Microsoft Security Bulletin(s) for July 8 2008 [Archive]

View Full Version : Microsoft Security Bulletin(s) for July 8 2008

NICK ADSL UK

July 8th, 2008, 01:18 PM

Microsoft Security Bulletin(s) for July 8 2008

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://www.microsoft.com/technet/security/bulletin/ms08-jul.mspx

Important(4)

Microsoft Security Bulletin MS08-040
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx

Microsoft Security Bulletin MS08-038
Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
http://www.microsoft.com/technet/security/bulletin/ms08-038.mspx

Microsoft Security Bulletin MS08-037
Vulnerabilities in DNS Could Allow Spoofing (953230)
http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx

Microsoft Security Bulletin MS08-039
Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
http://www.microsoft.com/technet/security/bulletin/ms08-039.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update (http://www.windowsupdate.com/) and Office Update (http://office.microsoft.com/OfficeUpdate/) or Microsoft Update (http://update.microsoft.com/microsoftupdate) websites. You may also get the updates thru Automatic Updates (http://www.microsoft.com/athome/security/update/bulletins/automaticupdates.mspx) functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA (http://www.microsoft.com/technet/security/tools/mbsahome.mspx).

NICK ADSL UK

July 8th, 2008, 01:22 PM

TechNet Webcast: Information About Microsoft July Security Bulletins (Level 200)
Event ID: 1032374629
Language(s): English.
Product(s): Security.
Audience(s): IT Professionals.

Duration: 60 Minutes
Start Date: Wednesday, July 09, 2008 11:00 AM Pacific Time (US & Canada)

Event Overview

On July 8, 2008, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the July security bulletins. The intent of this webcast is to address your concerns. Therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from our security experts.

Presenters: Bill Sisk, Security Response Communications Manager, Microsoft Corporation and Adrian Stone, Lead Security Program Manager, Microsoft Corporation

Register now for the July security bulletin webcast (http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032374629&EventCategory=4&culture=en-US&CountryCode=US).

NICK ADSL UK

July 8th, 2008, 01:31 PM

Malicious Software Removal Tool
Published: January 11, 2005 | Updated: July 8, 2008
New Additions
We have added detection and cleaning capabilities for the following malicious software:

• Horst
http://go.microsoft.com/fwlink/?linkid=37020&name=Win32/Horst

http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

NICK ADSL UK

July 9th, 2008, 05:28 PM

***************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: July 9, 2008
***************************************************
Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS08-040 - Important
* MS08-039 - Important

Bulletin Information:
=====================

* MS08-040 - Important
http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx

- Reason for Revision: V1.1 (July 9, 2008 Removed erroneous
references to SQL Server 2005 Service Pack 1 in the MBSA and
SMS Detection and Deployment tables. Also clarified
permissions requirements for vulnerability mitigating factors.
- Originally posted: July 8, 2008
- Updated: July 9, 2008
- Bulletin Severity Rating: Important
- Version: 1.1

* MS08-039 - Important
http://www.microsoft.com/technet/security/bulletin/ms08-039.mspx

- Reason for Revision: V1.1 (July 9, 2008 Changed the information
reference link for OWA Premium in the Mitigating Factors
sections for both vulnerabilities.
- Originally posted: July 8, 2008
- Updated: July 9, 2008
- Bulletin Severity Rating: Important
- Version: 1.1
--

NICK ADSL UK

July 11th, 2008, 04:08 AM

********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: July 10, 2008
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS08-037 - Important

Bulletin Information:
=====================

* MS08-037 - Important

- http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
- Reason for Revision: V2.0 (July 10, 2008 Bulletin revised to
inform users of ZoneAlarm and Check Point Endpoint Security
of an Internet connectivity issue detailed in the section,
Frequently Asked Questions (FAQ) Related to this Security
Update. The revision did not change the security update files
in this bulletin, but users of ZoneAlarm and Check Point
Endpoint Security should read the FAQ entries for guidance.
- Originally posted: July 8, 2008
- Updated: July 10, 2008
- Bulletin Severity Rating: Important
- Version: 2.0

NICK ADSL UK

July 19th, 2008, 06:46 PM

Microsoft Security Bulletin Minor Revisions - July 18, 2008

***************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: July 18, 2008
***************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS08-040 - Important

Bulletin Information:
=====================

* MS08-040 - Important

http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx
- Reason for Revision: V1.4 (July 18, 2008 Corrected the list of
valid product instance names in the Microsoft SQL Server 2000
Desktop Engine (WMSDE) subsection under the Security Update
Information section. Also added entry to the Frequently Asked
Questions (FAQ) Related to This Security Update to
communicate a detection change in the way that Windows Server
Update Services (WSUS) offers the update for Microsoft SQL
Server 2000 Desktop Engine (WMSDE).
- Originally posted: July 8, 2008-
Updated: July 18, 2008
- Bulletin Severity Rating: Important
- Version: 1.4

NICK ADSL UK

July 25th, 2008, 04:42 PM

Microsoft Security Bulletin MS08-037 – Important
Vulnerabilities in DNS Could Allow Spoofing (953230)
Published: July 8, 2008 | Updated: July 25, 2008

Version: 2.2

General Information
Executive Summary
This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.

This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerabilities by using strongly random DNS transaction IDs, using random sockets for UDP queries, and updating the logic used to manage the DNS cache. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation. Microsoft recommends that customers apply the update at the earliest opportunity.

Known Issues. Microsoft Knowledge Base Article 953230 documents the currently known issues that customers may experience when they install this security update.

http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx