MS07-055 exploit code public
FYI...
- http://preview.tinyurl.com/ysz6so
October 29, 2007 - (Infoworld) "A hacker has released attack code that could be used to exploit a critical bug in some versions of the Windows operating system. Microsoft patched the flaw, which affects older versions of Windows, on Oct. 9. When the Image Viewer tries to open a maliciously encoded TIFF file, it can be tricked into running unauthorized software on the PC. A sample of the exploit was posted Monday to the Milw0rm Web site. The code has not yet been used in online attacks, according to Symantec, which issued an alert Monday. Symantec recommends that Windows users install the MS07-055 update* as quickly as possible. Microsoft took the unusual step of issuing its own security update for Kodak's software, because the image viewer (formerly known as the Wang Image Viewer) had shipped in Windows 2000 systems by default. Still, many Windows users are not affected by the problem. Windows XP and Windows Server 2003 users should not have the software installed on their PCs, unless they downloaded it directly or upgraded from Windows 2000. Windows Vista users are not affected by the bug. Also, users would have to open the TIFF file using the Kodak Image Viewer for the attack to work..."
* http://forums.spybot.info/showpost.p...6&postcount=17
:fear:
MS Security Bulletin Advance Notification - November 2007
FYI...
- http://www.microsoft.com/technet/sec.../ms07-nov.mspx
Published: November 8, 2007
"This is an advance notification of two security bulletins that Microsoft is intending to release on November 13, 2007...
Critical (1)
Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...
Important (1)
Microsoft Security Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Spoofing...
Affected Software: Windows...
Other Information:
Microsoft Windows Malicious Software Removal Tool
- Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
Non-Security, High-Priority Updates on MU, WU, and WSUS
For this month:
• Microsoft is planning to release three non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft is planning to release zero non-security, high-priority updates for Windows on Windows Update (WU).
Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."
New MS KB (Help) for IEv7
FYI...
A blank Web page is displayed when you start Internet Explorer 7
- http://support.microsoft.com/default.aspx/kb/945385
Last Review: December 4, 2007
Revision: 1.0
Internet Explorer stops responding, stops working, or restarts
Self-help steps for a beginning to an intermediate computer user
- http://support.microsoft.com/gp/pc_ie_intro
(Found at Sandi Hardmeier's "Spyware Sucks" site - thanks Sandi!)
> http://msmvps.com/blogs/spywaresucks/
:cool:
MS Security Bulletin Advance Notification - December 2007
FYI...
- http://www.microsoft.com/technet/sec.../ms07-dec.mspx
Published: December 6, 2007
"...This is an advance notification of -seven- security bulletins that Microsoft is intending to release on December 11, 2007...
Critical (3)
Microsoft Security Bulletin 2
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, DirectX, DirectShow...
Microsoft Security Bulletin 6
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Windows Media Format Runtime...
Microsoft Security Bulletin 7
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...
Important (4)
Microsoft Security Bulletin 1
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...
Microsoft Security Bulletin 3
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...
Microsoft Security Bulletin 4
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows...
Microsoft Security Bulletin 5
Maximum Severity Rating: Important
Impact of Vulnerability: Local Elevation of Privilege...
Affected Software: Windows...
---
Microsoft Windows Malicious Software Removal Tool
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
Non-Security, High-Priority Updates on MU, WU, and WSUS
For this month:
• Microsoft is planning to release -six- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft is planning to release -one- non-security, high-priority update for Windows on Windows Update (WU).
Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."
Vista Security updates...
FYI...
- http://preview.tinyurl.com/2rtbmz
December 11, 2007 (Symantec Security Response Weblog) - "...Microsoft released seven bulletins this month, covering a total of eleven vulnerabilities. Nine of the vulnerabilities affect Microsoft Vista either directly or through applications running on that operating system..."
> http://forums.spybot.info/showpost.p...1&postcount=31
:fear:
MS Office 2007 SP1 released
FYI...
- http://www.microsoft.com/presspass/f...ce2007SP1.mspx
Dec 11, 2007 - "...Customers can download SP1 immediately from http://office.microsoft.com/en-us/do...s/default.aspx . They can also place an order for a CD at http://office.microsoft.com/en-us/default.aspx . At a later date, we also will provide SP1 through automatic update..."
=====================================
Office 2007 SP1 auto-installs confuse Vista, XP users
- http://preview.tinyurl.com/2aysx4
December 13, 2007 (Infoworld) - "Some users have gotten the massive Office 2007 SP1 update automatically, even though Microsoft said it would not use Windows' AU (Automatic Updates) to push out the large upgrade for several months, the company confirmed Thursday. Anyone running a preview copy of Windows Vista Service Pack 1 (SP1), which was made available to all comers only Wednesday, will receive the Office 2007 upgrade automatically. Users of other in-beta Microsoft products, including Windows XP SP3, which is still in limited testing, will also be hit by the Office update, which weighs in at almost 220MB. "As noted to beta customers, if [they] are running Vista SP1 beta software, as part of the beta program, Office 2007 SP1 on pre-release Windows Vista SP1 will automatically install as planned for this beta program," said Bobbie Harder, a senior program manager with the WSUS (Windows Server Update Services) group... even if users of Vista SP1, Windows XP SP3, or WSUS 3.0 SP3 manually installed Office 2007 SP1, AU later automatically installs -- actually re-installs -- the service pack... The next time Windows Update runs, however, Office 2007 SP1 reappears, again checked by default. To strike it off the list, users must right-click the item in the list and choose "hide update."
:fear: