MS Bulletin Advance Notification - August 2007
FYI...
- http://www.microsoft.com/technet/sec.../ms07-aug.mspx
Published: August 9, 2007
"...This is an advance notification of -nine- security bulletins that Microsoft is intending to release on August 14, 2007...
Critical (6)
Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, XML Core Services...
Microsoft Security Bulletin 2
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Visual Basic, Office for Mac...
Microsoft Security Bulletin 3
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...
Microsoft Security Bulletin 4
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...
Microsoft Security Bulletin 5
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...
Microsoft Security Bulletin 9
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...
Important (3)
Microsoft Security Bulletin 6
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...
Microsoft Security Bulletin 7
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows Vista...
Microsoft Security Bulletin 8
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Virtual PC, Virtual Server...
.
MS Security Bulletin Advance Notification - September 2007
FYI...
- http://www.microsoft.com/technet/sec.../ms07-sep.mspx
Published: September 6, 2007
"This is an advance notification of five security bulletins that Microsoft is intending to release on September 11, 2007...
Critical (1)
Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows.
Important (4)
Microsoft Security Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Visual Studio.
Microsoft Security Bulletin 3
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows Services for UNIX, Subsystem for UNIX-based Applications.
Microsoft Security Bulletin 4
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: MSN Messenger, Windows Live Messenger.
Microsoft Security Bulletin 5
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows, SharePoint Server.
-----------------------------------------------
- http://www.microsoft.com/technet/sec.../ms07-sep.mspx
Revisions:
• September 7, 2007: Bulletin Advance Notification updated. Microsoft plans to release four security bulletins, and no longer plans to release Microsoft Security Bulletin 5 affecting Windows and SharePoint Server, on Tuesday, September 11, 2007.
.
MS Security Bulletin Advance Notification - October 2007
FYI...
- http://www.microsoft.com/technet/sec.../ms07-oct.mspx
October 4, 2007
"...This bulletin advance notification will be replaced with the October bulletin summary on October 9, 2007...
Critical (4)
Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...
Microsoft Security Bulletin 2
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Outlook Express, Windows Mail...
Microsoft Security Bulletin 3
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...
Microsoft Security Bulletin 6
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...
Important (3)
Microsoft Security Bulletin 4
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service...
Affected Software: Windows...
Microsoft Security Bulletin 5
Maximum Severity Rating: Important
Impact of Vulnerability: Spoofing...
Affected Software: Windows...
Microsoft Security Bulletin 7
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows, Office..."
.
(MS07-060) Word exploit loose
FYI...
- http://preview.tinyurl.com/2q4xop
October 11, 2007 (Computerworld) - Security researchers spotted an attack yesterday that exploits a vulnerability in Microsoft Word patched just the day before. On Wednesday, Symantec Corp. reported it had obtained a suspicious Word document that crashed every version of the application except the newest, Word 2007, when opened. After it examined the document, Symantec found that the document included shell code and three pieces of malware. Among its more surprising findings: Symantec found that the document had been created with the edition of Word included with Office for Mac 2004. On Tuesday, Microsoft Corp. issued a patch that closed a critical vulnerability in multiple editions of the popular word processor, including Word 2000, Word XP and Word for the Mac. Symantec put the two together. "Taking a closer look at that vulnerability, we confirmed that this document was in fact exploiting the same vulnerability"... Updates to the Windows versions of Word can be obtained via Microsoft Update or Office Update..."
- http://preview.tinyurl.com/2saysc
October 10, 2007 (Symantec Security Response Weblog)
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3899
> http://cwe.mitre.org/data/definitions/94.html
:fear:
Stealth Windows Updates (cont'd)
FYI...
- http://preview.tinyurl.com/27znt2
October 16, 2007 (Computerworld) - "For the second time in a month, Microsoft Corp. has had to defend Windows Update against charges that it upgraded machines without users' permission. So far, it has no explanation for the newest instance of unauthorized updating..."
- https://windowssecrets.com/2007/10/2...-be-MS-OneCare
October 25, 2007 - "...My finding is that Windows Live OneCare silently changes the AU settings. This explains at least some of the complaints that have been reported so far. Users could have installed OneCare — even a free-trial version — at any time in the recent past and been unaware of any changes until Automatic Updates forced a reboot in the wee hours..."
- http://support.microsoft.com/kb/943144/en-us
Last Review: October 26, 2007
Revision: 2.2