Wednesday, 10 June 2009
Revision Note: V1.1 (June 10, 2009): Corrected the rating and key notes for CVE-2009-1138 in the Exploitability Index.Summary: This bulletin summary lists security bulletins released for June 2009. |
|
Read more...
|
|
Wednesday, 10 June 2009
Severity Rating: Critical - Revision Note: V1.1 (June 10, 2009): Removed known issues notation in the Executive Summary. No known issues for this security update currently exist.Summary: This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
Read more...
|
|
Tuesday, 09 June 2009
Revision Note: Advisory published.Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory. |
|
Read more...
|
|
Tuesday, 09 June 2009
Severity Rating: Critical - Revision Note: Bulletin published.Summary: This security update resolves three privately reported vulnerabilities in Windows Print Spooler. The most severe vulnerability could allow remote code execution if an affected server received a specially crafted RPC request. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. |
|
Read more...
|
|
Tuesday, 09 June 2009
Revision Note: V2.0 (June 9, 2009): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-020 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-020. The vulnerability addressed is the IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability - CVE-2009-1535. |
|
Read more...
|
|
Tuesday, 09 June 2009
Severity Rating: Moderate - Revision Note: Bulletin published.Summary: This security update resolves a privately reported vulnerability in Windows Search. The vulnerability could allow information disclosure if a user performs a search that returns a specially crafted file as the first result or if the user previews a specially crafted file from the search results. By default, the Windows Search component is not installed on Microsoft Windows XP and Windows Server 2003. It is an optional component available for download. Windows Search installed on supported editions of Windows Vista and Windows Server 2008 is not affected by this vulnerability. |
|
Read more...
|
|
Tuesday, 09 June 2009
Severity Rating: Critical - Revision Note: V2.0 (June 9, 2009): Bulletin rereleased to provide security update packages for Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, Open XML File Format Converter for Mac, Microsoft Works 8.5, and Microsoft Works 9. Customers who currently have this software installed need to apply this update immediately.Summary: This security update resolves a publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
Read more...
|
|
Tuesday, 09 June 2009
Severity Rating: Critical - Revision Note: Bulletin published.Summary: This security update resolves a privately reported vulnerability in the Microsoft Works converters. The vulnerability could allow remote code execution if a user opens a specially crafted Works file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
Read more...
|
|
Tuesday, 09 June 2009
Severity Rating: Important - Revision Note: Bulletin published.Summary: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication. These vulnerabilities allow an attacker to bypass the IIS configuration that specifies which type of authentication is allowed, but not the file system-based access control list (ACL) check that verifies whether a file is accessible by a given user. Successful exploitation of these vulnerabilities would still restrict the attacker to the permissions granted to the anonymous user account by the file system ACLs. |
|
Read more...
|
|
Tuesday, 09 June 2009
Severity Rating: Important - Revision Note: Bulletin published.Summary: This security update resolves two publicly disclosed and two privately reported vulnerabilities in the Windows kernel that could allow elevation of privilege. An attacker who successfully exploited any of these vulnerabilities could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users. |
|
Read more...
|
|
Tuesday, 09 June 2009
Revision Note: V2.0 (June 9, 2009): Advisory updated to reflect publication of security bulletin MS09-008 and Microsoft Security Advisory 971888.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-008 to address the WPAD issue and have released configuration guidance and updates for DNS devolution in Microsoft Security Advisory 971888. For more information about this issue, including download links for an available security update, please review MS09-008 and Microsoft Security Advisory 971888. The vulnerabilities addressed are the WPAD server registration vulnerabilities in WINS and DNS - CVE-2009-0094 and CVE-2009-0093. |
|
Read more...
|
|
Tuesday, 09 June 2009
Severity Rating: Important - Revision Note: Bulletin published.Summary: This security update resolves a publicly disclosed vulnerability in the Windows remote procedure call (RPC) facility where the RPC Marshalling Engine does not update its internal state appropriately. The vulnerability could allow an attacker to execute arbitrary code and take complete control of an affected system. Supported editions of Microsoft Windows are not delivered with any RPC servers or clients that are subject to exploitation of this vulnerability. In a default configuration, users could not be attacked by exploitation of this vulnerability. However, the vulnerability is present in the Microsoft Windows RPC runtime and could affect third-party RPC applications. |
|
Read more...
|
|
Tuesday, 09 June 2009
Revision Note: Advisory published.Summary: Microsoft is announcing the availability of an update to DNS devolution that can help customers in keeping their systems protected. Customers whose domain name has three or more labels , such as "contoso.co.us", or who do not have a DNS suffix list configured, or for whom the following mitigating factors do not apply may inadvertently be allowing client systems to treat systems outside of the organizational boundary as though they were internal to the organization's boundary. |
|
Read more...
|
|
Tuesday, 09 June 2009
Severity Rating: Critical - Revision Note: Bulletin published.Summary: This security update resolves two privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
|
Read more...
|
|
Tuesday, 09 June 2009
Severity Rating: Critical - Revision Note: Bulletin published.Summary: This security update resolves several privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
|
Read more...
|
|
Tuesday, 09 June 2009
Severity Rating: Critical - Revision Note: Bulletin published.Summary: This security update resolves two privately reported vulnerabilities in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003, and Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003. The more severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. |
|
Read more...
|
|
Thursday, 28 May 2009
Revision Note: Advisory published.Summary: Microsoft is investigating new public reports of a new vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted Quicktime media file. Microsoft is aware of limited, active attacks that use this exploit code. While our investigation is ongoing, our investigation so far has shown that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable; all versions of Windows Vista and Windows Server 2008 are not vulnerable. Microsoft has activated its Software Security Incident Response Process (SSIRP) and is continuing to investigate this issue. |
|
Read more...
|
|
Tuesday, 26 May 2009
Severity Rating: Critical - Revision Note: V1.1 (May 26, 2009): Added an entry in the section, Frequently Asked Questions (FAQ) Related to This Security Update, to announce a detection change. The detection no longer offers the MS06-019 and MS06-029 updates, but instead will only offer MS07-026. There were no changes to the binaries. Customers who have already successfully installed the MS07-026 update do not need to reinstall.Summary: This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update immediately. |
|
Read more...
|
|
Tuesday, 26 May 2009
Severity Rating: Critical - Revision Note: V3.0 (May 26, 2009): Added an entry in the section, Frequently Asked Questions (FAQ) Related to This Security Update, to announce a detection change to the update for Microsoft Exchange Server 2003 Service Pack 2 (KB959897). This is a detection change only. There were no changes to the security update files in this bulletin. Customers who have already installed the KB959897 update successfully do not need to reinstall.Summary: This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding. |
|
Read more...
|
|
Wednesday, 20 May 2009
Severity Rating: Critical - Revision Note: V1.2 (May 20, 2009): Added entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update, to communicate that the associated Microsoft Knowledge Base Article 921606 and Microsoft Knowledge Base Article 933399 have been updated with regards to the expected installation behavior for certain update files. This is an informational change only.Summary: This security update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office text converters. The vulnerabilities could allow remote code execution if a specially crafted file is opened in WordPad or Microsoft Office Word. Do not open Microsoft Office, RTF, Write, or WordPerfect files from untrusted sources using affected versions of WordPad or Microsoft Office Word. |
|
Read more...
|
|
Wednesday, 13 May 2009
Revision Note: V1.1 (May 13, 2009): Removed an erroneous note for MS09-017 pertaining to security updates KB969618 and KB957789 for supported versions of Microsoft Office PowerPoint 2007.Summary: This bulletin summary lists security bulletins released for May 2009. |
|
Read more...
|
|
Tuesday, 12 May 2009
Revision Note: V2.0 (May 12, 2009): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-017 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-017. The vulnerability addressed is the Memory Corruption Vulnerability - CVE-2009-0556. |
|
Read more...
|
|
Tuesday, 12 May 2009
Severity Rating: Important - Revision Note: V2.0 (May 12, 2009): Added an entry in the section, Frequently Asked Questions (FAQ) Related to This Security Update, explaining a detection change. As a result of this change, the MS08-066 update may be offered to affected systems running supported editions of Windows Server 2003 in a non-DNS server role. Microsoft recommends that customers offered the MS08-066 update apply the update at the earliest opportunity. Summary: This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Windows DNS server and Windows WINS server. These vulnerabilities could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems. |
|
Read more...
|
|
Thursday, 07 May 2009
Severity Rating: Critical - Revision Note: V4.0 (May 7, 2009): Bulletin updated: Added as affected software: Microsoft .NET Framework 1.0 (KB928367) on 32-bit and x64-based editions of Windows Vista Service Pack 2 and on 32-bit editions of Windows Server 2008 Service Pack 2; Microsoft .NET Framework 1.1 (KB929729) on 32-bit and x64-based editions of Windows Vista Service Pack 2 and on 32-bit, x64-based, and Itanium-based editions of Windows Server 2008 Service Pack 2. This is a detection change only; there were no changes to the binaries. Customers who have already successfully installed KB928367 or KB929729 do not need to reinstall.Summary: This update resolves three privately reported vulnerabilities. Two of these vulnerabilities could allow remote code execution on client systems with .NET Framework installed, and one could allow information disclosure on Web servers running ASP.NET. In all remote code execution cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
Read more...
|
|
Wednesday, 29 April 2009
Severity Rating: Critical - Revision Note: V1.1 (April 29, 2009): Added entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update, to communicate that the Known issues with this security update section in the associated Microsoft Knowledge Base Article 960803 has been updated. This is an informational change only.Summary: This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). The most severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
Read more...
|
|
Wednesday, 29 April 2009
Severity Rating: Critical - Revision Note: V2.0 (April 29, 2009): Added Microsoft XML Core Services 4.0 (KB954430) on 32-bit and x64-based editions of Windows Vista Service Pack 2 and on 32-bit, x64-based, and Itanium-based editions of Windows Server 2008 Service Pack 2 as affected software. Also added as non-affected software: Microsoft XML Core Services 3.0 and Microsoft XML Core Services 6.0 on 32-bit and x64-based editions of Windows Vista Service Pack 2 and on 32-bit, x64-based, and Itanium-based editions of Windows Server 2008 Service Pack 2. This is a detection change only; there were no changes to the binaries. Customers who have already successfully installed KB954430 do not need to reinstall.Summary: This security update resolves several vulnerabilities in Microsoft XML Core Services. The most severe vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
Read more...
|
|
Wednesday, 29 April 2009
Revision Note: V2.0 (April 29, 2009): Added Microsoft XML Core Services 4.0 (KB954430) on 32-bit and x64-based editions of Windows Vista Service Pack 2 and on 32-bit, x64-based, and Itanium-based editions of Windows Server 2008 Service Pack 2 as affected software for MS08-069. This is a detection change only; there were no changes to the binaries. Customers who have already successfully installed KB954430 do not need to reinstall.Summary: This bulletin summary lists security bulletins released for November 2008. |
|
Read more...
|
|
Wednesday, 29 April 2009
Revision Note: V6.0 (April 29, 2009): Added Windows Media Services 2008 (KB952068) on 32-bit and x64-based editions of Windows Server 2008 Service Pack 2 as affected software for MS08-076. This is a detection change only; there were no changes to the binaries. Customers who have already successfully installed KB952068 do not need to reinstall.Summary: This bulletin summary lists security bulletins released for December 2008. |
|
Read more...
|
|
Wednesday, 29 April 2009
Severity Rating: Important - Revision Note: V2.0 (April 29, 2009): Added an entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update to communicate the rerelease of the Norwegian-language update for Microsoft Windows 2000 Service Pack 4 (KB952004). Customers who require the Norwegian-language update need to download and install the rereleased update. No other updates or locales are affected by this rerelease.Summary: This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. The attacker must be able to run code on the local machine in order to exploit this vulnerability. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system. |
|
Read more...
|
|
Wednesday, 29 April 2009
Severity Rating: Important - Revision Note: V4.0 (April 29, 2009): Added Windows Media Services 2008 (KB952068) on 32-bit and x64-based editions of Windows Server 2008 Service Pack 2 as affected software. Also, added Windows Server 2008 for Itanium-based Systems Service Pack 2 as non-affected software. This is a detection change only; there were no changes to the binaries. Customers who have already successfully installed KB952068 do not need to reinstall.Summary: This security update resolves two privately reported vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The most severe vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
Read more...
|
|
Wednesday, 29 April 2009
Revision Note: V1.1 (April 29, 2009): Added an entry to Frequently Asked Questions to communicate that users with Windows Server 2008 Server Core installation do not need to install this update.Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory. |
|
Read more...
|
|
Wednesday, 22 April 2009
Severity Rating: Critical - Revision Note: V1.1 (April 22, 2009): Added Excel Viewer 2003 Service Pack 3 to the MBSA and SMS tables in the section, Detection and Deployment Tools and Guidance. This is an informational change only. There were no changes to the security update binaries or detection logic.Summary: This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Office Excel. The vulnerabilities could allow remote code execution if the user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
Read more...
|
|
Wednesday, 22 April 2009
Severity Rating: Critical - Revision Note: V1.1 (April 22, 2009): Added Microsoft Windows 2000 Service Pack 4 with DirectX 7.0 to the Non-Affected Software table. This is an informational change only.Summary: This security update resolves a privately reported vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
Read more...
|
|
Wednesday, 22 April 2009
Severity Rating: Important - Revision Note: V1.1 (April 22, 2009): Corrected registry key verification entries in the deployment reference tables for ISA Server 2004 and ISA Server 2006.Summary: This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). These vulnerabilities could allow denial of service if an attacker sends specially crafted network packets to the affected system, or information disclosure or spoofing if a user clicks on a malicious URL or visits a Web site that contains content controlled by the attacker. |
|
Read more...
|
|
Wednesday, 22 April 2009
Severity Rating: Critical - Revision Note: V1.2 (April 22, 2009): Corrected the FAQ, "Is it possible to enable the Internet Explorer defense-in-depth protection for the blended threat vulnerability on Microsoft Windows 2000" in the section, Frequently Asked Questions (FAQ) Related to This Security Update.Summary: This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker's server by way of the HTTP protocol. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
Read more...
|
|
Thursday, 16 April 2009
Revision Note: V1.1 (April 16, 2009): Updated the Exploitability Index: removed key notes for CVE-2009-0089 and changed key notes for CVE-2008-2540 in MS09-014 and MS09-015.Summary: This bulletin summary lists security bulletins released for April 2009. |
|
Read more...
|
|
Wednesday, 15 April 2009
Severity Rating: Moderate - Revision Note: V1.1 (April 15, 2009): Added FAQs in the section, Frequently Asked Questions (FAQ) Related to This Security Update as well as in the Vulnerability section for CVE-2008-2540 to explain the relationship between CVE-2008-2540 in this bulletin and in MS09-014. Also added Microsoft Knowledge Base Article 959426 as a reference for instructions in implementing SetSearchPathMode in Microsoft Windows 2000.Summary: This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances. |
|
Read more...
|
|
Tuesday, 14 April 2009
Revision Note: V3.0 (April 14, 2009): Advisory updated to reflect publication of security bulletin.Summary: Security Advisory |
|
Read more...
|
|
Tuesday, 14 April 2009
Revision Note: V2.0 (April 14, 2009): Added references and links to MS09-014 and MS09-015, which address the issue in this advisory.Summary: Microsoft has investigated public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed. Safari is not installed with Windows XP or Windows Vista by default; it must be installed independently or through the Apple Software Update application. Customers running Safari on Windows should review this advisory. |
|
Read more...
|
|
Tuesday, 14 April 2009
Revision Note: V3.0 (April 14, 2009) Advisory updated to reflect publication of security bulletin.Summary: Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. |
|
Read more...
|
|
Tuesday, 14 April 2009
Revision Note: V2.0 (April 14, 2009): Advisory updated to reflect publication of security bulletin.Summary: Microsoft is investigating new reports of a vulnerability in the WordPad Text Converter for Word 97 files on Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Windows XP Service Pack 3, Windows Vista, and Windows Server 2008 are not affected as these operating systems do not contain the vulnerable code. |
|
Read more...
|
|
Wednesday, 01 April 2009
Severity Rating: Moderate - Revision Note: V1.1 (April 1, 2009): Clarified in footnotes under the Affected Software and Severity Ratings tables that Windows Server 2008 server core installations are not affected by the vulnerability discussed in this bulletin, but will still be offered this update. Added an entry in the section, Frequently Asked Questions (FAQ) Related to This Security Update, to reiterate that such installations do not need to install this update.Summary: This security update resolves a publicly reported vulnerability for the Microsoft Speech API. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer and has the Speech Recognition feature in Windows enabled. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes a kill bit for software produced by BackWeb. |
|
Read more...
|
|
Wednesday, 01 April 2009
Revision Note: V2.1 (April 1, 2009): For MS08-032, clarified that Windows Server 2008 server core installations are not affected by the vulnerability discussed but will be offered the update. This is an informational change only. Users of such installations do not need to install this update.Summary: This bulletin summary lists security bulletins released for June 2008. |
|
Read more...
|
|
Wednesday, 18 March 2009
Severity Rating: Important - Revision Note: V1.9 (March 18, 2009): Corrected product instance names from "ADMT" and "ADS" to "MS_ADMT" and "MicrosoftADS", respectively. These are instance names referenced in the Security Update Deployment section for the Microsoft SQL Server 2000 Desktop Engine (WMSDE). This is an informational change only that does not affect the files contained in the update. Customers who have successfully updated their systems do not need to reinstall this update.Summary: This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. |
|
Read more...
|
|
Wednesday, 18 March 2009
Severity Rating: Important - Revision Note: V1.2 (March 18, 2009): Corrected product instance names from "ADMT" and "ADS" to "MS_ADMT" and "MicrosoftADS", respectively. These are instance names referenced in the Security Update Deployment section for the Microsoft SQL Server 2000 Desktop Engine (WMSDE). This is an informational change only that does not affect the files contained in the update. Customers who have successfully updated their systems do not need to reinstall this update.Summary: This security update resolves a privately reported vulnerability in Microsoft SQL Server. The vulnerability could allow remote code execution if untrusted users access an affected system or if a SQL injection attack occurs to an affected system. Systems with SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3, and SQL Server 2008 are not affected by this issue. |
|
Read more...
|
|
Wednesday, 11 March 2009
Revision Note: V1.1 (March 11, 2009): Finder information for MS09-008 updated.Summary: This bulletin summary lists security bulletins released for March 2009. |
|
Read more...
|
|
Wednesday, 11 March 2009
Revision Note: V1.3 (March 11, 2009): Added an entry to Frequently Asked Questions to communicate that for the purpose of automatic updating, this update does not replace the Cumulative Security Update of ActiveX Kill Bits (950760) that is described in Microsoft Security Bulletin MS08-032.Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory. |
|
Read more...
|
|
Tuesday, 10 March 2009
Severity Rating: Critical - Revision Note: V4.0 (March 10, 2009): Added entry in the Frequently Asked Questions (FAQ) Related to this Security Update section to communicate the rerelease of the update packages for Windows XP Service Pack 3 and Windows Server 2003 Service Pack 2 to fix an installation issue. Customers who have already successfully installed the original updates for Windows XP Service Pack 3 or Windows Server 2003 Service Pack 2 do not need to reinstall the new updates.Summary: This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
Read more...
|
|
Tuesday, 10 March 2009
Severity Rating: Critical - Revision Note: Bulletin published.Summary: This security update resolves several privately reported vulnerabilities in the Windows kernel. The most serious vulnerability could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system. |
|
Read more...
|
|
Tuesday, 10 March 2009
Severity Rating: Important - Revision Note: Bulletin published.Summary: This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. Customers are only affected when the public key component of the certificate used for authentication has been obtained by the attacker through other means. |
|
Read more...
|
|
We provide a full range of hardware and software support based services, onsite and off-site including Monitoring services, Remote management and Service level support.