The Best Security Bulletin News, Reviews, Features, and Forums | MaximumPC - All of the Best Software and Hardware Reviews

NewsA Quiet Patch Tuesday for November 2008

Posted 11/11/08 at 01:17:52 PM by Mark Edward Soper

November 2008 Patch Tuesday includes only two updates

This month's Patch Tuesday, unlike October's, is a quiet one, with just two security bulletins:

MS08-069 solves a remote code execution vulnerability in Microsoft's XML Core Service that is rated as Critical for version 3.0 and Important for later versions. All 32-bit and 64-bit desktop versions of Windows from Windows 2000 SP4 through Windows Vista SP1 are affected, as well as Microsoft Office 2003 and 2007. The Exploitability Index is 1 (Consistent Exploit Code Likely - the most serious ranking) or 2 (Inconsistent Exploit Code Likely), depending upon the version of XML Core Services installed. Windows Server 2003 and some installations of Windows Server 2008 are also affected.
MS08-068 patches a remote code execution vulnerability in the SMB protocol. MS08-068 is rated as Important for Windows 2000 SP4 and Windows XP, and Moderate for Windows Vista. Windows Server 2003 and all Windows Server 2008 installations are also affected. Despite Microsoft's rating this vulnerability as only Important rather than Critical, MS08-068's Exploitability Index is 1 because exploit code targeting Windows XP is already public.

That's it for Patch Tuesday security bulletins, both of which will be arriving soon via Windows Update (or can be downloaded manually if you prefer). What else has Microsoft served up?

The only non-security content this time is the usual monthly update for the Malicious Software Removal Tool (KB890830; ~~not yet updated as this article was posted~~ now updated) and the usual monthly update for the Windows Mail junk mail filter (KB905866), available in 32-bit and 64-bit versions.

Comments: 0
TAGS: microsoft, Software, Security, windows xp, Windows Vista, Windows 2000, Patch Tuesday, updates, security bulletin, Windows Server 2008, Windows Server 2003

NewsFour Security Bulletins Coming This Patch Tuesday

Posted 09/06/08 at 01:47:19 AM by Pulkit Chandna

Be informed, dear readers, Microsoft’s next installment of security bulletins is going to be on September 9 – Patch Tuesday. Microsoft revealed in the security bulletin advance notification for September that it will release four security bulletins on the following Patch Tuesday. All four of them merit immediate attention as they have been rated critical. The security bulletins will all fix vulnerabilities pertaining to remote code execution. The Patch Tuesday in August also carried quite a few security bulletins related to remote code execution including a patch for the “MS Access Snapshot Viewer ActiveX control," which hackers had begun to exploit using a malicious toolkit.

Comments: 0
TAGS: microsoft, Software, patch, threat, Patch Tuesday, security bulletin, fix

NewsMicrosoft Fights Back Against Zero-Day Exploits with MAPP, Exploitability Index

Posted 08/06/08 at 04:30:59 PM by Mark Edward Soper

Microsoft launches MAPP, Exploitability Index to aid security

Microsoft announced two new security programs at the Black Hat USA 2008 Conference:

Microsoft Active Protections Program (MAPP)
Microsoft Exploitability Index

MAPP provides advance notification to third-party security providers of vulnerabilities that are being addressed by Microsoft security updates, such as the ones rolled out each month on "Patch Tuesday." MAPP is designed to help stop exploits that are launched between the announcement of upcoming patches and the availability of patches. MAPP starts in October, according to eWeek.

Security providers can learn more about MAPP by downloading the fact sheet (MS Word 97-2003 format). For additional insight from a former military and government security specialist who now works for Microsoft, see Steve Adegbite's blog entry about MAPP.

The Microsoft Exploitability Index will provide ratings of how likely each vulnerability is to being successfully exploited. The index will rate each vulnerability at one of three levels:

Consistent exploit code likely
Inconsistent exploit code likely
Functioning exploit code unlikely

Microsoft's fact sheet suggests (MS Word 97-2003 format) that vulnerabilities with the "Consistent" rating should be treated as the most serious threats, followed by the others. To get more insight into the need for this index, see Microsoftie Mike Reavey's blog entry (Reavey is part of the Microsoft Security Response Center). The index will be included with each new security bulletin, also starting in October.

For your chance to sound off about Microsoft's newest security initiatives, see us after the jump.

Comments: 0
TAGS: windows, microsoft, Security, exploit, Patch Tuesday, security bulletin, Black Hat 2008

NewsWindows XP Users Get a Bluetooth Security 'Mulligan' from Microsoft

Posted 06/19/08 at 05:47:44 PM by Mark Edward Soper

It's only been a week and change since June's Patch Tuesday, but that's just enough time to discover that XP users need more protection against a Bluetooth vulnerability. Here's how to get it.

Golfers call a second-chance shot a "mulligan," and it's mulligan time at Microsoft.

The original Bluetooth security fix listed in Patch Tuesday's MS08-030 security bulletin and documented in KB 951376 didn't quite get the job done for 32-bit Windows XP SP2/SP3 users...

Comments: 0
TAGS: microsoft, Security, windows xp, Patch Tuesday, security bulletin, MS08

FROM THE ARCHIVEA Quiet Patch Tuesday for May 2008

Posted 05/14/08 at 08:53:41 AM by Mark 'Marcus_Soperus' Soper

Redmond only lists four security bulletins this month, and Vista users get lucky. For the rest of you, it's time to tune in and make sure you're protected.