Results 1 to 6 of 6

Thread: MS Alerts - Q3-2007b

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Default MS Alerts - Q3-2007b

    FYI...

    An update is available that improves the compatibility and reliability of Windows Vista
    - http://support.microsoft.com/kb/938194
    Article ID: 938194
    Last Review: August 24, 2007
    Revision: 2.2

    An update is available that improves the performance and reliability of Windows Vista
    - http://support.microsoft.com/kb/938979
    Article ID: 938979
    Last Review: August 24, 2007
    Revision: 2.1


    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - September 2007

    FYI...

    - http://www.microsoft.com/technet/sec.../ms07-sep.mspx
    Published: September 11, 2007

    This bulletin summary lists security bulletins released for September 2007...

    Critical (1)

    Microsoft Security Bulletin MS07-051
    Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827)
    - http://www.microsoft.com/technet/sec.../ms07-051.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Windows...


    Important (3)

    Microsoft Security Bulletin MS07-052
    Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)
    - http://www.microsoft.com/technet/sec.../ms07-052.mspx
    Maximum Severity Rating: Important
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Visual Studio...

    Microsoft Security Bulletin MS07-053
    Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)
    - http://www.microsoft.com/technet/sec.../ms07-053.mspx
    Maximum Severity Rating: Important
    Impact of Vulnerability: Elevation of Privilege...
    Affected Software: Windows Services for UNIX, Subsystem for UNIX-based Applications...

    Microsoft Security Bulletin MS07-054
    Vulnerability in MSN Messenger and Windows Live Messenger could allow Remote Code Execution (942099)
    - http://www.microsoft.com/technet/sec.../ms07-054.mspx
    Maximum Severity Rating: Important
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: MSN Messenger, Windows Live Messenger...

    -------------------------------------------------------------

    ISC Analysis
    - http://isc.sans.org/diary.html?storyid=3367
    Last Updated: 2007-09-11 17:57:21 UTC

    ================================================

    An update is available that improves the performance and reliability of Windows Vista
    - http://support.microsoft.com/kb/938979
    Last Review: September 11, 2007
    Revision: 2.2

    .
    Last edited by AplusWebMaster; 2007-09-11 at 23:20.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS07-051, MS07-052, MS07-054 exploits available

    FYI...

    - http://isc.sans.org/diary.html?storyid=3367
    Last Updated: 2007-09-13 09:07:25 UTC ... (Version: 3)
    "MS07-051... Exploit available in for pay program since Sept. 12th..."
    > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3040

    "MS07-052... Well known vulnerability with public exploit code..."
    > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6133

    "MS07-054... Details of how to exploit are public..."
    > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2931


    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    - http://blog.washingtonpost.com/secur...of_ecrime.html
    September 17, 2007 - "...Symantec documented 237 vulnerabilities in Web browser plug-ins. Nearly 90 percent of those were related to ActiveX components in IE that were found to introduce security holes that could let malicious Web sites compromise Windows PCs."


    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Office 2003 SP3 released

    FYI...

    - http://support.microsoft.com/kb/923618/
    Article ID: 923618
    Last Review: September 18, 2007
    Revision: 1.0

    Download:
    - http://preview.tinyurl.com/2zf3ox

    More info:
    - http://www.informationweek.com/share...leID=201807224
    --------------------------------------------------

    - http://isc.sans.org/diary.html?storyid=3405
    Last Updated: 2007-09-19 16:05:16 UTC - "...This service pack includes a roll-up of several existing security fixes, but also makes some behavioral changes that affect security:
    * Office can now no longer by default open certain older document formats, which include Coreldraw and older Powerpoint versions (pre-97). This significantly reduces the amount of attack surface;
    * Older COM components that behave in a non-appropriate way may no longer have the same level of access as they did in the past (KB 938814);
    * Administrators can now, through the registry, configure Office to no longer allow certain COM components. They also have the ability to block the opening of files older than a certain Word version (KB 938815 and 938810)
    Plenty of other changes apply, this is not a complete list. Read more at Microsoft*."

    * http://office.microsoft.com/en-us/do...s/default.aspx

    .
    Last edited by AplusWebMaster; 2007-09-19 at 20:24.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Stealth Windows Update prevents XP repair

    FYI...

    - http://preview.tinyurl.com/2mv94t
    September 27, 2007 (Computerworld) - "The contentious stealth update that Microsoft delivered to customers this summer blocks 80 patches and fixes from installing after Windows XP is restored using its "repair" feature, researchers said today. Scott Dunn, who first reported the problem in a story posted Thursday morning to the "Windows Secrets" newsletter**, said that users who reinstall Windows XP with the repair option cannot retrieve the full set of updates from Windows Update (WU). The problem, he said, has been traced to the so-called "stealth update" to WU which Microsoft has acknowledged sending to users beginning in July... That problem affects any user who restores Windows XP using the setup CD's "repair" option, sometimes also called an "in-place reinstallation" because it reinstalls the operating system files without disturbing the applications and data already on the disk drive. Because repair is essentially a roll-back to XP's original state, the OS must be updated with all subsequent patches and hotfixes using WU. A system bought soon after Windows XP SP2 was released, for example, would need to download and install about three years' worth of updates. After a repair, XP defaults to the "Automatic" setting for Automatic Updates, which means WU is immediately updated to version 7.0.600.381, the version pushed to PCs by the summer's undercover upgrade, said Dunn. Seven of the DLL (dynamic link library) files that make up 7.0.600.381, however, fail to register themselves with Windows. That, in turn, keeps XP from successfully installing approximately 80 of the most recent patches and fixes... It's not clear how long WU has prevented post-repair updates, but searches through Microsoft's support newsgroups revealed questions about similar behavior as long ago as June. Responses by other users, including some with Most Valued Professional (MVP) designation -- a honorific Microsoft gives to users who make major contributions to the Windows community -- offered advice much like Dunn's. Several of them pointed users to the support document KB916259*... Microsoft was not available for comment early Thursday morning."
    * http://support.microsoft.com/kb/916259

    ** http://www.windowssecrets.com/2007/0...nts-XP-repair#


    ----------------------------------

    Updates are not installed successfully from Windows Update, from Microsoft Update, or by using Automatic Updates after you repair a Windows XP installation
    - http://support.microsoft.com/kb/943144/en-us
    Last Review: September 28, 2007
    Revision: 1.1
    ----------------------------
    Article ID: 943144
    >>> Last Review: October 2, 2007
    Revision: 2.1

    .
    Last edited by AplusWebMaster; 2007-10-04 at 12:22. Reason: MS issued KB article fix.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •