Results 1 to 6 of 6

Thread: MS Alerts - Q2-2007

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Default MS Alerts - Q2-2007

    Released yesterday - this may not be a "bulletin", but it certainly affects the way you get them, if at all:

    Microsoft Security Advisory (927891)
    Fix for Windows Installer (MSI)
    - http://www.microsoft.com/technet/sec...ry/927891.mspx
    Published: May 22, 2007
    "...Your system may appear to become unresponsive when Windows Update or Microsoft Update is scanning for updates that use Windows installer, and you may notice that the CPU usage for the svchost process is showing 100%... note that this update is the first part of a two-part fix that is the comprehensive solution to the problem. In June, another update will involve the Windows Update client..."

    - http://blogs.technet.com/msrc/archiv...y-updates.aspx
    May 22, 2007 ~ "...the issue may prevent you from installing other updates (including security updates) until you apply this new update, so we encourage customers to apply this right away."

    Last edited by AplusWebMaster; 2007-05-23 at 11:53.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Another MS Update fraud e-mail virus

    FYI...

    - http://www.f-secure.com/weblog/archi....html#00001200
    May 28, 2007 ~ "...We received reports of an important update supposedly coming from Microsoft Support. Since this "update" is not part of the monthly cycle, we were of course suspicious. Looking at the e-mail, our suspicions grew due to the glaring typos and the non-Microsoft domain link... The technical jargon used, however, might confuse normal users. The sample contained in the link is now detected as Backdoor:W32/VanBot.CA since 2007-05-28_05. Updates are always good, but in this case, keep your virus definitions updated instead."

    (Screenshot available at the URL above.)


    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post MS Security Bulletin Advance Notification - June 2007

    FYI... (new format for Advanced Notification)

    - http://www.microsoft.com/technet/sec.../ms07-jun.mspx
    June 7, 2007
    ...Bulletins to be issued: June 12, 2007

    This is an advance notification of security bulletins that Microsoft is intending to release for June 2007. The security bulletins for this month are as follows, in order of severity:

    Critical (4)

    Microsoft Security Bulletin 2
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    The update will require a restart.
    Affected Software: Windows.

    Microsoft Security Bulletin 4
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    The update will require a restart.
    Affected Software: Windows, Internet Explorer.

    Microsoft Security Bulletin 5
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    The update will require a restart.
    Affected Software: Windows, Outlook Express, Windows Mail.

    Microsoft Security Bulletin 6
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    The update may require a restart.
    Affected Software: Windows.

    Important (1)

    Microsoft Security Bulletin 1
    Maximum Severity Rating: Important
    Impact of Vulnerability: Remote Code Execution...
    The update may require a restart.
    Affected Software: Office, Visio.

    Moderate (1)

    Microsoft Security Bulletin 3
    Maximum Severity Rating: Moderate
    Impact of Vulnerability: Information Disclosure...
    The update may require a restart.
    Affected Software: Windows..."


    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - June 2007

    FYI...

    - http://www.microsoft.com/technet/sec.../ms07-jun.mspx
    Published: June 12, 2007
    "The security bulletins for this month are as follows, in order of severity:

    Critical (4)

    Microsoft Security Bulletin MS07-031
    Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)
    - http://www.microsoft.com/technet/sec.../MS07-031.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution
    Affected Software: Windows...

    Microsoft Security Bulletin MS07-033
    Cumulative Security Update for Internet Explorer (933566)
    - http://www.microsoft.com/technet/sec.../MS07-033.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution
    Affected Software: Windows, Internet Explorer...

    Microsoft Security Bulletin MS07-034
    Cumulative Security Update for Outlook Express and Windows Mail (929123)
    - http://www.microsoft.com/technet/sec.../MS07-034.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution
    Affected Software: Windows, Outlook Express, Windows Mail...

    Microsoft Security Bulletin MS07-035
    Vulnerability in Win32 API Could Allow Remote Code Execution (935839)
    - http://www.microsoft.com/technet/sec.../MS07-035.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution
    Affected Software: Windows...


    Important (1)

    Microsoft Security Bulletin MS07-030
    Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)
    - http://www.microsoft.com/technet/sec.../MS07-030.mspx
    Maximum Severity Rating: Important
    Impact of Vulnerability: Remote Code Execution
    Affected Software: Office, Visio...


    Moderate (1)

    Microsoft Security Bulletin MS07-032
    Vulnerability in Windows Vista Could Allow Information Disclosure (931213)
    - http://www.microsoft.com/technet/sec.../MS07-032.mspx
    Maximum Severity Rating: Moderate
    Impact of Vulnerability: Remote Code Execution
    Affected Software: Windows...


    Other Information

    Microsoft Windows Malicious Software Removal Tool
    Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. Note that this tool is not distributed using Software Update Services (SUS).

    Non-Security, High-Priority Updates on MU, WU, WSUS and SUS
    For this month:
    • Microsoft has released -7- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS)..."

    --------------------------------

    ISC Analysis
    - http://isc.sans.org/diary.html?storyid=2964
    Last Updated: 2007-06-12 20:57:08 UTC (...Version: 3)


    Last edited by AplusWebMaster; 2007-06-12 at 23:56.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Exploits posted for MS07-031 and MS07-033

    FYI...

    - http://preview.tinyurl.com/3bpuol
    June 13, 2007 (Computerworld) - "Exploits appeared within hours for two of the bugs that Microsoft Corp. fixed yesterday... A. Micalizzi went public with a pair of exploits -- one successful against Windows 2000, the other against Windows XP -- that leverage one of the six IE bugs patched yesterday. A bug -- actually two because both the ActiveListen and ActiveVoice ActiveX controls are flawed -- was tagged "critical" in IE6 on Windows 2000 and Windows XP SP2, and "critical" in IE7 on both XP SP2 and Windows Vista. ActiveListen and ActiveVoice provide speech processing and text-to-speech to the browser. Microsoft's MS07-033 security update fixed the flaw... Today, another researcher posted proof-of-concept exploit code on Full Disclosure for the critical SChannel (Security Channel) vulnerability patched in MS07-031. Thomas Lim, CEO of Singapore-based COSEINC, said his exploit "may lead to an unrecoverable heap corruption condition, causing the application to terminate," or in some cases, repeatedly crash an application to cause a system reboot. His exploit wasn't able to inject remote code, however..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    Microsoft Re-Releases MS07-022
    - http://isc.sans.org/diary.html?storyid=3057
    Last Updated: 2007-06-26 19:25:09 UTC ~ "On June 26th 2007, Microsoft re-released the MS07-022 update for Windows 2000 SP4. This update addresses some problems related to the NEC 98 hardware. For more information related to the issues, please see http://support.microsoft.com/kb/931784/ ."

    - http://www.microsoft.com/technet/sec.../ms07-022.mspx
    • V2.0 (June 26, 2007); Updated this bulletin to advise customers running Windows 2000 Service Pack 4 on NEC 98 systems that a revised version of the security update is available.


    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •