Posted 11/11/08 at 01:17:52 PM by Mark Edward Soper

This month's Patch Tuesday, unlike October's, is a quiet one, with just two security bulletins:
- MS08-069 solves a remote code execution vulnerability in Microsoft's XML Core Service that is rated as Critical for version 3.0 and Important for later versions. All 32-bit and 64-bit desktop versions of Windows from Windows 2000 SP4 through Windows Vista SP1 are affected, as well as Microsoft Office 2003 and 2007. The Exploitability Index is 1 (Consistent Exploit Code Likely - the most serious ranking) or 2 (Inconsistent Exploit Code Likely), depending upon the version of XML Core Services installed. Windows Server 2003 and some installations of Windows Server 2008 are also affected.
- MS08-068 patches a remote code execution vulnerability in the SMB protocol. MS08-068 is rated as Important for Windows 2000 SP4 and Windows XP, and Moderate for Windows Vista. Windows Server 2003 and all Windows Server 2008 installations are also affected. Despite Microsoft's rating this vulnerability as only Important rather than Critical, MS08-068's Exploitability Index is 1 because exploit code targeting Windows XP is already public.
That's it for Patch Tuesday security bulletins, both of which will be arriving soon via Windows Update (or can be downloaded manually if you prefer). What else has Microsoft served up?
The only non-security content this time is the usual monthly update for the Malicious Software Removal Tool (KB890830; not yet updated as this article was posted now updated) and the usual monthly update for the Windows Mail junk mail filter (KB905866), available in 32-bit and 64-bit versions.
Posted 10/24/08 at 10:53:38 AM by Mark Edward Soper

Redmond usually releases security patches once a month, on Patch Tuesday, but Microsoft's security experts are worried enough about a newly reported vulnerability in the Server service to post an "out-of-band" security update, MS08-067, yesterday for all versions of Windows from Windows 2000 SP4 through Windows Server 2008 and Windows 7 pre-beta. Microsoft hasn't issued a security update between Patch Tuesday releases since April 2007, so this is a significant security issue.
Although all supported versions of Windows are vulnerable, Windows 2000 SP4, Windows XP, and Windows Server 2003 versions are especially vulnerable to this flaw, which can permit remote code execution via a specially crafted RFC request.
To find out what makes this vulnerability so critical, and to learn how to get the update, join us after the jump.
Posted 10/11/08 at 09:36:49 PM by Mark Edward Soper

October's Patch Tuesday's bigger than normal, with 11 security bulletins (four critical, six important, and one moderate) affecting the following desktop operating systems and applications:
- Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, Windows XP, and Windows Vista get patched to stop a remote code execution threat
- Windows XP SP2 and SP3 and Windows XP Professional x64 and XP Professional x64 SP2 will be patched to stop elevation of privilege attacks
- Windows 2000 SP4 through Windows Vista SP1 will also be as updated needed to prevent remote code execution
- Microsoft Excel 2000 SP3, Excel 2002, Excel 2003 SP2/SP3, and Excel 2007/2007 SP1 will be updated against a critical vulnerability, as will Excel Viewer 2003/2003 SP3, Excel Viewer, and MS Office Compatibility Pack and Compatibility Pack's SP1.
What else is coming down the chute starting Tuesday?
Windows Vista Media Center gets a pair of updates (one for the TV Pack, and one for everyone), as well as the usual updates to the Malicious Software Removal Tool, Windows Mail Junk Email Filter and Customer/Windows Vista Experience Improvement Program.
However, the biggest news is the premiere of the Microsoft Active Protections Program and Exploitability Index we told you about in August. Hopefully, these programs will aid the never-ending battle against the bad guys in cyberspace.
Posted 09/06/08 at 01:47:19 AM by Pulkit Chandna
Be informed, dear readers, Microsoft’s next installment of security bulletins is going to be on September 9 – Patch Tuesday. Microsoft revealed in the security bulletin advance notification for September that it will release four security bulletins on the following Patch Tuesday. All four of them merit immediate attention as they have been rated critical. The security bulletins will all fix vulnerabilities pertaining to remote code execution. The Patch Tuesday in August also carried quite a few security bulletins related to remote code execution including a patch for the “MS Access Snapshot Viewer ActiveX control," which hackers had begun to exploit using a malicious toolkit.

Posted 08/12/08 at 10:17:16 PM by Mark Edward Soper

It's a super-sized Patch Tuesday this month, and here's what to expect Windows Update to be sending you in the next day or so (if not already). Follow the links if you prefer to install the updates immediately.
Critical updates include:
- A fix for a remote code execution vulnerability in Windows Image Color Management affects users running Windows XP, Windows Server 2003, and Windows 2000 SP4 (Windows Vista users can breathe easy on this one).
- A fix for a sextet of vulnerabilities in Internet Explorer 5.01, 6, and 7 affects users of Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003, Windows Vista, and Windows Server 2008.
- A fix for a remote code execution vulnerability in the ActiveX control for Microsoft Access's snapshot viewer affects Office 2000 SP3, Office XP SP3, and Office 2003 SP2 and SP3 (Office 2007 users, you ducked this one).
- A fix for a quartet of privately reported vulnerabilities in Microsoft Excel. Versions from Office 2000 SP3 all the way through Office 2007 as well as viewers, Share Point Server, and compatibility packs are affected.
- A fix for a trio of privately reported remote code execution vulnerabilities in PowerPoint and PowerPoint Viewer affects PowerPoint XP, PowerPoint 2003, PowerPoint 2007, PowerPoint Viewer 2007, as well as Microsoft Office 2004 and 2008 for MacOS.
- A fix for five privately reported major vulnerabilities in handling image files in some versions of Office affects Office 2000, Office XP, Office 2003 SP2, Project 2002 SP1, MS Office Converter Pack, and MS Works 8.
Posted 08/06/08 at 04:30:59 PM by Mark Edward Soper

Microsoft announced two new security programs at the Black Hat USA 2008 Conference:
- Microsoft Active Protections Program (MAPP)
- Microsoft Exploitability Index
MAPP provides advance notification to third-party security providers of vulnerabilities that are being addressed by Microsoft security updates, such as the ones rolled out each month on "Patch Tuesday." MAPP is designed to help stop exploits that are launched between the announcement of upcoming patches and the availability of patches. MAPP starts in October, according to eWeek.
Security providers can learn more about MAPP by downloading the fact sheet (MS Word 97-2003 format). For additional insight from a former military and government security specialist who now works for Microsoft, see Steve Adegbite's blog entry about MAPP.
The Microsoft Exploitability Index will provide ratings of how likely each vulnerability is to being successfully exploited. The index will rate each vulnerability at one of three levels:
- Consistent exploit code likely
- Inconsistent exploit code likely
- Functioning exploit code unlikely
Microsoft's fact sheet suggests (MS Word 97-2003 format) that vulnerabilities with the "Consistent" rating should be treated as the most serious threats, followed by the others. To get more insight into the need for this index, see Microsoftie Mike Reavey's blog entry (Reavey is part of the Microsoft Security Response Center). The index will be included with each new security bulletin, also starting in October.
For your chance to sound off about Microsoft's newest security initiatives, see us after the jump.
Posted 07/09/08 at 04:59:03 PM by Mark Edward Soper

Bad news for ZoneAlarm users running Windows XP: the MS08-037 security update for DNS (aka 951748) released Tuesday breaks ZoneAlarm and knocks XP users off the Internet. If you're running recent versions of ZoneAlarm on Windows XP, you should avoid the KB951748 update for now. Grab a list of workarounds (and now, solutions) here.
For what went wrong, and how to fix it if you've already been bitten, catch us after the break.
Posted 06/19/08 at 05:47:44 PM by Mark Edward Soper
It's only been a week and change since June's Patch Tuesday, but that's just enough time to discover that XP users need more protection against a Bluetooth vulnerability. Here's how to get it.
Golfers call a second-chance shot a "mulligan," and it's mulligan time at Microsoft.
The original Bluetooth security fix listed in Patch Tuesday's MS08-030 security bulletin and documented in KB 951376 didn't quite get the job done for 32-bit Windows XP SP2/SP3 users...





