PDA

View Full Version : MS Alerts - Q3-2007b



AplusWebMaster
2007-08-30, 15:54
FYI...

An update is available that improves the compatibility and reliability of Windows Vista
- http://support.microsoft.com/kb/938194
Article ID: 938194
Last Review: August 24, 2007
Revision: 2.2

An update is available that improves the performance and reliability of Windows Vista
- http://support.microsoft.com/kb/938979
Article ID: 938979
Last Review: August 24, 2007
Revision: 2.1


.

AplusWebMaster
2007-09-11, 20:29
FYI...

- http://www.microsoft.com/technet/security/bulletin/ms07-sep.mspx
Published: September 11, 2007

This bulletin summary lists security bulletins released for September 2007...

Critical (1)

Microsoft Security Bulletin MS07-051
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827)
- http://www.microsoft.com/technet/security/bulletin/ms07-051.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...


Important (3)

Microsoft Security Bulletin MS07-052
Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)
- http://www.microsoft.com/technet/security/bulletin/ms07-052.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Visual Studio...

Microsoft Security Bulletin MS07-053
Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)
- http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows Services for UNIX, Subsystem for UNIX-based Applications...

Microsoft Security Bulletin MS07-054
Vulnerability in MSN Messenger and Windows Live Messenger could allow Remote Code Execution (942099)
- http://www.microsoft.com/technet/security/bulletin/ms07-054.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: MSN Messenger, Windows Live Messenger...

-------------------------------------------------------------

ISC Analysis
- http://isc.sans.org/diary.html?storyid=3367
Last Updated: 2007-09-11 17:57:21 UTC

================================================

An update is available that improves the performance and reliability of Windows Vista
- http://support.microsoft.com/kb/938979
Last Review: September 11, 2007
Revision: 2.2

.

AplusWebMaster
2007-09-13, 15:54
FYI...

- http://isc.sans.org/diary.html?storyid=3367
Last Updated: 2007-09-13 09:07:25 UTC ... (Version: 3)
"MS07-051... Exploit available in for pay program since Sept. 12th..."
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3040

"MS07-052... Well known vulnerability with public exploit code..."
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6133

"MS07-054... Details of how to exploit are public..."
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2931


:mad:

AplusWebMaster
2007-09-19, 14:13
FYI...

- http://blog.washingtonpost.com/securityfix/2007/09/report_four_percent_of_ecrime.html
September 17, 2007 - "...Symantec documented 237 vulnerabilities in Web browser plug-ins. Nearly 90 percent of those were related to ActiveX components in IE that were found to introduce security holes that could let malicious Web sites compromise Windows PCs."


.

AplusWebMaster
2007-09-19, 14:26
FYI...

- http://support.microsoft.com/kb/923618/
Article ID: 923618
Last Review: September 18, 2007
Revision: 1.0

Download:
- http://preview.tinyurl.com/2zf3ox

More info:
- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=201807224
--------------------------------------------------

- http://isc.sans.org/diary.html?storyid=3405
Last Updated: 2007-09-19 16:05:16 UTC - "...This service pack includes a roll-up of several existing security fixes, but also makes some behavioral changes that affect security:
* Office can now no longer by default open certain older document formats, which include Coreldraw and older Powerpoint versions (pre-97). This significantly reduces the amount of attack surface;
* Older COM components that behave in a non-appropriate way may no longer have the same level of access as they did in the past (KB 938814);
* Administrators can now, through the registry, configure Office to no longer allow certain COM components. They also have the ability to block the opening of files older than a certain Word version (KB 938815 and 938810)
Plenty of other changes apply, this is not a complete list. Read more at Microsoft*."

* http://office.microsoft.com/en-us/downloads/default.aspx

.

AplusWebMaster
2007-09-27, 18:11
FYI...

- http://preview.tinyurl.com/2mv94t
September 27, 2007 (Computerworld) - "The contentious stealth update that Microsoft delivered to customers this summer blocks 80 patches and fixes from installing after Windows XP is restored using its "repair" feature, researchers said today. Scott Dunn, who first reported the problem in a story posted Thursday morning to the "Windows Secrets" newsletter**, said that users who reinstall Windows XP with the repair option cannot retrieve the full set of updates from Windows Update (WU). The problem, he said, has been traced to the so-called "stealth update" to WU which Microsoft has acknowledged sending to users beginning in July... That problem affects any user who restores Windows XP using the setup CD's "repair" option, sometimes also called an "in-place reinstallation" because it reinstalls the operating system files without disturbing the applications and data already on the disk drive. Because repair is essentially a roll-back to XP's original state, the OS must be updated with all subsequent patches and hotfixes using WU. A system bought soon after Windows XP SP2 was released, for example, would need to download and install about three years' worth of updates. After a repair, XP defaults to the "Automatic" setting for Automatic Updates, which means WU is immediately updated to version 7.0.600.381, the version pushed to PCs by the summer's undercover upgrade, said Dunn. Seven of the DLL (dynamic link library) files that make up 7.0.600.381, however, fail to register themselves with Windows. That, in turn, keeps XP from successfully installing approximately 80 of the most recent patches and fixes... It's not clear how long WU has prevented post-repair updates, but searches through Microsoft's support newsgroups revealed questions about similar behavior as long ago as June. Responses by other users, including some with Most Valued Professional (MVP) designation -- a honorific Microsoft gives to users who make major contributions to the Windows community -- offered advice much like Dunn's. Several of them pointed users to the support document KB916259*... Microsoft was not available for comment early Thursday morning."
* http://support.microsoft.com/kb/916259

** http://www.windowssecrets.com/2007/09/27/03-Stealth-Windows-update-prevents-XP-repair#

:sad:
----------------------------------

Updates are not installed successfully from Windows Update, from Microsoft Update, or by using Automatic Updates after you repair a Windows XP installation
- http://support.microsoft.com/kb/943144/en-us
Last Review: September 28, 2007
Revision: 1.1
----------------------------
Article ID: 943144
>>> Last Review: October 2, 2007
Revision: 2.1

.