Microsoft Updates
The March 2009 Monthly Security Bulletin Released
The March 2009 security bulletins have been released
The individual links to each bulletin are below:
- MS09-006 - Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)
- MS09-007 - Vulnerability in SChannel Could Allow Spoofing (960225)
- MS09-008 - Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)
You can also read more details on the MSRC blog here
Microsoft Updates:March 2009 Advanced Notification
The Advance Notification for next week’s bulletin release, scheduled for Tuesday, March 10, 2009 around 10 a.m. Pacific Standard Time has been posted.
As part of this month’s security bulletin release process, we will issue three security bulletins – one rated ‘Critical’ and two rated ‘Important’ – to address vulnerabilities in Microsoft Windows. Depending on the bulletin, a restart may be required. The updates will be detectable using the Microsoft Baseline Security Analyzer.
As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.
We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the “Other Information” section of the Advanced Notification.
Source- Technet Blog
Microsoft Updates:February 2009 Advanced Notification
Advance Notification for next week’s bulletin release which will occur on Tuesday, Feb. 10, 2009 around 10 a.m. Pacific Standard Time.
It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.
As part of this month’s security bulletin release process, we will issue four security bulletins – two rated ‘Critical’ and two rated ‘Important’ – to address vulnerabilities in Internet Explorer, Microsoft Exchange Server, Microsoft SQL Server and Microsoft Office. Depending on the bulletin, a restart may be required. The updates will be detectable using the Microsoft Baseline Security Analyzer.
As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.
We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the Other Information section of the Advanced Notification.
Source MSRC Blog
January 2009 Security Updates for Runtimes Are Available
The January 2009 Windows XP Embedded and Windows Embedded Standard Security Updates - Product Download is now available on the ECE for Microsoft® Windows® XP Embedded with Service Pack 2, Feature Pack 2007, Update Rollup 1.0, Service Pack 3 and/or Windows® Embedded Standard 2009. The downloads are cumulative and can be applied to runtimes that include the components that support the installer for Windows updates. They can be found in the DQI folder.
The following new updates are included in this release for November – please see the ECE for more details:
The January 2009 Security update is for all product versions listed above:
- KB 958687 - Vulnerabilities in SMB Could Allow Remote Code Execution.
- KB 952069 - Vulnerabilities in Windows Media Components Could Allow Remote Code Execution.
For full details on the January 2009 Windows XP Embedded and Windows Embedded Standard Security Updates see the ECE site here:
If you have questions on accessing the ECE, please email MS Mobile & Embedded Communications Feedback & Support, ECE@microsoft.com.
Source- MSDN Blog
January 2009 Monthly Bulletin Release
Microsoft has released a new bulletin today, MS09-001. This bulletin is rated as ‘Critical’ for Windows 2000, Windows XP and Windows Server 2003 and is rated as ‘Moderate’ for Windows Vista and Windows Server 2008.
An updated version of our Malicious Software Removal Tool (MSRT). This month’s release adds the ability to remove the Win32/Conficker and Win32/Banload families of malware. Impacted customers will be interested in the addition of Win32/Conficker.B; which has had a significant and sudden impact on some customers. While we’ve had protections for Win32/Conficker.B; since Dec 29, 2008 in Microsoft Forefront, Windows Live OneCare, and Windows Live OneCare safety scanner, we’re also adding it to the MSRT to help impacted customers with remediation.
We know that there might be some questions about the beta version of Windows 7 and today’s bulletin. Windows 7 is affected only by the SMB Validation Denial of Service Vulnerability (CVE-2008-4114) and, like Windows Vista and Windows Server 2008, would be rated as Moderate because the vulnerability would require authentication for any attack to succeed.. We provide security updates for beta versions of Windows through Windows Update for Critical issues only. So the SMB Validation Denial of Service Vulnerability (CVE-2008-4114) will be addressed in the next public release for Windows 7.
Finally, as we do each month we’ll be hosting our TechNet Security Bulletin webcast tomorrow, Jan. 14, 2009 at 11 a.m. Pacific time where we’ll review the bulletins and answer your questions live. If you can’t join us live, you can also watch the webcast on demand afterward. You can register for the webcast (either live or on demand) here.
Source- Technet Blog
December 2008 Monthly Bulletin Release
The new bulletins for this month are:
· MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) which is rated “Critical”
· MS08-071: Vulnerabilities in GDI Could Allow Remote Code Execution (956802) which is rated “Critical”
· MS08-072: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) which is rated “Critical”
· MS08-073: Cumulative Security Update for Internet Explorer (958215) which is rated “Critical”
· MS08-074: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) which is rated “Critical”
· MS08-075: Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) which is rated “Critical”
· MS08-076: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) which is rated “Important”
· MS08-077: Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) which is rated “Important”
In addition, today we’ve published Microsoft Security Advisory 960906 regarding new reports of a vulnerability in the Wordpad Converter for Word 97 files affecting Windows 2000 SP4, Windows XP SP2 and Windows Server 2003 SP1 and SP2. We are aware of very limited and targeted attacks seeking to exploit this vulnerability. The advisory details workarounds that you can evaluate while we develop a security update for this issue.
Source- Technet Blog
Microsoft Security Bulletin(s) for November 11, 2008
Today Microsoft released the following Security Bulletin(s).
Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.
Critical (1)
MS08-069 - Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
Important (1)
MS08-068 - Vulnerability in SMB Could Allow Remote Code Execution (957097)
This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.
Source- MSMVP’s Blog
November 2008 Advanced Notification
I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, Nov. 11, 2008 around 10 a.m. Pacific Standard Time.
It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.
As part of our regularly scheduled bulletin release, we’re currently planning to release two security bulletins:
· One Microsoft Security Bulletin affecting Microsoft Windows/Microsoft Office rated as Critical, and one affecting Windows rated as Important. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.
We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the Other Information section of the Advanced Notification.
As always, we’ll be holding the November edition of the monthly security bulletin webcast on Wednesday, Nov. 12, 2008 at 11 a.m., Pacific Standard Time. We will review this month’s release and take your questions live on-air with answers from our panel of experts. As a friendly reminder, if you can’t make the live webcast, you can listen to it on-demand as well at the same URL. In addition, we’ll also be posting the text of the questions and answers from each month’s webcast. You can see a full listing of the posted questions and answers on this page.
You can register for the webcast here: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032374642&Culture=en-US
Source- Technet Blog
