Microsoft Security Bulletin(s) for November 11 2008

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://www.microsoft.com/technet/security/bulletin/ms08-nov.mspx


Critical (1 )
Microsoft Security Bulletin MS08-069
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218
http://www.microsoft.com/technet/security/bulletin/ms08-069.mspx


Important (1)
Microsoft Security Bulletin MS08-068 – Important
Vulnerability in SMB Could Allow Remote Code Execution (957097)
http://www.microsoft.com/technet/security/bulletin/ms08-068.mspx


Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update (http://www.windowsupdate.com/) and Office Update (http://office.microsoft.com/OfficeUpdate/) or Microsoft Update (http://update.microsoft.com/microsoftupdate) websites. You may also get the updates thru Automatic Updates (http://www.microsoft.com/athome/security/update/bulletins/automaticupdates.mspx) functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA (http://www.microsoft.com/technet/security/tools/mbsahome.mspx).

TechNet Webcast: Information About Microsoft November Security Bulletins (Level 200)
Event ID: 1032374642

Language(s): English.
Product(s): Security.
Audience(s): IT Professional.

Duration: 60 Minutes
Start Date: Wednesday, November 12, 2008 11:00 AM Pacific Time (US & Canada)

Event Overview

On November 11, 2008, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the November security bulletins. The intent of this webcast is to address your concerns. Therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from our security experts.

Presenters: Christopher Budd, Security Response Communications Lead, Microsoft Corporation and Adrian Stone, Lead Security Program Manager, Microsoft Corporation

Register now for the november security bulletin webcast (http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032374642).

Malicious Software Removal Tool
Published: January 11, 2005 | Updated: November 11, 2008

New Additions
We have added detection and cleaning capabilities for the following malicious software:

• FakeSecSen
http://go.microsoft.com/fwlink/?linkid=37020&name=Win32/FakeSecSen

• Gimmiv
http://go.microsoft.com/fwlink/?linkid=37020&name=Win32/Gimmiv


http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

-{ Quote: "Tuesday, November 11, 2008 6:49 PM by MSRCTEAM
MS08-068 and SMBRelay
Hi, this is Christopher Budd.

We’ve received some questions from customers about MS08-068 and its relationship to an issue that was first discussed in 2001, called the SMBRelay attack.

Specifically, we’ve gotten some questions about why, in 2008, we’re releasing an update that addresses an issue first discussed in 2001. Since I was in the MSRC back in 2001 when this was all first discussed, I feel well placed to answer that.

At a high level, the behavior that was discussed in the original SMBRelay attack is related to some of the basic behavior of the legacy NTLM protocol. When this issue was first raised back in 2001, we said that we could not make changes to address this issue without negatively impacting network-based applications. And to be clear, the impact would have been to render many (or nearly all) customers’ network-based applications then inoperable. For instance, an Outlook 2000 client wouldn’t have been able to communicate with an Exchange 2000 server. We did say that customers who were concerned about this issue could use SMB signing as an effective mitigation, but, the reality was that there were similar constraints that made it infeasible for customers to implement SMB signing.

After saying that, though, the matter wasn’t closed for us. Since then we’ve been looking at this issue to see if there’s a way we can address this issue that doesn’t have such a large impact to applications and also doesn’t require application developers to completely rewrite their applications. In general, changes of this magnitude can only be made safely in completely new versions of Windows because of the thorough testing that would would receive. And we’ve made some incremental changes in things like Windows XP SP2 and Windows Vista to help address some of this issue.

Over the course of the past year, however, that ongoing work showed us a way to build on those incremental changes that we believed would enable us to make changes that address the issues outlined in the SMBRelay attack and also minimize the impact on network applications. If we were able to do that, we would be able to look at addressing this issue not in a new version of Windows but instead in a security update, provided it met the appropriate quality bar.

Our engineering teams spent a great deal of time testing this approach and found it was feasible. We then took that work and developed it into a security update, putting it through our standard testing to ensure it met an appropriate level of quality for broad release. What we released today with MS08-068 is that security update. It addresses the SMBRelay issue but does so in a way that doesn’t have the negative impact on applications that we originally believed addressing this issue would have.

As Mark notes in his post, implementing SMB signing is still an option and one that we ultimately recommend. However, if you’re like me and remember the SMBRelay attack, you now have a protection option in case you can’t implement SMB signing: apply MS08-068.I hope this helps give some more background on this.

Thanks

Christopher" }-

http://blogs.technet.com/msrc/archive/2008/11/11/ms08-068-and-smbrelay.aspx

Microsoft Security Bulletin(s) for November 11 2008

November 2008 Security Release ISO Image
Brief Description
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on November 11th, 2008.



http://www.microsoft.com/downloads/details.aspx?FamilyID=4269c703-a4cf-4071-ab4d-90070348e9b5&DisplayLang=en