Microsoft Updates

Microsoft Security Bulletins for July 2008

As part of Microsoft’s routine, monthly security update cycle, they released 4 new security bulletins:

• MS08-037 - Vulnerabilities in DNS Could Allow Spoofing (953230)
• MS08-038 - Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
• MS08-039 -  Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
• MS08-040 -  Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)

You can view this month’s Security Bulletins Summary at their website.  Visit also the MSCRC blog for further notes or details on the said security bulletins.

For information about non-security releases on Windows Update and Microsoft update, please see http://support.microsoft.com/kb/894199/en-us

Don’t forget to scan the system using Microsoft Baseline Security Analyzer (MBSA) to check for missing and mis-configured patches.

Security Updates support is free of charge.  Contact MS at 1-866-CSAFETY if you are in the US or Canada.  International users, please go to http://go.microsoft.com/fwlink/?LinkId=21155

Source- Donna’s Security Flash

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Microsoft Windows Malicious Software Removal Tool Updated

The Microsoft Windows Malicious Software Removal Tool checks Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed. The tool creates a log file named mrt.log in the %WINDIR%\debug folder.

This tool is not a replacement for an anti-virus product. To help protect your computer, you should use an anti-virus product.

Please review KB890830 for the list of malicious software that the current version of the tool is capable of removing as well as usage instructions. Also, please be aware that this tool reports anonymous information back to Microsoft in the event that an infection is found or an error is encountered. The above KB article contains information on how to disable this functionality and what specific information is sent to Microsoft.

Microsoft Security Bulletin July 2008 Advance Notification

I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, July 8, 2008 around 10 a.m. Pacific Standard Time.

It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.

As part of our regularly scheduled bulletin release, we’re currently planning to release:

· Four Microsoft Security Bulletins rated as Important. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.

We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the Other Information section of the Advanced Notification.

Finally, in late July, we’ll also be releasing KB946928 which updates the infrastructure of the Windows Update client itself. For more information on this update, please visit the Microsoft Update blog.

As always, we’ll be holding the July edition of the monthly security bulletin webcast on Wednesday, July 9, 2008 at 11 a.m., Pacific Standard Time.  We will review this month’s release and take your questions live on-air with answers from our panel of experts. As a friendly reminder, if you can’t make the live webcast, you can listen to it on-demand as well. You can register for the webcast here: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032374629&Culture=en-US

Source- Technet Blog

Upcoming Update to Windows Update

I’d like to let you know that, beginning at the end of this month and continuing over the next few months, we’ll be rolling out an infrastructure update to the Windows Update agent (client).  I wanted to take this opportunity to provide some background on the update and discuss the value these updates bring to you.

How Windows Update Keeps Itself Up-to-Date

Occasionally, we must update the infrastructure of Windows Update in order to ensure a high level of service quality, reliability, and operation. As part of this process, we update both the back-end infrastructure that supports the service as well as the client side code (i.e. the Windows Update agent, or client).

So what are we doing this time? Well, this particular update won’t really change the way the client looks or feels to you, but you may notice some improvements in the length of time it takes Windows Update to scan for updates and how quickly you’ll receive signature updates. For example, in this update, we’ve invested heavily in reducing the amount of time it takes the Windows Update agent to scan to see if new updates are available. In this case, we’ve seen some instances of the scan times on some machines decreasing almost 20 percent.

Source- Microsoft update Team Blog

Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates

Microsoft is investigating public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft is aware of reports from customers who are experiencing this issue.

Upon completing the investigation, Microsoft will take appropriate action to resolve the issue within Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1.

Note The issue affecting System Center Configuration Manager 2007 first described in Microsoft Security Advisory 954474, where System Center Configuration Manager 2007 systems were blocked from deploying security updates, is separate from the issue described in this advisory.

Source- Technet

Microsoft Security Bulletin MS06-078

This update resolves two newly discovered vulnerabilities. These vulnerabilities are documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Source: Microsoft Security Bulletin MS06-078
Download: Microsoft Security Bulletin MS06-078

Office Live Update 1.1

The Office Live Update 1.1 installs (1) performance updates to make using Office Live Workspace with Microsoft Office programs faster, (2) the latest Office Live Add-in for Microsoft Office that enables you to access your workspaces directly from Word, Excel, and PowerPoint and (3) the Multiple Document Upload Tool.
The Office Live Update 1.1 auto-detects and installs these necessary updates to ensure optimum performance:

• Update for Office 2007 (KB 941637)
• Update for Windows Vista (KB 933860)
• Update for Windows Vista (KB 945145)
• Update for Windows Vista (KB 945435)
• Update for Windows Vista (KB 947864)
• Update for Windows Vista (KB 948531)
• Windows Live Sign-in Assistant

The Office Live Add-in adds new menu options in the 2007 Microsoft Office Suite and a toolbar in Microsoft Office XP and Office 2003. You will be able to open documents located in Office Live Workspace directly from Word, Excel, and PowerPoint. You will also be able to save files directly from Word, Excel, and PowerPoint to Office Live Workspace.
The Multiple Document Upload Tool lets you add multiple documents to a workspace at once and even allows users to drag and drop files directly from their desktop.

Download here

Microsoft Windows Malicious Software Removal Tool (KB890830)

The Microsoft Windows Malicious Software Removal Tool checks Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed. The tool creates a log file named mrt.log in the %WINDIR%\debug folder.

To download the x64 version of Malicious Software Removal Tool, click here.
This tool is not a replacement for an anti-virus product. To help protect your computer, you should use an anti-virus product.

Download here