Old MS Alerts

[AplusWebMaster]

FYI...good reason to be "selective" when doing "Windows Updates"...

- http://support.microsoft.com/?kbid=890830
Last Review: November 24, 2005
Revision: 15.2
"...Known issues in the November 8, 2005 release
When you run the November 8, 2005 release of the Windows Malicious Software Removal Tool from Windows Update, from Automatic Update, or from the Download Center, the tool may appear to stop responding. Additionally, you may experience one of the following symptoms:
• When you run the tool from Windows Update or from Automatic Update, Windows Task Manager shows that the Iexplore.exe process has high CPU usage.
• When you run the tool from the Download Center, Windows Task Manager shows that the Mrt.exe process has high CPU usage.
To resolve this issue, install the updated version of the Windows Malicious Software Removal Tool that is now available from Windows Update, from Microsoft Update, from Automatic Updates, or from the Download Center. An updated version of the Windows Malicious Software Removal Tool was released on November 11, 2005.
>>> http://tinyurl.com/83c52

:(

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../ms07-jul.mspx
Published: July 5, 2007
...This is an advance notification of -six- security bulletins that Microsoft is intending to release on July 10, 2007...

Critical (3)

Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution ...
Affected Software: Office, Excel...

Microsoft Security Bulletin 4
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution ...
Affected Software: Windows...

Microsoft Security Bulletin 5
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution ...
Affected Software: .NET Framework...


Important (2)

Microsoft Security Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution ...
Affected Software: Office, Publisher...

Microsoft Security Bulletin 6
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution ...
Affected Software: Windows XP Professional...


Moderate (1)

Microsoft Security Bulletin 3
Maximum Severity Rating: Moderate
Impact of Vulnerability: Information Disclosure ...
Affected Software: Windows Vista..."


.

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../ms07-aug.mspx
Published: August 9, 2007
"...This is an advance notification of -nine- security bulletins that Microsoft is intending to release on August 14, 2007...

Critical (6)

Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, XML Core Services...

Microsoft Security Bulletin 2
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Visual Basic, Office for Mac...

Microsoft Security Bulletin 3
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...

Microsoft Security Bulletin 4
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...

Microsoft Security Bulletin 5
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...

Microsoft Security Bulletin 9
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...


Important (3)

Microsoft Security Bulletin 6
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...

Microsoft Security Bulletin 7
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows Vista...

Microsoft Security Bulletin 8
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Virtual PC, Virtual Server...


.

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../ms07-sep.mspx
Published: September 6, 2007

"This is an advance notification of five security bulletins that Microsoft is intending to release on September 11, 2007...

Critical (1)

Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows.

Important (4)

Microsoft Security Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Visual Studio.

Microsoft Security Bulletin 3
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows Services for UNIX, Subsystem for UNIX-based Applications.

Microsoft Security Bulletin 4
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: MSN Messenger, Windows Live Messenger.

Microsoft Security Bulletin 5
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows, SharePoint Server.
-----------------------------------------------

- http://www.microsoft.com/technet/sec.../ms07-sep.mspx
Revisions:
• September 7, 2007: Bulletin Advance Notification updated. Microsoft plans to release four security bulletins, and no longer plans to release Microsoft Security Bulletin 5 affecting Windows and SharePoint Server, on Tuesday, September 11, 2007.

.

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../ms07-oct.mspx
October 4, 2007
"...This bulletin advance notification will be replaced with the October bulletin summary on October 9, 2007...

Critical (4)

Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...

Microsoft Security Bulletin 2
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Outlook Express, Windows Mail...

Microsoft Security Bulletin 3
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...

Microsoft Security Bulletin 6
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...


Important (3)

Microsoft Security Bulletin 4
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service...
Affected Software: Windows...

Microsoft Security Bulletin 5
Maximum Severity Rating: Important
Impact of Vulnerability: Spoofing...
Affected Software: Windows...

Microsoft Security Bulletin 7
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows, Office..."


.

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../ms07-oct.mspx
Published: October 9, 2007
"This bulletin summary lists security bulletins released for October 2007...


Critical (4)

Microsoft Security Bulletin MS07-055
Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)
- http://www.microsoft.com/technet/sec.../ms07-055.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Affected Software: Windows...

Microsoft Security Bulletin MS07-056
Security Update for Outlook Express and Windows Mail (941202)
- http://www.microsoft.com/technet/sec.../ms07-056.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Affected Software: Windows, Outlook Express, Windows Mail...

Microsoft Security Bulletin MS07-057
Cumulative Security Update for Internet Explorer (939653)
- http://www.microsoft.com/technet/sec.../ms07-057.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Affected Software: Windows, Internet Explorer...

Microsoft Security Bulletin MS07-060
Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)
- http://www.microsoft.com/technet/sec.../ms07-060.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Affected Software: Office...


Important (2)

Microsoft Security Bulletin MS07-058
Vulnerability in RPC Could Allow Denial of Service (933729)
- http://www.microsoft.com/technet/sec.../ms07-058.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service
Affected Software: Windows...

Microsoft Security Bulletin MS07-059
Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)
- http://www.microsoft.com/technet/sec.../ms07-059.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege
Affected Software: Windows, Office...

------------------------------------------------------

ISC Analysis
- http://isc.sans.org/diary.html?storyid=3480

==========================================

- http://blogs.technet.com/msrc/archiv...y-release.aspx
"...Microsoft also re-released bulletin MS05-004*. This re-release updates detection includes Server 2003 Service Pack 2 and Vista as affected platforms. There were no changes to the update binaries, so if you have already successfully installed this update, you do not need to reinstall it..."

Microsoft Security Bulletin MS05-004
ASP.NET Path Validation Vulnerability (887219)
* http://www.microsoft.com/technet/sec.../MS05-004.mspx
Revisions:
• V1.0 (February 8, 2005): Bulletin published
• V1.1 (February 15, 2005): Bulletin updated to include Knowledge Base Article numbers for each individual download under Affected Products.
• V1.2 (March 16, 2005): Bulletin “Caveats” section has been updated to document known issues that customers may experience when installing the available security updates.
• V2.0 (June 14, 2005): Bulletin updated to announce the availability of an updated package for .NET Framework 1.0 Service Pack 3 for the following operating system versions: (887998) Windows XP Tablet PC Edition and Windows XP Media Center Edition.
• V3.0 (August 8, 2006): Bulletin updated to reflect the addition of Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 x64 Edition for .NET Framework 1.1 Service Pack 1 under “Affected Software” for “Microsoft .NET Framework 1.1”.
• V4.0 (October 9, 2007): Bulletin updated as Windows Server 2003 Service Pack 2 and Windows Vista have been added to the “Affected Software” sections for .NET Framework 1.0 Service Pack 3 KB886906 and .NET Framework 1.1 Service Pack 1 KB886903.

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (943521)
URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...ry/943521.mspx
Published: October 10, 2007
"Microsoft is investigating public reports of a remote code execution vulnerability in supported editions of Windows XP and Windows Server 2003 with Windows Internet Explorer 7 installed. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time. Microsoft is investigating the public reports.
• This vulnerability does not affect Windows Vista or any supported editions of Windows where Internet Explorer 7 is not installed..."

MSRC blog
> http://preview.tinyurl.com/yoadp8
October 10, 2007
--------------------

> http://www.microsoft.com/technet/sec...ry/943521.mspx
Updated: November 13, 2007 - "...We have issued MS07-061* to address this issue..."
* http://www.microsoft.com/technet/sec.../MS07-061.mspx

.

[AplusWebMaster]

FYI...

- http://preview.tinyurl.com/2q4xop
October 11, 2007 (Computerworld) - Security researchers spotted an attack yesterday that exploits a vulnerability in Microsoft Word patched just the day before. On Wednesday, Symantec Corp. reported it had obtained a suspicious Word document that crashed every version of the application except the newest, Word 2007, when opened. After it examined the document, Symantec found that the document included shell code and three pieces of malware. Among its more surprising findings: Symantec found that the document had been created with the edition of Word included with Office for Mac 2004. On Tuesday, Microsoft Corp. issued a patch that closed a critical vulnerability in multiple editions of the popular word processor, including Word 2000, Word XP and Word for the Mac. Symantec put the two together. "Taking a closer look at that vulnerability, we confirmed that this document was in fact exploiting the same vulnerability"... Updates to the Windows versions of Word can be obtained via Microsoft Update or Office Update..."

- http://preview.tinyurl.com/2saysc
October 10, 2007 (Symantec Security Response Weblog)

> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3899

> http://cwe.mitre.org/data/definitions/94.html

[AplusWebMaster]

FYI...

- http://preview.tinyurl.com/27znt2
October 16, 2007 (Computerworld) - "For the second time in a month, Microsoft Corp. has had to defend Windows Update against charges that it upgraded machines without users' permission. So far, it has no explanation for the newest instance of unauthorized updating..."

- https://windowssecrets.com/2007/10/2...-be-MS-OneCare
October 25, 2007 - "...My finding is that Windows Live OneCare silently changes the AU settings. This explains at least some of the complaints that have been reported so far. Users could have installed OneCare — even a free-trial version — at any time in the recent past and been unaware of any changes until Automatic Updates forced a reboot in the wee hours..."

- http://support.microsoft.com/kb/943144/en-us
Last Review: October 26, 2007
Revision: 2.2

[AplusWebMaster]

FYI...

URL Update to IE URL Handling Vuln
- http://isc.sans.org/diary.php?storyid=3547
Last Updated: 2007-10-26 02:05:06 UTC - "Earlier this month, Microsoft published KB943521. This article acknowledged that third party software had to validate URLs before passing them to Internet Explorer, as Internet Explorer will not validate them. Today, Microsoft published an update to the advisory, suggesting limited exploitation of this vulnerability.
Microsoft does not appear to plan to fix the issue in Internet Explorer. Instead, it asks vendors releasing tools that pass URLs to Internet Explorer to validate them...

Links:

http://www.microsoft.com/technet/sec...ry/943521.mspx
Revisions:
• October 10, 2007: Advisory published
• October 25, 2007: Advisory updated to reflect increased threat level

http://blogs.technet.com/msrc/archiv...ry-943521.aspx "

.