Posted 11/11/08 at 01:17:52 PM by Mark Edward Soper

This month's Patch Tuesday, unlike October's, is a quiet one, with just two security bulletins:
- MS08-069 solves a remote code execution vulnerability in Microsoft's XML Core Service that is rated as Critical for version 3.0 and Important for later versions. All 32-bit and 64-bit desktop versions of Windows from Windows 2000 SP4 through Windows Vista SP1 are affected, as well as Microsoft Office 2003 and 2007. The Exploitability Index is 1 (Consistent Exploit Code Likely - the most serious ranking) or 2 (Inconsistent Exploit Code Likely), depending upon the version of XML Core Services installed. Windows Server 2003 and some installations of Windows Server 2008 are also affected.
- MS08-068 patches a remote code execution vulnerability in the SMB protocol. MS08-068 is rated as Important for Windows 2000 SP4 and Windows XP, and Moderate for Windows Vista. Windows Server 2003 and all Windows Server 2008 installations are also affected. Despite Microsoft's rating this vulnerability as only Important rather than Critical, MS08-068's Exploitability Index is 1 because exploit code targeting Windows XP is already public.
That's it for Patch Tuesday security bulletins, both of which will be arriving soon via Windows Update (or can be downloaded manually if you prefer). What else has Microsoft served up?
The only non-security content this time is the usual monthly update for the Malicious Software Removal Tool (KB890830; not yet updated as this article was posted now updated) and the usual monthly update for the Windows Mail junk mail filter (KB905866), available in 32-bit and 64-bit versions.
Posted 10/24/08 at 10:53:38 AM by Mark Edward Soper

Redmond usually releases security patches once a month, on Patch Tuesday, but Microsoft's security experts are worried enough about a newly reported vulnerability in the Server service to post an "out-of-band" security update, MS08-067, yesterday for all versions of Windows from Windows 2000 SP4 through Windows Server 2008 and Windows 7 pre-beta. Microsoft hasn't issued a security update between Patch Tuesday releases since April 2007, so this is a significant security issue.
Although all supported versions of Windows are vulnerable, Windows 2000 SP4, Windows XP, and Windows Server 2003 versions are especially vulnerable to this flaw, which can permit remote code execution via a specially crafted RFC request.
To find out what makes this vulnerability so critical, and to learn how to get the update, join us after the jump.
Posted 10/11/08 at 09:36:49 PM by Mark Edward Soper

October's Patch Tuesday's bigger than normal, with 11 security bulletins (four critical, six important, and one moderate) affecting the following desktop operating systems and applications:
- Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, Windows XP, and Windows Vista get patched to stop a remote code execution threat
- Windows XP SP2 and SP3 and Windows XP Professional x64 and XP Professional x64 SP2 will be patched to stop elevation of privilege attacks
- Windows 2000 SP4 through Windows Vista SP1 will also be as updated needed to prevent remote code execution
- Microsoft Excel 2000 SP3, Excel 2002, Excel 2003 SP2/SP3, and Excel 2007/2007 SP1 will be updated against a critical vulnerability, as will Excel Viewer 2003/2003 SP3, Excel Viewer, and MS Office Compatibility Pack and Compatibility Pack's SP1.
What else is coming down the chute starting Tuesday?
Windows Vista Media Center gets a pair of updates (one for the TV Pack, and one for everyone), as well as the usual updates to the Malicious Software Removal Tool, Windows Mail Junk Email Filter and Customer/Windows Vista Experience Improvement Program.
However, the biggest news is the premiere of the Microsoft Active Protections Program and Exploitability Index we told you about in August. Hopefully, these programs will aid the never-ending battle against the bad guys in cyberspace.
Posted 08/12/08 at 10:17:16 PM by Mark Edward Soper

It's a super-sized Patch Tuesday this month, and here's what to expect Windows Update to be sending you in the next day or so (if not already). Follow the links if you prefer to install the updates immediately.
Critical updates include:
- A fix for a remote code execution vulnerability in Windows Image Color Management affects users running Windows XP, Windows Server 2003, and Windows 2000 SP4 (Windows Vista users can breathe easy on this one).
- A fix for a sextet of vulnerabilities in Internet Explorer 5.01, 6, and 7 affects users of Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003, Windows Vista, and Windows Server 2008.
- A fix for a remote code execution vulnerability in the ActiveX control for Microsoft Access's snapshot viewer affects Office 2000 SP3, Office XP SP3, and Office 2003 SP2 and SP3 (Office 2007 users, you ducked this one).
- A fix for a quartet of privately reported vulnerabilities in Microsoft Excel. Versions from Office 2000 SP3 all the way through Office 2007 as well as viewers, Share Point Server, and compatibility packs are affected.
- A fix for a trio of privately reported remote code execution vulnerabilities in PowerPoint and PowerPoint Viewer affects PowerPoint XP, PowerPoint 2003, PowerPoint 2007, PowerPoint Viewer 2007, as well as Microsoft Office 2004 and 2008 for MacOS.
- A fix for five privately reported major vulnerabilities in handling image files in some versions of Office affects Office 2000, Office XP, Office 2003 SP2, Project 2002 SP1, MS Office Converter Pack, and MS Works 8.
Posted 11/26/07 at 09:41:48 PM by Mark Soper
Get your system ready for holiday gaming and media editing with new and updated tools from Microsoft's TechNet Sysinternals website.
Posted 08/07/07 at 11:42:11 AM by Mark Soper
Microsoft TechNet is more than a hangout for IT propellorheads - it's also the home of some useful utilities.





