June 2008 Microsoft Patch Tuesday - The Details


AMD Users: Stomp the STOP Error (BSOD) with XP SP2 or SP3

As you may have read here (or experienced for yourself), lots of AMD-based Windows XP PCs updated to SP2 or SP3 have failed with Blue Screen of Death (BSOD) STOP errors and reboots after the update.

What went wrong? An affected system has an original OEM-provided Windows image that was configured for an Intel processor, and the modifications made by the OEM to load the image on an AMD-based system were undone by the upgrade to SP2 or SP3.

Now, there's a solution straight from Microsoft. Download it from KB953356 .

But Wait, There's (Much) More!

The Microsoft Security Bulletin Summary for June 2008 is now available , but if you want to cut to the chase and get the updates recommended for your system without waiting for Windows Update (or if you're just curious about the changes), we save you a lot of clicks. Keep reading.

Bluetooth Vulnerability - Fixed

The Bluetooth stack used by Microsoft Windows XP SP2, SP3, x64 editions, and Windows Vista (including SP1) can be compromised due to issues in how it handles a large number of service requests. Fix it by installing the update described in MS08-030.mspx or use the workaround (stop your system from accepting new Bluetooth connections).

Internet Explorer Vulnerabilities - Fixed

Stop remote code execution and information disclosure vulnerabilities the easy way by installing the update listed in MS08-031 for your version of Internet Explorer (IE 5.01 SP4 through IE7). Otherwise, you can protect yourself by spending a lot of time messing around with the Trusted Sites feature in IE or by blocking ActiveX scripting.

DirectX Vulnerabilities - Fixed

Protect yourself from a remote code execution vulnerability in DirectX by installing the appropriate update listed in MS08-033 . The alternative (disabling the ability to play back WAV and AVI files in DirectX applications) is a lot less appealing.

Microsoft Speech API Vulnerability - Fixed

By updating the ActiveX Kill Bits feature with the updates in MS08-032 , you prevent a remote code execution vulnerability that can take place when you use Speech Recognition and IE to view a "specially crafted" (by bad guys) web page.

Patch Tuesday is about more than security updates, though. To find out what else is new and improved, go to page 2.

Stopping Corripio, Taterf, Ceekat, and the Rest of the Gang*

The June 2008 Malicious Software Removal Tool update is now available. To learn more, including details of the latest malware programs it wipes out, see KB890830 .

Improvements for Windows Media Center and MCEs

Install the June 2008 Cumulative Update for Media Center for Windows Vista, and you get improvements in recording, switching between full-screen and windowed modes while videos are playing, improvements in Media Center Extender path length and memory leaks, and other fixes. learn more at KB950126 .

Updates for Windows Mail Junk and Phishing Filter

The June 2008 Junk and Phishing update for Windows Vista's Windows Mail application is available from KB905866 . If you prefer to install these updates manually, rather than via Windows Update, bookmark the page, as the file links are updated with the latest filter monthly.

*If you're an online gamer, these three names should scare you:

    • Corripio is a Trojan that steals passwords for online games
    • Taterf is a worm that spreads via mapped drives to steal login and account information for popular online games
    • Ceekat is a collection of Trojans that read running processes in memory to steal passwords for online games.

All three are stopped by the June 2008 Malicious Software Removal Tool.

Around the web