MS07-069 (IE update)... Post Install Issue
FYI...
MS07-069 (IE update)... Post Install Issue
- http://preview.tinyurl.com/252f8d
December 18, 2007 (MSRC) - "...We have been investigating public reports of possible problems on systems that have installed the Cumulative Security Update for Internet Explorer (942615),
http://www.microsoft.com/technet/sec.../ms07-069.mspx
released earlier this month. We have some information to share with you regarding the results of our investigation into these reports. First, I want to note the security update does protect against the vulnerabilities noted in the bulletin. If you are not experiencing issues noted in the below referenced Knowledge Base article, no action is needed. We have been working with a small number of customers that reported issues related to the installation of MS07-069. Specifically, on a Windows XP Service Pack 2 (SP2)-based computer, Internet Explorer 6 may stop responding when you try to a visit a web site. Weve made an update to the Knowledge Base article for MS07-069, KB942615, which highlights the known issue.
http://support.microsoft.com/kb/942615
We have also added the following known issue Knowledge Base article KB946627. Because this occurs in a customized installation, this isnt a widespread issue.
http://support.microsoft.com/kb/946627
Customers who believe they are affected can contact Customer Support Services at no charge using the PC Safety line at 1-866-PCSAFETY (North America). All customers, including those outside the U.S., can visit http://support.microsoft.com/security for assistance."
-----------------------------
- http://secunia.com/advisories/28036/
"...NOTE: This vulnerability is reportedly being actively exploited.
Successful exploitation of the vulnerabilities allows execution of arbitrary code when a user e.g. visits a malicious website..."
> http://www.microsoft.com/technet/sec.../MS07-069.mspx
V1.2 (December 18, 2007): Bulletin updated to reflect a known issue; a change to the Removal Information text in the Windows Vista Reference Table in the Security Update Information section; and, a change to the File Information text in the Reference Table within the Security Update Information section for all affected operating systems...
:fear:
XPSP2 w/IE6 registry edit fix for MS07-069
What?
XPSP2 w/IE6 registry edit fix for MS07-069
- http://support.microsoft.com/kb/946627
Last Review: December 19, 2007
Revision: 1.0
"...WORKAROUND
Warning: Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk..."
- http://blogs.msdn.com/ie/archive/200...2.aspx#6806843
December 19, 2007 - "...can Microsoft be serious that the solution is to edit each registry? Is this some sort of joke? It would be easier to have each user install Mozilla Firefox and stop using IE completely."
:sad:
IE 6 crashes after you install (MS07-069)
FYI...
- http://www.microsoft.com/technet/sec.../MS07-069.mspx
V1.3 (December 20, 2007): Bulletin revised to reflect a new Security Update FAQ entry for a known issue documented in KB946627.
IE 6 crashes after you install (MS07-069) security update 942615 on a computer that is running Windows XPSP2
- http://support.microsoft.com/kb/946627/
Last Review: December 21, 2007
Revision: 2.0
:fear:
MS Office2003 SP3 disables older file formats
FYI...
MS Office2003 SP3 disables older file formats
- http://it.slashdot.org/it/08/01/01/137257.shtml
January 02, 2008 - "In Service Pack 3 for Office 2003, Microsoft disabled support for many older file formats. If you have old Word, Excel, 1-2-3, Quattro, or Corel Draw documents, watch out! They did this because the old formats are 'less secure', which actually makes some sense, but only if you got the files from some untrustworthy source. Naturally, they did this by default, and then documented a mind-bogglingly complex workaround (KB 938810*) rather than providing a user interface for adjusting it, or even a set of awkward 'Do you really want to do this?' dialog boxes to click through. And of course because these are, after all, old file formats ... many users will encounter the problem only months or years after the software change, while groping around in dusty and now-inaccessible archives."
* http://support.microsoft.com/kb/938810/en-us
Last Review: December 6, 2007
Revision: 2.0
:nono::crazy:
------------------------------
- http://preview.tinyurl.com/2h5md8
January 05, 2008 (Computerworld) - "Microsoft Corp. apologized to a software rival yesterday for saying its file format posed a security risk and issued new tools to let users of Office 2003 SP3 unblock a host of barred file types. In a posting to his own blog*, David LeBlanc, a senior software development engineer with the Microsoft Office team, admitted the company's mistake in blaming insecure file formats, including the one used by CorelDraw... The revised support document** lists four downloads that users can run to unblock Word, Excel, PowerPoint and Corel files... "We'll try harder to make enabling older formats much more user-friendly in the future," he said."
* http://blogs.msdn.com/david_leblanc/...e-formats.aspx
"...The .reg files you can use to change the security settings can be downloaded here..."
** http://support.microsoft.com/kb/938810/en-us
Last Review: January 4, 2008
Revision: 3.0
------------------------------
- http://preview.tinyurl.com/2gkwxt
January 10, 2008 (Computerworld) - "Microsoft Corp. will not post new tools that would allow users of Office 2007 to access blocked file formats, as it has done for customers running Office 2003 Service Pack 3 (SP3). It cited a lack of interest in such tools and said existing work-arounds accomplish the same thing... the Office Web site* explains how to set up a "trusted location," a special folder on a local or network drive. Files in a trusted folder aren't checked by Office 2007's security tools before opening, and thus the older file formats open normally..."
* http://office.microsoft.com/en-us/he...319991033.aspx
:clown:
MS Security Bulletin Advance Notification - January 2008
FYI...
- http://www.microsoft.com/technet/sec.../ms08-jan.mspx
January 3, 2008
"...This is an advance notification of -two- security bulletins that Microsoft is intending to release on January 8, 2008... The security bulletins for this month are as follows, in order of severity:
Critical (1)
Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...
Important (1)
Microsoft Security Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Local Elevation of Privilege...
Affected Software: Windows...
Other...
Microsoft Windows Malicious Software Removal Tool
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
Non-Security, High-Priority Updates on MU, WU, and WSUS
For this month:
Microsoft is planning to release -five- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Microsoft is planning to release -two- non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.
Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."
MS Security Bulletin Summary - January 2008
FYI...
- http://www.microsoft.com/technet/sec.../ms08-jan.mspx
January 8, 2008
"This bulletin summary lists security bulletins released for January 2008...
Critical (1)
Microsoft Security Bulletin MS08-001
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
- http://www.microsoft.com/technet/sec.../ms08-001.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Important (1)
Microsoft Security Bulletin MS08-002
Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)
- http://www.microsoft.com/technet/sec.../ms08-002.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Local Elevation of Privilege...
Other...
Microsoft Windows Malicious Software Removal Tool
Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
Non-Security, High-Priority Updates on MU, WU, and WSUS
• Microsoft has released -five- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft has released -two- non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.
Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."
---------------------
ISC Analysis
- http://isc.sans.org/diary.html?storyid=3819
Last Updated: 2008-01-08 18:25:59 UTC
Microsoft Security Advisory (943411) - Vista
FYI...
Microsoft Security Advisory (943411)
Update to Improve Windows Sidebar Protection
- http://www.microsoft.com/technet/sec...ry/943411.mspx
January 8, 2008 - "An update is available for currently supported editions of the Windows Vista operating system. The update to improve Windows Sidebar Protection enables Windows Sidebar to help block gadgets from running in Sidebar. For more information about installing this update, see Microsoft Knowledge Base Article 943411*. For more information about how Windows Sidebar Protection helps block installed gadgets from running in Windows Sidebar, see Microsoft Knowledge Base Article 941411**..."
* http://support.microsoft.com/kb/943411
** http://support.microsoft.com/kb/941411
Security Bulletins MS07-064 & MS07-057 revisions, MS07-042 re-released
The following bulletins have undergone a -minor- revision increment.
* MS07-064 - Critical
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
- http://www.microsoft.com/technet/sec.../ms07-064.mspx
- Reason for Revision: Bulletin updated to remove known issues notation. This update does not have any known issues.
- Originally posted: December 11, 2007
- Updated: January 9, 2008
- Bulletin Severity Rating: Critical
- Version: 1.3
* MS07-057 - Critical
Cumulative security update for Internet Explorer
- http://www.microsoft.com/technet/sec.../ms07-057.mspx
- Reason for Revision: Revised to add a known issue.
(Known issues since original release of the bulletin:
KB904710*: WinINet ignores the policies that you set when you create a custom administrative template file in Windows XP with Service Pack 2 - * http://support.microsoft.com/kb/904710 )
- Originally posted: October 9, 2007
- Updated: January 9, 2008
- Bulletin Severity Rating: Critical
- Version: 1.2
The following bulletins have undergone a -major- revision increment.
* MS07-042 - Critical
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
- http://www.microsoft.com/technet/sec.../ms07-042.mspx
- Reason for Revision: Bulletin updated: Added Microsoft Word Viewer 2003 as an affected product. Also added an Update FAQ clarifying the kill bit for Microsoft XML Parser 2.6 and its applicability to this security update.
- Originally posted: August 14, 2007
- Updated: January 9, 2008
- Bulletin Severity Rating: Critical
- Version: 3.0
.