Old MS Alerts

MS Security Bulletin Advance Notification - February 2008

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-feb.mspx
Published: February 7, 2008 - "This is an advance notification of -twelve- security bulletins that Microsoft is intending to release on February 12, 2008...

> Critical (7)

Bulletin Identifier: Microsoft Security Bulletin 5
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...

Bulletin Identifier: Microsoft Security Bulletin 6
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Office, Visual Basic...

Bulletin Identifier: Microsoft Security Bulletin 7
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, VBScript, JScript...

Bulletin Identifier: Microsoft Security Bulletin 8
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...

Bulletin Identifier: Microsoft Security Bulletin 10
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...

Bulletin Identifier: Microsoft Security Bulletin 11
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...

Bulletin Identifier: Microsoft Security Bulletin 12
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...


> Important (5)

Bulletin Identifier: Microsoft Security Bulletin 1
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service
Affected Software: Windows, Active Directory, ADAM...

Bulletin Identifier: Microsoft Security Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service...
Affected Software: Windows...

Bulletin Identifier: Microsoft Security Bulletin 3
Maximum Severity Rating:Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows, IIS...

Bulletin Identifier: Microsoft Security Bulletin 4
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, IIS...

Bulletin Identifier: Microsoft Security Bulletin 9
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office, Works, Works Suite...

------------------------------

Microsoft Windows Malicious Software Removal Tool
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS
For this month:
• Microsoft is planning to release -seven- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft is planning to release -two- non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.

Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."
 
Last edited:
MS Security Bulletin Summary - February 2008

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-feb.mspx
February 12, 2008

"This bulletin summary lists security bulletins released for February 2008...

> Critical (6)

Microsoft Security Bulletin MS08-007
Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)
- http://www.microsoft.com/technet/security/bulletin/ms08-007.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...

Microsoft Security Bulletin MS08-008
Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)
- http://www.microsoft.com/technet/security/bulletin/ms08-008.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Office, Visual Basic...

Microsoft Security Bulletin MS08-009
Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077)
- http://www.microsoft.com/technet/security/bulletin/ms08-009.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...

Microsoft Security Bulletin MS08-010
Cumulative Security Update for Internet Explorer (944533)
- http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...

Microsoft Security Bulletin MS08-012
Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085)
- http://www.microsoft.com/technet/security/bulletin/ms08-012.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...

Microsoft Security Bulletin MS08-013
Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108)
- http://www.microsoft.com/technet/security/bulletin/ms08-013.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...


> Important (5)

Microsoft Security Bulletin MS08-003
Vulnerability in Active Directory Could Allow Denial of Service (946538)
- http://www.microsoft.com/technet/security/bulletin/ms08-003.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service...
Affected Software: Windows, Active Directory, ADAM...

Microsoft Security Bulletin MS08-004
Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)
- http://www.microsoft.com/technet/security/bulletin/ms08-004.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service...
Affected Software: Windows...

Microsoft Security Bulletin MS08-005
Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
- http://www.microsoft.com/technet/security/bulletin/ms08-005.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows, IIS...

Microsoft Security Bulletin MS08-006
Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)
- http://www.microsoft.com/technet/security/bulletin/ms08-006.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, IIS...

Microsoft Security Bulletin MS08-011
Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)
- http://www.microsoft.com/technet/security/bulletin/ms08-011.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office, Works, Works Suite..."
----------------------

ISC Analysis
- http://isc.sans.org/diary.html?storyid=3973
Last Updated: 2008-02-12 19:23:49 UTC

.
 
Last edited:
MS08-007, MS08-010, MS08-011 exploits released

FYI...

- http://isc.sans.org/diary.html?storyid=3973
Last Updated: 2008-02-13 18:25:13 UTC ...(Version: 3)
"...
MS08-007... WebDAV - Exploit instructions public... Critical
Vulnerability in WebDAV Mini-Redirector allows Remote Code Execution

MS08-010... IE - Exploit publicly available... PATCH NOW
Cumulative Security Update for Internet Explorer

MS08-011... Works - Exploit publicly available... Critical
Multiple vulnerabilities in Microsoft Works File Converter allow Remote Code Execution ..."

> http://forums.spybot.info/showpost.php?p=163889&postcount=33

:fear:
 
Vista SP1 pre-req "temporarily suspended"

FYI...

Vista SP1 pre-req "temporarily suspended"
- http://preview.tinyurl.com/yqvvoa
February 19, 2008 (Windows Vista blog) - "We've heard a few reports about problems customers may be experiencing as a result of KB937287*, the servicing stack update I blogged about last week, and I wanted to provide a quick update for you. Immediately after receiving reports of this error, we made the decision to temporarily suspend automatic distribution of the update to avoid further customer impact while we investigate possible causes... Customers who may be experiencing this issue can use system restore to correct it or contact 1-866-PC-Safety for help troubleshooting..."
* http://support.microsoft.com/kb/937287

:lip:
 
Vista SP1 Blocks AV Programs

FYI...

Vista SP1 Blocks AV Programs
- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206801120
Feb. 21, 2008 - "A major update to Microsoft's Windows Vista operating system could leave computers vulnerable to hackers and malware as the service pack prevents several widely used antivirus programs from operating, the company said. The list of security products that Windows Vista Service Pack 1 blocks includes Zone Alarm Security Suite 7.1, Trend Micro Internet Security 2008, and BitDefender 10. It also blocks the 2008 version of the Jiangmin antivirus product. Microsoft said the blocks occur because the antivirus programs are not compatible with Vista SP1. "For reliability reasons, Microsoft blocks these programs from starting after you install Windows Vista SP1," the company said in a statement posted Wednesday on its support Web site*..."
* http://support.microsoft.com/kb/935796
Last Review: February 22, 2008
Revision: 3.0

:lip:
 
FYI...

- http://preview.tinyurl.com/yqvvoa
February 19, 2008 (Windows Vista blog) - "We've heard a few reports about problems customers may be experiencing as a result of KB937287*..."
* http://support.microsoft.com/kb/937287

The update is not installed successfully, you receive a message, and the computer restarts when you try to install an update in Windows Vista
> http://support.microsoft.com/kb/949358/en-us
Last Review: February 22, 2008
Revision: 1.0
"...To avoid this problem, install update 937287 separately from all other updates. Install the update that applies to your version of Windows Vista to enable future updates to be installed successfully..."

:lip:
 
Last edited:
- http://blog.washingtonpost.com/securityfix/2008/02/hackers_exploiting_facebook_my.html
February 23, 2008 - "If you use Internet Explorer (versions 6 or 7) to browse the Web, listen up: Criminals are starting to exploit security holes in several widely installed IE plug-ins to plant invasive software when users are coerced or tricked into visiting one of several Web sites. In an alert posted Friday evening, security software vendor Symantec said it is seeing malicious Web sites popping up trying to exploit vulnerabilities in a set of ActiveX controls produced by Aurigma, a technology company whose image transfer browser plug-in is licensed and distributed by a number of major Web sites to help IE users upload pictures. Currently, Facebook.com and MySpace.com are among the biggest distributors of this ActiveX plug-in, but they are hardly the only ones... The malicious Web sites identified by Symantec actually redirects visitors to a fake MySpace.com login page in an attempt to steal MySpace credentials, all while trying the various plug-in exploits quietly in the background... The sites all download a series of executable programs, including some that Symantec said appear to be placeholders for whatever nasties the bad guys want to stuff in there later. The company said it is still in the process of analyzing the programs to see what they do, but it's doubtful they will turn out to be harmless... If you haven't checked out the free, easy-to-use fixit tool* released by incident handlers at the SANS Internet Storm Center, please do so now. The simple, graphical program sets a marker in the Windows registry so that if the vulnerable ActiveX components are installed, then the operating system will not let anyone or anything make use or activate those components... If you ever want to -undo- any part of what (the tool does), run the tool again and uncheck the relevant boxes and hit "set."
* http://isc.sans.org/diary.html?storyid=3931
Last Updated: 2008-02-05 19:48:41 UTC ...(Version: 3)
(Direct link for tool - http://handlers.sans.org/tliston/KillBitGui-Feb08.exe )

:fear:
 
Last edited:
MS Security Bulletin Advance Notification - March 2008

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-mar.mspx
March 6, 2008 - "...This is an advance notification of -four- security bulletins that Microsoft is intending to release on March 11, 2008..."

Critical (4)

Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin 2
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office....

Microsoft Security Bulletin 3
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin 4
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office Web Components...


Non-Security, High-Priority Updates on MU, WU, and WSUS
For this month:
• Microsoft is planning to release -two- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft is planning to release -three- non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.

Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."
 
MS OneCare tags SiteAdvisor in error...

FYI...

- http://preview.tinyurl.com/ypjaam
March 6, 2008 (AvertLabs blog) - "Microsoft’s OneCare team issued an update on January 31, 2008 that resulted in SiteAdvisor users receiving a Microsoft warning message recommending that SiteAdvisor be removed due to interference with OneCare... as a general rule, Microsoft recommends running only one security application at a time because of potential performance and “PC stability” issues. We explained to Microsoft that SiteAdvisor functionality is totally unrelated to OneCare. They agreed... there is no need to disable SiteAdvisor or OneCare. The two products co-exist nicely (aside from the pop-up!). Because OneCare doesn’t allow white listing of applications, affected consumers have limited options until all installations of OneCare are patched."

:thud::spider::sick:
 
Active exploit of Excel vuln

FYI...

- http://isc.sans.org/diary.html?storyid=4117
Last Updated: 2008-03-10 23:52:52 UTC - "...We can confirm these attacks and have been tracking several exploits over the last few days. It should be noted that the incidents we are aware of have been limited to a very specific targeted attack and were not widespread. In total, we established approximately 21 reports of attacks using only 8 different files, from within the same two communities, so far... some of the signatures we know of that catch iterations of these attacks. Note that some are relatively generic and catch multiple other exploits as well... Trojan-Dropper.MSExcel.Agent ...We are aware that some of the samples connect back to update-microsoft.kmip.net (221.130.180.87) on port 80, to retrieve the IP address of the actual control server."

> http://www.us-cert.gov/current/#trojan_exploiting_microsoft_excel_vulnerability

- http://blog.trendmicro.com/olympic-fans-may-fall-for-unpatched-ms-excel-vuln/
March 9, 2008 - "XLS files specially designed to exploit a currently unpatched vulnerability in Microsoft Excel (identified as CVE-2008-0081) are reportedly being sent as email attachments in the wild. The attachments, which arrive either as OLYMPIC.XLS or SCHEDULE.XLS are capable of dropping and executing Windows binary executables. This Trojan also drops a non-malicious Excel file and opens it upon execution to trick the user that it is the attached Excel file... Both OLYMPIC.XLS and SCHEDULE.XLS are observed to use similar exploit templates and even allow malware writers to customize the exploit to perform other routines... malware authors are using this window of opportunity to infect a large number of computers. More information on this exploit can be found on this Microsoft Security Advisory*. Trend Micro advises users to be wary of opening unsolicited email messages, much more of files attached to them..."
(Screenshots available at the URL above.)

* http://www.microsoft.com/technet/security/advisory/947563.mspx
January 16, 2008

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0081
Last revised: 1/17/2008

:fear::spider::fear:
 
MS Security Bulletin Summary - March 2008

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-mar.mspx
March 11, 2008
"...The security bulletins for this month are as follows, in order of severity:

Critical (4)

Microsoft Security Bulletin MS08-014
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
- http://www.microsoft.com/technet/security/bulletin/MS08-014.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-015
Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)
- http://www.microsoft.com/technet/security/bulletin/MS08-015.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-016
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
- http://www.microsoft.com/technet/security/bulletin/MS08-016.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-017
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)
- http://www.microsoft.com/technet/security/bulletin/MS08-017.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office Web Components...


Other Information -
Microsoft Windows Malicious Software Removal Tool
Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS
For this month:
• Microsoft has released -two- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft has released -three- non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.

Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."
--------------------------------------------------------------

ISC Analysis
- http://isc.sans.org/diary.html?storyid=4124
Last Updated: 2008-03-11 18:33:40 UTC
--------------------------------------------------------------

Microsoft Security Advisory (947563)
Vulnerability in Microsoft Excel Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/947563.mspx
Published: January 15, 2008 | Updated: March 11, 2008 - "...We have issued MS08-014* to address this issue..."
* http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx
 
Last edited:
IE5 and IE6 FTP vuln

FYI...

- http://isc.sans.org/diary.html?storyid=4126
Last Updated: 2008-03-11 20:57:53 UTC - "The many out there still using older versions of MSIE (such as Internet Explorer 5 or 6) might well be interested in two new vulnerabilities discovered and made public today on full disclosure. It looks somewhat like a Cross Site Request Forgery (CSRF) attack: A malicious URL you (somehow) hit. It can be unintentional on the user's part through e.g. an injected iframe on a forum. The URL tells the client to contact another server and does some bad things there that the user never intended, but had the authorization to do. The twist in this case is that the second hit doing damage can also be a FTP request, not just a HTTP request. Still normally you can only log in and download (GET) files using a URL, and if the FTP server is requiring authentication, the user or the URL should enter the login/password, tipping them off something strange is going on or the attacker already knowing the credential. That's true, till you see the duo of bugs in IE:
* Apparently IE5 and IE6 allow other commands too, such as deleting files by constructing a URL with %-encoded line-breaks.
* Similarly IE 5 and IE6 allow the URL to be constructed in such a manner as to try to re-authenticate with cached credentials.
IE7 is claimed not to suffer from this, so if you need a bit more incentive to (be allowed to) upgrade, this might just be it."
--------------------------------

- http://preview.tinyurl.com/2at5ub
March 12, 2008 (ComputerWorld) - "A flaw in the way Microsoft's Internet Explorer browser processes FTP commands could let attackers steal or erase data from a victim's FTP site. The bug, which affects users of IE 6 and the unsupported IE 5 browser, gives an attacker a way of hijacking the victim's FTP sessions... "The attack seems viable, but the stars have to be aligned just right for the attack to work," said Craig Schmugar, a researcher with McAfee's Avert Labs..."

('Maybe -not- so difficult...)
- http://www.finjan.com/Content.aspx?id=1367
("Malicious Page of the Month" Feb. 2008 synopsis) - "...deployment of ready-made Crimeware toolkits has gained momentum... When examining a server hosting the latest version of this Crimeware toolkit, we also found an almost unnoticeable standalone application, especially designed to abuse and trade stolen FTP account credentials of legitimate companies around the world. More than 8,700 FTP servers’ credentials of highly respected organizations and enterprises were thus stolen, including valid user names and passwords."
--------------------------------

- http://secunia.com/advisories/29346/
Release Date: 2008-03-12
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched
Software: MS IE 5.01, MS IE 6.x
...The vulnerability is confirmed in version 6.0.2900.2180 and also reported in version 5. Other versions may also be affected.
Solution: Upgrade to Internet Explorer 7. Do not browse untrusted websites...
--------------------------------

- http://www.securityfocus.com/bid/28208/discuss
"...This issue affects Internet Explorer 5 and 6; prior versions may also be affected..."
- http://www.securityfocus.com/bid/28208/solution
Solution:
Reports indicate that the vendor intends to release a patch that will address this issue...
- http://www.rapid7.com/advisories/R7-0032.jsp
"...Solution
The vendor plans to release a patch for this issue in an upcoming security bulletin. If possible, upgrade to Internet Explorer 7..."

:fear:
 
Last edited:
Microsoft has made revisions...

FYI...

- http://www.us-cert.gov/current/#microsoft_updates_march_security_bulletin
updated March 17, 2008 - " Microsoft has made revisions to all of the March Security Bulletins. These revisions:
* Clarify why a non-vulnerable version of Office was offered during this update.
* Correct the registry key for verifying the update for ISA Server.
* Remove MS07-015 as a replaced bulletin for Microsoft Office XP Service Pack 3.
* Update vulnerability FAQs
* Update file information tables for Outlook 2000 and 2003.
Microsoft has also re-released MS08-014 to include additional information about issues relating to users of Excel 2003 Service Pack 2 or Service Pack 3..."

:fear:
 
MS Windows Vista SP1

FYI...

Vista SP1
- http://isc.sans.org/diary.html?storyid=4160
Last Updated: 2008-03-19 17:04:57 UTC ...(Version: 3)
"The first service pack from Microsoft for Vista is out. Please let us know your experiences downloading and applying the 434.5 MB Windows Vista Service Pack 1 Five Language Standalone (KB936330):

MS downloads:
- http://preview.tinyurl.com/ywb4al
"...IF YOU ARE UPDATING JUST ONE COMPUTER: A smaller, more appropriate download is available on Windows Update..."

Update 1: If Vista SP1 will not install, or is not being offered as a option you should read the following article. You may have to update drivers first or other issues...
Windows Vista Service Pack 1 is not available for installation from Windows Update and is not offered by Automatic Updates: http://support.microsoft.com/?kbid=948343

Update 2: Before you install the final release of Windows Vista SP1, you must uninstall any previous releases... http://support.microsoft.com/kb/936330

Windows Service Pack Blocker Tool
- http://technet.microsoft.com/en-us/windowsvista/bb927794.aspx

.
 
Last edited:
Excel 2003 - MS08-014 Re-release

FYI...

- http://blogs.technet.com/msrc/archive/2008/03/19/march-2008-ms08-014-re-release.aspx
March 19, 2008 - "...we've just re-released MS08-014 for Microsoft Office Excel 2003 Service Pack 2 and Service Pack 3 only... The original version released on March 11, 2008 did fully protect against the security issues discussed in the bulletin. However, after release we discovered that the security update caused a calculation error in Microsoft Excel 2003 when a Real Time Data source was used in a user-created Visual Basic for Applications solution (in other words a custom-built VBA function). For additional details, please refer to KB950340*. If you're -not- running Microsoft Excel 2003, this re-release doesn't apply to you and you don't need to take any action. If you are running Microsoft Excel 2003 Service Pack 2 or Service Pack 3, you should use the guidance provided in Knowledge Base article KB950340* to deploy the new update."
* http://support.microsoft.com/kb/950340

:lip:
 
Vista SP1 Chokes On Widely Used Intel Chipset Drivers

FYI...

Vista SP1 Chokes On Widely Used Intel Chipset Drivers
- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206904946
March 20, 2008 - "PCs from Hewlett-Packard, Gateway, Lenovo, and other major computer makers that contain a widely used Intel chipset can't be upgraded to Windows Vista Service Pack 1 if they're running certain drivers. Microsoft has said that Vista SP1 won't work with "a small number of device drivers." The list, however, includes drivers for an Intel chipset that's found in thousands of PCs and laptops. The affected chipset is Intel's 945G Express series, which is used in computers from virtually all major system vendors. It's also found on standalone motherboards sold by Asus. The 945G Express chipset driver versions between numbers 7.14.10.1322 and 7.14.10.1403 won't work with Vista SP1, according to Microsoft. Chipsets provide a connection point for all key subsystems within a PC. The 945G Express chipset includes Intel's GMA 950 graphics core, which also won't work with Vista SP1 if those drivers are used. Microsoft is urging Vista users to update all of their hardware to the latest drivers before even attempting to install SP1... The service pack also won't work with computers that use certain, widely-deployed audio drivers from Realtek and certain drivers for security devices manufactured by Symantec. Microsoft has published a full list of drivers that are incompatible with the service pack*. Meanwhile, Microsoft is continuing to receive reports from computer users who say Vista SP1 is wreaking havoc on their systems..."
* http://support.microsoft.com/?kbid=948343#method5
Last Review: March 20, 2008
Revision: 3.0

('Shades of the XPSP2 installs... 'Like Yogi said, "It's deja vu all over again"...)

:fear:
 
You must log in or register to reply here.
Back
Top