Page 1 of 51 1234511 ... LastLast
Results 1 to 10 of 501

Thread: Old MS Alerts

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Old MS Alerts

    FYI...good reason to be "selective" when doing "Windows Updates"...

    - http://support.microsoft.com/?kbid=890830
    Last Review: November 24, 2005
    Revision: 15.2
    "...Known issues in the November 8, 2005 release
    When you run the November 8, 2005 release of the Windows Malicious Software Removal Tool from Windows Update, from Automatic Update, or from the Download Center, the tool may appear to stop responding. Additionally, you may experience one of the following symptoms:
    • When you run the tool from Windows Update or from Automatic Update, Windows Task Manager shows that the Iexplore.exe process has high CPU usage.
    • When you run the tool from the Download Center, Windows Task Manager shows that the Mrt.exe process has high CPU usage.
    To resolve this issue, install the updated version of the Windows Malicious Software Removal Tool that is now available from Windows Update, from Microsoft Update, from Automatic Updates, or from the Download Center. An updated version of the Windows Malicious Software Removal Tool was released on November 11, 2005.
    >>> http://tinyurl.com/83c52

    :(
    Last edited by AplusWebMaster; 2008-02-13 at 00:47.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Old MS Alerts

    FYI...

    - http://www.microsoft.com/technet/sec.../ms07-jul.mspx
    Published: July 5, 2007
    ...This is an advance notification of -six- security bulletins that Microsoft is intending to release on July 10, 2007...

    Critical (3)

    Microsoft Security Bulletin 1
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution ...
    Affected Software: Office, Excel...

    Microsoft Security Bulletin 4
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution ...
    Affected Software: Windows...

    Microsoft Security Bulletin 5
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution ...
    Affected Software: .NET Framework...


    Important (2)

    Microsoft Security Bulletin 2
    Maximum Severity Rating: Important
    Impact of Vulnerability: Remote Code Execution ...
    Affected Software: Office, Publisher...

    Microsoft Security Bulletin 6
    Maximum Severity Rating: Important
    Impact of Vulnerability: Remote Code Execution ...
    Affected Software: Windows XP Professional...


    Moderate (1)

    Microsoft Security Bulletin 3
    Maximum Severity Rating: Moderate
    Impact of Vulnerability: Information Disclosure ...
    Affected Software: Windows Vista..."


    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Default MS Bulletin Advance Notification - August 2007

    FYI...

    - http://www.microsoft.com/technet/sec.../ms07-aug.mspx
    Published: August 9, 2007
    "...This is an advance notification of -nine- security bulletins that Microsoft is intending to release on August 14, 2007...

    Critical (6)

    Microsoft Security Bulletin 1
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Windows, XML Core Services...

    Microsoft Security Bulletin 2
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Windows, Visual Basic, Office for Mac...

    Microsoft Security Bulletin 3
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Office...

    Microsoft Security Bulletin 4
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Windows, Internet Explorer...

    Microsoft Security Bulletin 5
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Windows...

    Microsoft Security Bulletin 9
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Windows, Internet Explorer...


    Important (3)

    Microsoft Security Bulletin 6
    Maximum Severity Rating: Important
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Windows...

    Microsoft Security Bulletin 7
    Maximum Severity Rating: Important
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Windows Vista...

    Microsoft Security Bulletin 8
    Maximum Severity Rating: Important
    Impact of Vulnerability: Elevation of Privilege...
    Affected Software: Virtual PC, Virtual Server...


    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Default MS Security Bulletin Advance Notification - September 2007

    FYI...

    - http://www.microsoft.com/technet/sec.../ms07-sep.mspx
    Published: September 6, 2007

    "This is an advance notification of five security bulletins that Microsoft is intending to release on September 11, 2007...

    Critical (1)

    Microsoft Security Bulletin 1
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Windows.

    Important (4)

    Microsoft Security Bulletin 2
    Maximum Severity Rating: Important
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Visual Studio.

    Microsoft Security Bulletin 3
    Maximum Severity Rating: Important
    Impact of Vulnerability: Elevation of Privilege...
    Affected Software: Windows Services for UNIX, Subsystem for UNIX-based Applications.

    Microsoft Security Bulletin 4
    Maximum Severity Rating: Important
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: MSN Messenger, Windows Live Messenger.

    Microsoft Security Bulletin 5
    Maximum Severity Rating: Important
    Impact of Vulnerability: Elevation of Privilege...
    Affected Software: Windows, SharePoint Server.
    -----------------------------------------------

    - http://www.microsoft.com/technet/sec.../ms07-sep.mspx
    Revisions:
    • September 7, 2007: Bulletin Advance Notification updated. Microsoft plans to release four security bulletins, and no longer plans to release Microsoft Security Bulletin 5 affecting Windows and SharePoint Server, on Tuesday, September 11, 2007.

    .
    Last edited by AplusWebMaster; 2007-09-09 at 16:04.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Default MS Security Bulletin Advance Notification - October 2007

    FYI...

    - http://www.microsoft.com/technet/sec.../ms07-oct.mspx
    October 4, 2007
    "...This bulletin advance notification will be replaced with the October bulletin summary on October 9, 2007...

    Critical (4)

    Microsoft Security Bulletin 1
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Windows...

    Microsoft Security Bulletin 2
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Windows, Outlook Express, Windows Mail...

    Microsoft Security Bulletin 3
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Windows, Internet Explorer...

    Microsoft Security Bulletin 6
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Office...


    Important (3)

    Microsoft Security Bulletin 4
    Maximum Severity Rating: Important
    Impact of Vulnerability: Denial of Service...
    Affected Software: Windows...

    Microsoft Security Bulletin 5
    Maximum Severity Rating: Important
    Impact of Vulnerability: Spoofing...
    Affected Software: Windows...

    Microsoft Security Bulletin 7
    Maximum Severity Rating: Important
    Impact of Vulnerability: Elevation of Privilege...
    Affected Software: Windows, Office..."


    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation 2007-Q4-MS Alerts

    FYI...

    - http://www.microsoft.com/technet/sec.../ms07-oct.mspx
    Published: October 9, 2007
    "This bulletin summary lists security bulletins released for October 2007...


    Critical (4)

    Microsoft Security Bulletin MS07-055
    Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)
    - http://www.microsoft.com/technet/sec.../ms07-055.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution
    Affected Software: Windows...

    Microsoft Security Bulletin MS07-056
    Security Update for Outlook Express and Windows Mail (941202)
    - http://www.microsoft.com/technet/sec.../ms07-056.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution
    Affected Software: Windows, Outlook Express, Windows Mail...

    Microsoft Security Bulletin MS07-057
    Cumulative Security Update for Internet Explorer (939653)
    - http://www.microsoft.com/technet/sec.../ms07-057.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution
    Affected Software: Windows, Internet Explorer...

    Microsoft Security Bulletin MS07-060
    Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)
    - http://www.microsoft.com/technet/sec.../ms07-060.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution
    Affected Software: Office...


    Important (2)

    Microsoft Security Bulletin MS07-058
    Vulnerability in RPC Could Allow Denial of Service (933729)
    - http://www.microsoft.com/technet/sec.../ms07-058.mspx
    Maximum Severity Rating: Important
    Impact of Vulnerability: Denial of Service
    Affected Software: Windows...

    Microsoft Security Bulletin MS07-059
    Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)
    - http://www.microsoft.com/technet/sec.../ms07-059.mspx
    Maximum Severity Rating: Important
    Impact of Vulnerability: Elevation of Privilege
    Affected Software: Windows, Office...

    ------------------------------------------------------

    ISC Analysis
    - http://isc.sans.org/diary.html?storyid=3480

    ==========================================

    - http://blogs.technet.com/msrc/archiv...y-release.aspx
    "...Microsoft also re-released bulletin MS05-004*. This re-release updates detection includes Server 2003 Service Pack 2 and Vista as affected platforms. There were no changes to the update binaries, so if you have already successfully installed this update, you do not need to reinstall it..."

    Microsoft Security Bulletin MS05-004
    ASP.NET Path Validation Vulnerability (887219)
    * http://www.microsoft.com/technet/sec.../MS05-004.mspx
    Revisions:
    • V1.0 (February 8, 2005): Bulletin published
    • V1.1 (February 15, 2005): Bulletin updated to include Knowledge Base Article numbers for each individual download under Affected Products.
    • V1.2 (March 16, 2005): Bulletin “Caveats” section has been updated to document known issues that customers may experience when installing the available security updates.
    • V2.0 (June 14, 2005): Bulletin updated to announce the availability of an updated package for .NET Framework 1.0 Service Pack 3 for the following operating system versions: (887998) Windows XP Tablet PC Edition and Windows XP Media Center Edition.
    • V3.0 (August 8, 2006): Bulletin updated to reflect the addition of Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 x64 Edition for .NET Framework 1.1 Service Pack 1 under “Affected Software” for “Microsoft .NET Framework 1.1”.
    • V4.0 (October 9, 2007): Bulletin updated as Windows Server 2003 Service Pack 2 and Windows Vista have been added to the “Affected Software” sections for .NET Framework 1.0 Service Pack 3 KB886906 and .NET Framework 1.1 Service Pack 1 KB886903.

    .
    Last edited by AplusWebMaster; 2007-10-10 at 02:17.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Default MS Alerts - 2007-Q4

    FYI...

    Microsoft Security Advisory (943521)
    URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution
    - http://www.microsoft.com/technet/sec...ry/943521.mspx
    Published: October 10, 2007
    "Microsoft is investigating public reports of a remote code execution vulnerability in supported editions of Windows XP and Windows Server 2003 with Windows Internet Explorer 7 installed. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time. Microsoft is investigating the public reports.
    • This vulnerability does not affect Windows Vista or any supported editions of Windows where Internet Explorer 7 is not installed..."

    MSRC blog
    > http://preview.tinyurl.com/yoadp8
    October 10, 2007
    --------------------

    > http://www.microsoft.com/technet/sec...ry/943521.mspx
    Updated: November 13, 2007 - "...We have issued MS07-061* to address this issue..."
    * http://www.microsoft.com/technet/sec.../MS07-061.mspx

    .
    Last edited by AplusWebMaster; 2008-01-14 at 19:00.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation (MS07-060) Word exploit loose

    FYI...

    - http://preview.tinyurl.com/2q4xop
    October 11, 2007 (Computerworld) - Security researchers spotted an attack yesterday that exploits a vulnerability in Microsoft Word patched just the day before. On Wednesday, Symantec Corp. reported it had obtained a suspicious Word document that crashed every version of the application except the newest, Word 2007, when opened. After it examined the document, Symantec found that the document included shell code and three pieces of malware. Among its more surprising findings: Symantec found that the document had been created with the edition of Word included with Office for Mac 2004. On Tuesday, Microsoft Corp. issued a patch that closed a critical vulnerability in multiple editions of the popular word processor, including Word 2000, Word XP and Word for the Mac. Symantec put the two together. "Taking a closer look at that vulnerability, we confirmed that this document was in fact exploiting the same vulnerability"... Updates to the Windows versions of Word can be obtained via Microsoft Update or Office Update..."

    - http://preview.tinyurl.com/2saysc
    October 10, 2007 (Symantec Security Response Weblog)

    > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3899

    > http://cwe.mitre.org/data/definitions/94.html

    Last edited by AplusWebMaster; 2007-10-12 at 15:28.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #9
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Question Stealth Windows Updates (cont'd)

    FYI...

    - http://preview.tinyurl.com/27znt2
    October 16, 2007 (Computerworld) - "For the second time in a month, Microsoft Corp. has had to defend Windows Update against charges that it upgraded machines without users' permission. So far, it has no explanation for the newest instance of unauthorized updating..."

    - https://windowssecrets.com/2007/10/2...-be-MS-OneCare
    October 25, 2007 - "...My finding is that Windows Live OneCare silently changes the AU settings. This explains at least some of the complaints that have been reported so far. Users could have installed OneCare — even a free-trial version — at any time in the recent past and been unaware of any changes until Automatic Updates forced a reboot in the wee hours..."

    - http://support.microsoft.com/kb/943144/en-us
    Last Review: October 26, 2007
    Revision: 2.2
    Last edited by AplusWebMaster; 2007-10-27 at 00:19.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Question

    FYI...

    URL Update to IE URL Handling Vuln
    - http://isc.sans.org/diary.php?storyid=3547
    Last Updated: 2007-10-26 02:05:06 UTC - "Earlier this month, Microsoft published KB943521. This article acknowledged that third party software had to validate URLs before passing them to Internet Explorer, as Internet Explorer will not validate them. Today, Microsoft published an update to the advisory, suggesting limited exploitation of this vulnerability.
    Microsoft does not appear to plan to fix the issue in Internet Explorer. Instead, it asks vendors releasing tools that pass URLs to Internet Explorer to validate them...

    Links:

    http://www.microsoft.com/technet/sec...ry/943521.mspx
    Revisions:
    • October 10, 2007: Advisory published
    • October 25, 2007: Advisory updated to reflect increased threat level

    http://blogs.technet.com/msrc/archiv...ry-943521.aspx "

    .
    Last edited by AplusWebMaster; 2007-10-26 at 16:58.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •