Microsoft Security Bulletin: September 2008
It’s that time again! Time for another security bulletin. This month we hav 4 security bulletins all related to remote code executions. Check out the details below and make sure you apply these appropriately to your environments.
Critical
Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, Visual Studio (not the complete list).
Remote Code Execution
Critical
Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008.
Remote Code Execution
Critical
Windows XP, Windows Vista, Windows Server 2008.
Remote Code Execution
Critical
Office XP, Office 2003, 2007 Office System, Office OneNote 2007.
Remote Code Execution
If you just want summaries of these bulletins you can find them here
and we have released an updated version of the Windows Malicious Software Removal Tool. More details on that can be found here.
Source- Technet Blog
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
Microsoft Application Compatibility Toolkit 5.0
The Microsoft Application Compatibility Toolkit (ACT) 5.0 helps customers understand their application compatibility situation by identifying which applications are compatible with the Microsoft® Windows Vista® operating system and which require further testing. ACT helps customers lower their costs for application compatibility testing, prioritize their applications, and deploy Windows Vista more quickly.
You can use the ACT features to:
- Verify an application’s compatibility with a new version of the Windows operating system, or a Windows Update, including determining your risk assessment.
- Become involved in the ACT Community, including sharing your risk assessment with other ACT users.
- Test your Web applications and Web sites for compatibility with new releases and security updates to the Windows® Internet Explorer® Internet browser.
Updated VPC Images Now Available
Hey there, just a short post to let you know that new VPC images are ready for download. You can access them from the tools section on the Internet Explorer Developer Center, too.
Source- IEBlog
Internet Explorer 8 Beta 2 is now available for download!
The new Internet Explorer 8 Beta 2 is now available for download.
To download just visit here: www.microsoft.com/ie8
Internet Explorer 8 is the latest version of the familiar web browser you are most comfortable using, helping you get everything you want from the web faster, easier, more privately and secure than ever before.
- Faster Internet Explorer 8 is more responsive with new pages and tabs, opening up fast and reliably. You can now get to the information you care about most, in fewer steps; one click access to your webmail, favorite news sites or other online services.
- Easier Reduce the steps to accomplish many common tasks, and automate your access to real time information updates. You can keep track of your favorite sports team, news, weather with a single click.
- Private Helps protect your privacy and confidential information where ever you go on the web.
- Secure Helps protect and stop malicious software from reaching your PC, and makes it easier to detect when a website is an imposter.
Support for IE8 Beta2 can be received by visiting the Internet Explorer Beta Newsgroup to discuss issues, or by contacting Customer Support Services.
If you use a screen reader, please consult the Internet Explorer Beta 2 release notes before downloading.
Internet Explorer 8 beta 2 is supported on Windows XP SP2/SP3, Server 2003 SP2, Server 2008, Vista RTM & Vista SP1.
IE8 and Privacy
Have you ever wanted to take your web browsing “off the record”? Perhaps you’re using someone else’s computer and you don’t want them to know which sites you visited. Maybe you need to buy a gift for a loved one without ruining the surprise. Maybe you’re at an Internet kiosk and don’t want the next person using it to know at which website you bank.
What if you want to delete your browsing history after the fact, but you don’t want to lose your preferences at websites that you use frequently?
With respect to privacy, IE8 gives users more choice about controlling what information they keep and exchange.
InPrivate Browsing
If you are using a shared PC, a borrowed laptop from a friend, or a public PC, sometimes you don’t want other people to know where you’ve been on the web. Internet Explorer 8’s InPrivate Browsing makes that “over the shoulder” privacy easy by not storing history, cookies, temporary Internet files, or other data.
Using InPrivate Browsing is as easy as launching a new InPrivate Browsing window. When you’re done, just close the window and IE will take care of the rest.
Source- IE Blog
PREVIEW: v 1.0 of Social Bookmarking on MSDN and TechNet
Microsoft is opening up the MSDN, TechNet, and Expression sites to the community, so that technical professionals can better connect with each other, share knowledge, and succeed. Tagging - and especially social bookmarking - are essential ingredients for making this happen.
Back in May, just before TechEd North America, we released a preview version of our new social bookmarking app for MSDN, for TechNet, and for Expression. Since then, thousands of technical professionals from around the world have begun using it to save their web favorites online, share them with others, see what other technical pros are favoriting, and connect with others.
We also got a lot of great feedback on the app itself (thank you!) and I’m happy to say that in early September, we plan on releasing a full version of the app - v 1.0. Here are some new things to look for:
- Subscribe to Tags or People: Find a tag you want to follow? Or a fellow bookmarker that bookmarks really good stuff? With the new app, it will be easy to get an RSS subscription for that tag or person (as in, click the orange button).
- Browse & Find Users: Search or browse to find people by their display name (e.g., mine is "johmar") and other criteria.
- Import Tools: Recognizing that a lot of people already have favorites saved in their browsers or in other social bookmarking sites, the new app will provide a tool for importing your favorites from Microsoft Internet Explorer and from Delicious.
- Bookmarking Widget: If you have your own blog or other website, our new bookmarking widget will make it easy for people to bookmark your pages directly to their social bookmarks on MSDN, TechNet, or Expression. You’ll get traffic from Microsoft when your bookmarked page is published in "social feeds" on our global sites.
- Availability in 12 Languages: With the September release, the social bookmarking application will be available in Chinese (Simplified and Traditional), Czech, English, French, German, Italian, Japanese, Korean, Portuguese, Russian, and Spanish.
Source- Technet Blog
Microsoft hints at “private browsing” feature in IE
One of the most interesting feature that didn’t quite make it into the final release of Firefox 3 is “Private Browsing”, a.k.a. porn mode. The only other browser with this feature built-in today is Safari (another reason to try it in case you haven’t), however, Microsoft may also be building a similar feature into Internet Explorer 8 if two trademark filings are any indications.
Although “private browsing” can be easily associated with viewing particular genres of media content, the Mozilla foundation argues “while viewing pornography may be a popular use case due to the nature of content on the Web, assuming that this is the only reason that users need private browsing trivializes the overall feature. For instance, users may wish to begin a private browsing session to research a medical condition, or plan a surprise vacation or birthday party for a loved one.”
If indeed Microsoft is rolling out such a feature in Internet Explorer 8, I can imagine it becoming very popular with surprise birthday planners across the world. Oh those birthday people are in for a treat.
Source- istartedsomething.com
IE August Security Update Now Available
The IE Cumulative Security Update for August 2008 is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.
This update addresses six remote code execution vulnerabilities. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles the error resulting in the exploitable condition. For detailed information on the contents of this update, please see the following documentation:
This security update is rated Critical for all supported versions of Internet Explorer. This security update is also available for Internet Explorer 8 Beta 1 for Developers on Windows Update.
IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer.
Source- IEBlog
