by security update MS08-067*. This exploit code demonstrates code execution on Windows 2000, Windows XP, and Windows Server 2003. Microsoft is aware of limited, targeted active attacks that use this exploit code. At this time, there are no self-replicating attacks associated with this vulnerability. Microsoft has activated its Software Security Incident Response Process (SSIRP) and is continuing to investigate this issue. Our investigation of this exploit code has verified that it does not affect customers who have installed the updates detailed in MS08-067 on their computers. Microsoft continues to recommend that customers apply the updates to the affected products by enabling the Automatic Updates feature in Windows..."
* http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

:fear:

AplusWebMaster

2008-10-30, 22:28

FYI...

Vista updates KB957200 and KB953155
- http://isc.sans.org/diary.html?storyid=5258
Last Updated: 2008-10-30 14:02:45 UTC - "...A few readers are writing in to ask about two recent updates appearing in their queue: KB957200 and KB953155.

KB957200* is listed as a reliability update and according to Microsoft: "this update resolves some performance and reliability issues in Windows Vista. By applying this update, you can achieve better performance and responsiveness in various scenarios. After you install this item, you may have to restart your computer."
* http://support.microsoft.com/kb/957200/en-us

KB953155** is a security update related to MS08-062..."
** http://support.microsoft.com/kb/953155/en-us
Last Review: October 14, 2008
- http://www.microsoft.com/technet/security/bulletin/ms08-062.mspx
Updated: October 29, 2008
Version: 2.2...
"...There were no changes to the security update binaries..."

:fear:

AplusWebMaster

2008-11-01, 20:37

FYI...

- http://www.f-secure.com/weblog/archives/00001525.html
October 31, 2008 - " We are seeing the first Proof of Concept binaries that target the MS08-067 vulnerability on the following English localized systems:
Windows XP Service Pack 2
Windows XP Service Pack 3
Windows 2003 Service Pack 2
The payload is encrypted as normal. It's function is to add the guest account to the administrators group, thus allowing unlimited access to the machine. We detect the binaries as follows:
Backdoor:W32/Agent.DIN
Backdoor:W32/Agent.DIO
Backdoor:W32/Agent.DIP
We'll continue to keep an eye on the events."

:fear: :fear:

AplusWebMaster

2008-11-03, 17:34

FYI...

Worm Exploiting MS08-067 in the Wild
- http://www.f-secure.com/weblog/archives/00001526.html
November 3, 2008 - "Code building on the proof of concept binaries that were mentioned last week has moved into the wild. We've received the first reports of a worm capable of exploiting the MS08-067 vulnerability. The exploit payload downloads a dropper that we detect as Trojan-Dropper.Win32.Agent.yhi. The dropped components include a kernel mode DDOS-bot that currently has a selection of Chinese targets in its configuration. The worm component is detected as Exploit.Win32.MS08-067.g and the kernel component as Rootkit.Win32.KernelBot.dg."

Also see: http://isc.sans.org/diary.html?storyid=5275
Last Updated: 2008-11-03 18:54:56 UTC ...(Version: 3)

:fear:

AplusWebMaster

2008-11-03, 23:46

FYI...

- http://www.theregister.co.uk/2008/11/03/microsoft_intelligence_report/
3 November 2008 - "Malware and unwanted software made strides in the first half of 2008, according to the latest security intelligence report from Microsoft, which tallied a 43 percent increase in the number of programs exorcised by the the company's malicious software removal tool. In the first six months of this year, there were some 62 million disinfections on 23.8 million machines, according to the report which was published* Monday. In the second half of last year, 42 million programs were removed on 15 million computers. Because it runs on hundreds of millions of machines worldwide, Microsoft's MSRT, or malicious software removal tool, functions as something of a bellwether for the state of successful attacks affecting Windows computers. The increase was driven in part by the addition of new strains of malware that the MSRT checks for, said Jeff Williams, principal architect for the Microsoft Malware Protection Center. Win32/Taterf, a family of worms that steals login credentials for a host of online games, was one such addition and was removed 2.7 million times. Other causes included the growing aggressiveness of established malware families. Win32/Zlob, a trojan that has bedeviled Windows users for years, was removed 7.5 million times..."
* http://www.microsoft.com/sir

:fear: