Page 3 of 51 FirstFirst 123456713 ... LastLast
Results 21 to 30 of 501

Thread: Old MS Alerts

  1. #21
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS07-069 (IE update)... Post Install Issue

    FYI...

    MS07-069 (IE update)... Post Install Issue
    - http://preview.tinyurl.com/252f8d
    December 18, 2007 (MSRC) - "...We have been investigating public reports of possible problems on systems that have installed the Cumulative Security Update for Internet Explorer (942615),
    http://www.microsoft.com/technet/sec.../ms07-069.mspx
    released earlier this month. We have some information to share with you regarding the results of our investigation into these reports. First, I want to note the security update does protect against the vulnerabilities noted in the bulletin. If you are not experiencing issues noted in the below referenced Knowledge Base article, no action is needed. We have been working with a small number of customers that reported issues related to the installation of MS07-069. Specifically, on a Windows XP Service Pack 2 (SP2)-based computer, Internet Explorer 6 may stop responding when you try to a visit a web site. We’ve made an update to the Knowledge Base article for MS07-069, KB942615, which highlights the known issue.
    http://support.microsoft.com/kb/942615
    We have also added the following known issue Knowledge Base article KB946627. Because this occurs in a customized installation, this isn’t a widespread issue.
    http://support.microsoft.com/kb/946627
    Customers who believe they are affected can contact Customer Support Services at no charge using the PC Safety line at 1-866-PCSAFETY (North America). All customers, including those outside the U.S., can visit http://support.microsoft.com/security for assistance."
    -----------------------------

    - http://secunia.com/advisories/28036/
    "...NOTE: This vulnerability is reportedly being actively exploited.
    Successful exploitation of the vulnerabilities allows execution of arbitrary code when a user e.g. visits a malicious website..."

    > http://www.microsoft.com/technet/sec.../MS07-069.mspx
    • V1.2 (December 18, 2007): Bulletin updated to reflect a known issue; a change to the Removal Information text in the Windows Vista Reference Table in the Security Update Information section; and, a change to the File Information text in the Reference Table within the Security Update Information section for all affected operating systems...

    Last edited by AplusWebMaster; 2007-12-19 at 19:50.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #22
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy XPSP2 w/IE6 registry edit fix for MS07-069

    What?

    XPSP2 w/IE6 registry edit fix for MS07-069
    - http://support.microsoft.com/kb/946627
    Last Review: December 19, 2007
    Revision: 1.0
    "...WORKAROUND
    Warning: Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk..."

    - http://blogs.msdn.com/ie/archive/200...2.aspx#6806843
    December 19, 2007 - "...can Microsoft be serious that the solution is to edit each registry? Is this some sort of joke? It would be easier to have each user install Mozilla Firefox and stop using IE completely."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #23
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation IE 6 crashes after you install (MS07-069)

    FYI...

    - http://www.microsoft.com/technet/sec.../MS07-069.mspx
    • V1.3 (December 20, 2007): Bulletin revised to reflect a new Security Update FAQ entry for a known issue documented in KB946627.

    IE 6 crashes after you install (MS07-069) security update 942615 on a computer that is running Windows XPSP2
    - http://support.microsoft.com/kb/946627/
    Last Review: December 21, 2007
    Revision: 2.0

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #24
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry MS Office2003 SP3 disables older file formats

    FYI...

    MS Office2003 SP3 disables older file formats
    - http://it.slashdot.org/it/08/01/01/137257.shtml
    January 02, 2008 - "In Service Pack 3 for Office 2003, Microsoft disabled support for many older file formats. If you have old Word, Excel, 1-2-3, Quattro, or Corel Draw documents, watch out! They did this because the old formats are 'less secure', which actually makes some sense, but only if you got the files from some untrustworthy source. Naturally, they did this by default, and then documented a mind-bogglingly complex workaround (KB 938810*) rather than providing a user interface for adjusting it, or even a set of awkward 'Do you really want to do this?' dialog boxes to click through. And of course because these are, after all, old file formats ... many users will encounter the problem only months or years after the software change, while groping around in dusty and now-inaccessible archives."
    * http://support.microsoft.com/kb/938810/en-us
    Last Review: December 6, 2007
    Revision: 2.0


    ------------------------------

    - http://preview.tinyurl.com/2h5md8
    January 05, 2008 (Computerworld) - "Microsoft Corp. apologized to a software rival yesterday for saying its file format posed a security risk and issued new tools to let users of Office 2003 SP3 unblock a host of barred file types. In a posting to his own blog*, David LeBlanc, a senior software development engineer with the Microsoft Office team, admitted the company's mistake in blaming insecure file formats, including the one used by CorelDraw... The revised support document** lists four downloads that users can run to unblock Word, Excel, PowerPoint and Corel files... "We'll try harder to make enabling older formats much more user-friendly in the future," he said."

    * http://blogs.msdn.com/david_leblanc/...e-formats.aspx
    "...The .reg files you can use to change the security settings can be downloaded here..."

    ** http://support.microsoft.com/kb/938810/en-us
    Last Review: January 4, 2008
    Revision: 3.0
    ------------------------------
    - http://preview.tinyurl.com/2gkwxt
    January 10, 2008 (Computerworld) - "Microsoft Corp. will not post new tools that would allow users of Office 2007 to access blocked file formats, as it has done for customers running Office 2003 Service Pack 3 (SP3). It cited a lack of interest in such tools and said existing work-arounds accomplish the same thing... the Office Web site* explains how to set up a "trusted location," a special folder on a local or network drive. Files in a trusted folder aren't checked by Office 2007's security tools before opening, and thus the older file formats open normally..."
    * http://office.microsoft.com/en-us/he...319991033.aspx

    Last edited by AplusWebMaster; 2008-01-11 at 06:35.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #25
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Default MS Security Bulletin Advance Notification - January 2008

    FYI...

    - http://www.microsoft.com/technet/sec.../ms08-jan.mspx
    January 3, 2008
    "...This is an advance notification of -two- security bulletins that Microsoft is intending to release on January 8, 2008... The security bulletins for this month are as follows, in order of severity:

    Critical (1)

    Microsoft Security Bulletin 1
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Windows...

    Important (1)

    Microsoft Security Bulletin 2
    Maximum Severity Rating: Important
    Impact of Vulnerability: Local Elevation of Privilege...
    Affected Software: Windows...

    Other...
    Microsoft Windows Malicious Software Removal Tool
    Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

    Non-Security, High-Priority Updates on MU, WU, and WSUS
    For this month:
    • Microsoft is planning to release -five- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
    • Microsoft is planning to release -two- non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.
    Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #26
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - January 2008

    FYI...

    - http://www.microsoft.com/technet/sec.../ms08-jan.mspx
    January 8, 2008
    "This bulletin summary lists security bulletins released for January 2008...

    Critical (1)

    Microsoft Security Bulletin MS08-001
    Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
    - http://www.microsoft.com/technet/sec.../ms08-001.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...

    Important (1)

    Microsoft Security Bulletin MS08-002
    Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)
    - http://www.microsoft.com/technet/sec.../ms08-002.mspx
    Maximum Severity Rating: Important
    Impact of Vulnerability: Local Elevation of Privilege...

    Other...

    Microsoft Windows Malicious Software Removal Tool
    Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

    Non-Security, High-Priority Updates on MU, WU, and WSUS
    • Microsoft has released -five- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
    • Microsoft has released -two- non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.

    Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."
    ---------------------

    ISC Analysis
    - http://isc.sans.org/diary.html?storyid=3819
    Last Updated: 2008-01-08 18:25:59 UTC
    Last edited by AplusWebMaster; 2008-01-08 at 20:42.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #27
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Microsoft Security Advisory (943411) - Vista

    FYI...

    Microsoft Security Advisory (943411)
    Update to Improve Windows Sidebar Protection
    - http://www.microsoft.com/technet/sec...ry/943411.mspx
    January 8, 2008 - "An update is available for currently supported editions of the Windows Vista operating system. The update to improve Windows Sidebar Protection enables Windows Sidebar to help block gadgets from running in Sidebar. For more information about installing this update, see Microsoft Knowledge Base Article 943411*. For more information about how Windows Sidebar Protection helps block installed gadgets from running in Windows Sidebar, see Microsoft Knowledge Base Article 941411**..."

    * http://support.microsoft.com/kb/943411

    ** http://support.microsoft.com/kb/941411
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #28
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Security Bulletins MS07-064 & MS07-057 revisions, MS07-042 re-released

    The following bulletins have undergone a -minor- revision increment.

    * MS07-064 - Critical
    Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
    - http://www.microsoft.com/technet/sec.../ms07-064.mspx
    - Reason for Revision: Bulletin updated to remove known issues notation. This update does not have any known issues.
    - Originally posted: December 11, 2007
    - Updated: January 9, 2008
    - Bulletin Severity Rating: Critical
    - Version: 1.3

    * MS07-057 - Critical
    Cumulative security update for Internet Explorer
    - http://www.microsoft.com/technet/sec.../ms07-057.mspx
    - Reason for Revision: Revised to add a known issue.
    (Known issues since original release of the bulletin:
    • KB904710*: WinINet ignores the policies that you set when you create a custom administrative template file in Windows XP with Service Pack 2 - * http://support.microsoft.com/kb/904710 )
    - Originally posted: October 9, 2007
    - Updated: January 9, 2008
    - Bulletin Severity Rating: Critical
    - Version: 1.2

    The following bulletins have undergone a -major- revision increment.

    * MS07-042 - Critical
    Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
    - http://www.microsoft.com/technet/sec.../ms07-042.mspx
    - Reason for Revision: Bulletin updated: Added Microsoft Word Viewer 2003 as an affected product. Also added an Update FAQ clarifying the kill bit for Microsoft XML Parser 2.6 and its applicability to this security update.
    - Originally posted: August 14, 2007
    - Updated: January 9, 2008
    - Bulletin Severity Rating: Critical
    - Version: 3.0

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #29
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post

    FYI...

    Microsoft Security Advisory (945713)
    Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure
    - http://www.microsoft.com/technet/sec...ry/945713.mspx
    Updated: January 9, 2008
    Revisions:
    • December 3, 2007: Advisory published.
    • January 9, 2008: Advisory updated: The registry key for the Configure a Domain Suffix Search List workaround has been corrected to the proper key of SearchList.

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #30
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation ThreatCon Level is 2

    FYI... ThreatCon Level is 2

    - http://www.symantec.com/avcenter/thr...earnabout.html
    "The ThreatCon is currently at Level 2 in response to the disclosure of a critical remote vulnerability affecting the default configurations of Windows XP and Windows Vista. Nondefault configurations of Windows 2003 are also affected... The MS08-001 bulletin also addresses a remote kernel-based denial-of-service issue affecting nondefault configurations of Windows 2000, XP, and 2003. IBM Internet Security Systems, the team that discovered these kernel-based flaws, has recently released an official advisory* suggesting that the ICMP-based flaw, which Microsoft has considered a low-severity, denial-of-service issue, may in fact be exploitable to execute code. However, we have not confirmed this. Windows 2000 users who are not affected by the critical vulnerability may want to reevaluate their stance on patching the lower-severity issue in light of this new information. Multiple (3) Microsoft Windows TCP/IP Remote Code Execution and DoS Vulnerabilities
    ( * http://iss.net/threats/282.html ) The MS08-002 bulletin was also released to address a local privilege-escalation vulnerability affecting LSASS. Users are advised to review the Microsoft Security Bulletins and to apply the patches as soon as possible..."

    * "...An attacker does not need to invoke any kind of user interaction to exploit this vulnerability. The lack of user interaction, widespread availability of the protocols, and the possibility of complete compromise of targeted systems means that administrators should treat this vulnerability as highly critical. The lack of user interaction makes this exploit a probable target for botnets, such as the Storm Worm. Administrators should monitor the signatures listed in the ISS Coverage section for any attempted worm or botnet activity. Administrators should also keep in mind that multicast traffic is usually received by multiple destinations, so a single stream of attack traffic would likely affect more than one target..."

    Last edited by AplusWebMaster; 2008-01-13 at 06:12.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •