Posted 11/11/08 at 01:17:52 PM by Mark Edward Soper

This month's Patch Tuesday, unlike October's, is a quiet one, with just two security bulletins:

• MS08-069 solves a remote code execution vulnerability in Microsoft's XML Core Service that is rated as Critical for version 3.0 and Important for later versions. All 32-bit and 64-bit desktop versions of Windows from Windows 2000 SP4 through Windows Vista SP1 are affected, as well as Microsoft Office 2003 and 2007. The Exploitability Index is 1 (Consistent Exploit Code Likely - the most serious ranking) or 2 (Inconsistent Exploit Code Likely), depending upon the version of XML Core Services installed. Windows Server 2003 and some installations of Windows Server 2008 are also affected.
• MS08-068 patches a remote code execution vulnerability in the SMB protocol. MS08-068 is rated as Important for Windows 2000 SP4 and Windows XP, and Moderate for Windows Vista. Windows Server 2003 and all Windows Server 2008 installations are also affected. Despite Microsoft's rating this vulnerability as only Important rather than Critical, MS08-068's Exploitability Index is 1 because exploit code targeting Windows XP is already public.

That's it for Patch Tuesday security bulletins, both of which will be arriving soon via Windows Update (or can be downloaded manually if you prefer). What else has Microsoft served up?

The only non-security content this time is the usual monthly update for the Malicious Software Removal Tool (KB890830; not yet updated as this article was posted now updated) and the usual monthly update for the Windows Mail junk mail filter (KB905866), available in 32-bit and 64-bit versions.

Read More

Comments 

0

TAGS 

microsoft, Software, Security, windows xp, Windows Vista, Windows 2000, Patch Tuesday, updates, security bulletin, Windows Server 2008, Windows Server 2003

Posted 10/24/08 at 10:53:38 AM by Mark Edward Soper

Redmond usually releases security patches once a month, on Patch Tuesday, but Microsoft's security experts are worried enough about a newly reported vulnerability in the Server service to post an "out-of-band" security update, MS08-067, yesterday for all versions of Windows from Windows 2000 SP4 through Windows Server 2008 and Windows 7 pre-beta. Microsoft hasn't issued a security update between Patch Tuesday releases since April 2007, so this is a significant security issue.

Although all supported versions of Windows are vulnerable, Windows 2000 SP4, Windows XP, and Windows Server 2003 versions are especially vulnerable to this flaw, which can permit remote code execution via a specially crafted RFC request.

To find out what makes this vulnerability so critical, and to learn how to get the update, join us after the jump.

Read More

Comments 

2

TAGS 

microsoft, operating system, Security, windows xp, Windows Vista, Windows 2000, vulnerability, Patch Tuesday, Operating Systems, windows 7, Windows Server 2008, Windows Server 2003, MS08-067

Posted 08/12/08 at 10:17:16 PM by Mark Edward Soper

It's a super-sized Patch Tuesday this month, and here's what to expect Windows Update to be sending you in the next day or so (if not already). Follow the links if you prefer to install the updates immediately.

Critical updates include:

• A fix for a remote code execution vulnerability in Windows Image Color Management affects users running Windows XP, Windows Server 2003, and Windows 2000 SP4 (Windows Vista users can breathe easy on this one).
• A fix for a sextet of vulnerabilities in Internet Explorer 5.01, 6, and 7 affects users of Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003, Windows Vista, and Windows Server 2008.
• A fix for a remote code execution vulnerability in the ActiveX control for Microsoft Access's snapshot viewer affects Office 2000 SP3, Office XP SP3, and Office 2003 SP2 and SP3 (Office 2007 users, you ducked this one).
• A fix for a quartet of privately reported vulnerabilities in Microsoft Excel. Versions from Office 2000 SP3 all the way through Office 2007 as well as viewers, Share Point Server, and compatibility packs are affected.
• A fix for a trio of privately reported remote code execution vulnerabilities in PowerPoint and PowerPoint Viewer affects PowerPoint XP, PowerPoint 2003, PowerPoint 2007, PowerPoint Viewer 2007, as well as Microsoft Office 2004 and 2008 for MacOS.
• A fix for five privately reported major vulnerabilities in handling image files in some versions of Office affects Office 2000, Office XP, Office 2003 SP2, Project 2002 SP1, MS Office Converter Pack, and MS Works 8.

Read More

Comments 

0

TAGS 

windows, microsoft, operating system, Security, windows xp, Windows Vista, Excel, Word, Windows 2000, Internet Explorer, Patch Tuesday, IE, Windows Server 2008, Project, Windows Server 2003