MS Security Bulletin Advance Notification - February 2008
FYI...
- http://www.microsoft.com/technet/sec.../MS08-feb.mspx
Published: February 7, 2008 - "This is an advance notification of -twelve- security bulletins that Microsoft is intending to release on February 12, 2008...
> Critical (7)
Bulletin Identifier: Microsoft Security Bulletin 5
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...
Bulletin Identifier: Microsoft Security Bulletin 6
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Office, Visual Basic...
Bulletin Identifier: Microsoft Security Bulletin 7
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, VBScript, JScript...
Bulletin Identifier: Microsoft Security Bulletin 8
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...
Bulletin Identifier: Microsoft Security Bulletin 10
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...
Bulletin Identifier: Microsoft Security Bulletin 11
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...
Bulletin Identifier: Microsoft Security Bulletin 12
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...
> Important (5)
Bulletin Identifier: Microsoft Security Bulletin 1
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service
Affected Software: Windows, Active Directory, ADAM...
Bulletin Identifier: Microsoft Security Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service...
Affected Software: Windows...
Bulletin Identifier: Microsoft Security Bulletin 3
Maximum Severity Rating:Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows, IIS...
Bulletin Identifier: Microsoft Security Bulletin 4
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, IIS...
Bulletin Identifier: Microsoft Security Bulletin 9
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office, Works, Works Suite...
------------------------------
Microsoft Windows Malicious Software Removal Tool
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
Non-Security, High-Priority Updates on MU, WU, and WSUS
For this month:
• Microsoft is planning to release -seven- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft is planning to release -two- non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.
Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."
MS Security Bulletin Summary - February 2008
FYI...
- http://www.microsoft.com/technet/sec.../ms08-feb.mspx
February 12, 2008
"This bulletin summary lists security bulletins released for February 2008...
> Critical (6)
Microsoft Security Bulletin MS08-007
Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)
- http://www.microsoft.com/technet/sec.../ms08-007.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...
Microsoft Security Bulletin MS08-008
Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)
- http://www.microsoft.com/technet/sec.../ms08-008.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Office, Visual Basic...
Microsoft Security Bulletin MS08-009
Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077)
- http://www.microsoft.com/technet/sec.../ms08-009.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...
Microsoft Security Bulletin MS08-010
Cumulative Security Update for Internet Explorer (944533)
- http://www.microsoft.com/technet/sec.../ms08-010.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...
Microsoft Security Bulletin MS08-012
Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085)
- http://www.microsoft.com/technet/sec.../ms08-012.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...
Microsoft Security Bulletin MS08-013
Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108)
- http://www.microsoft.com/technet/sec.../ms08-013.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...
> Important (5)
Microsoft Security Bulletin MS08-003
Vulnerability in Active Directory Could Allow Denial of Service (946538)
- http://www.microsoft.com/technet/sec.../ms08-003.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service...
Affected Software: Windows, Active Directory, ADAM...
Microsoft Security Bulletin MS08-004
Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)
- http://www.microsoft.com/technet/sec.../ms08-004.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service...
Affected Software: Windows...
Microsoft Security Bulletin MS08-005
Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
- http://www.microsoft.com/technet/sec.../ms08-005.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows, IIS...
Microsoft Security Bulletin MS08-006
Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)
- http://www.microsoft.com/technet/sec.../ms08-006.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, IIS...
Microsoft Security Bulletin MS08-011
Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)
- http://www.microsoft.com/technet/sec.../ms08-011.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office, Works, Works Suite..."
----------------------
ISC Analysis
- http://isc.sans.org/diary.html?storyid=3973
Last Updated: 2008-02-12 19:23:49 UTC
.
MS08-007, MS08-010, MS08-011 exploits released
FYI...
- http://isc.sans.org/diary.html?storyid=3973
Last Updated: 2008-02-13 18:25:13 UTC ...(Version: 3)
"...
MS08-007... WebDAV - Exploit instructions public... Critical
Vulnerability in WebDAV Mini-Redirector allows Remote Code Execution
MS08-010... IE - Exploit publicly available... PATCH NOW
Cumulative Security Update for Internet Explorer
MS08-011... Works - Exploit publicly available... Critical
Multiple vulnerabilities in Microsoft Works File Converter allow Remote Code Execution ..."
> http://forums.spybot.info/showpost.p...9&postcount=33
:fear:
MS08-006 exploit released
FYI...
- http://isc.sans.org/diary.html?storyid=3973
Last Updated: 2008-02-15 01:51:27 UTC ...(Version: 4)
MS08-006 - IIS - Detailed discussion and DoS exploit made public - Important
Vulnerability in IIS Handling of HTML-encoded ASP Web Pages allows Remote Code Execution
> http://forums.spybot.info/showpost.p...9&postcount=33
:fear:
MS Vista - Windows Update Issues
FYI...
- http://isc.sans.org/diary.html?storyid=3998
Last Updated: 2008-02-19 21:13:32 UTC - "We received information in regards to Microsoft Vista getting into a reboot loop after running the Windows Update..."
(Details at the URL above.)
:fear:
Vista SP1 pre-req "temporarily suspended"
FYI...
Vista SP1 pre-req "temporarily suspended"
- http://preview.tinyurl.com/yqvvoa
February 19, 2008 (Windows Vista blog) - "We've heard a few reports about problems customers may be experiencing as a result of KB937287*, the servicing stack update I blogged about last week, and I wanted to provide a quick update for you. Immediately after receiving reports of this error, we made the decision to temporarily suspend automatic distribution of the update to avoid further customer impact while we investigate possible causes... Customers who may be experiencing this issue can use system restore to correct it or contact 1-866-PC-Safety for help troubleshooting..."
* http://support.microsoft.com/kb/937287
:lip:
Dual-booting XP deletes Vista restore points
FYI...
Dual-booting XP deletes Vista restore points
- http://windowssecrets.com/comp/080221#known0
2008-02-21 - "... booting to XP on a dual-boot system has the negative side-effect of deleting any Vista restore points, in addition to all but its latest backup file, and a Registry workaround* is required to prevent this..."
* http://support.microsoft.com/kb/926185
:sad::fear::buried:
Vista SP1 Blocks AV Programs
FYI...
Vista SP1 Blocks AV Programs
- http://www.informationweek.com/share...leID=206801120
Feb. 21, 2008 - "A major update to Microsoft's Windows Vista operating system could leave computers vulnerable to hackers and malware as the service pack prevents several widely used antivirus programs from operating, the company said. The list of security products that Windows Vista Service Pack 1 blocks includes Zone Alarm Security Suite 7.1, Trend Micro Internet Security 2008, and BitDefender 10. It also blocks the 2008 version of the Jiangmin antivirus product. Microsoft said the blocks occur because the antivirus programs are not compatible with Vista SP1. "For reliability reasons, Microsoft blocks these programs from starting after you install Windows Vista SP1," the company said in a statement posted Wednesday on its support Web site*..."
* http://support.microsoft.com/kb/935796
Last Review: February 22, 2008
Revision: 3.0
:lip: