Microsoft Security Bulletin(s) for October 14/08 and 23/10/08 out-of-band

[NICK ADSL UK]

Microsoft Security Bulletin(s) for October 14 2008

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://www.microsoft.com/technet/sec.../ms08-oct.mspx


Critical (4 )

Microsoft Security Bulletin MS08-060
Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
http://go.microsoft.com/fwlink/?LinkId=128125

Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)
http://go.microsoft.com/fwlink/?LinkID=128060

Microsoft Security Bulletin MS08-059
Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
http://go.microsoft.com/fwlink/?LinkId=125712

Microsoft Security Bulletin MS08-057
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
http://go.microsoft.com/fwlink/?LinkID=124653

Important (6)

Microsoft Security Bulletin MS08-066
Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
http://go.microsoft.com/fwlink/?LinkId=125709

Microsoft Security Bulletin MS08-061
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
http://www.microsoft.com/technet/sec.../MS08-061.mspx

Microsoft Security Bulletin MS08-062
Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
http://go.microsoft.com/fwlink/?LinkId=120829

Microsoft Security Bulletin MS08-063
Vulnerability in SMB Could Allow Remote Code Execution (957095)
http://go.microsoft.com/fwlink/?LinkID=127994

Microsoft Security Bulletin MS08-064
Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
http://go.microsoft.com/fwlink/?LinkId=128103

Microsoft Security Bulletin MS08-065
Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)
http://www.microsoft.com/technet/sec.../MS08-065.mspx

Moderate (1)

Microsoft Security Bulletin MS08-056
Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
http://go.microsoft.com/fwlink/?LinkId=128145


Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

[NICK ADSL UK]

TechNet Webcast: Information About Microsoft October Security Bulletins (Level 200)
Event ID: 1032374639

Language(s): English.
Product(s): Security.
Audience(s): IT Professional.

Duration: 60 Minutes
Start Date: Wednesday, October 15, 2008 11:00 AM Pacific Time (US & Canada)

Event Overview

On October 14, 2008, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the October security bulletins. The intent of this webcast is to address your concerns. Therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from our security experts.

Presenters: Christopher Budd, Security Response Communications Lead, Microsoft Corporation and Adrian Stone, Lead Security Program Manager, Microsoft Corporation

Register now for the October security bulletin webcast.

[NICK ADSL UK]

Malicious Software Removal Tool
Published: January 11, 2005 | Updated: October 14, 2008

New Additions
We have added detection and cleaning capabilities for the following malicious software:

• Rustock

http://go.microsoft.com/fwlink/?link...=Win32/Rustock

[NICK ADSL UK]

Microsoft Security Advisory Notification - October 14, 2008

************************************************
Title: Microsoft Security Advisory Notification
Issued: October 14, 2008
************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (956391)
- Title: Cumulative Security Update of ActiveX Kill Bits
http://www.microsoft.com/technet/sec...ry/956391.mspx

- Revision Note: Advisory Published.

[NICK ADSL UK]

Microsoft Security Bulletin MS08-041 – Critical
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
Published: August 12, 2008 | Updated: October 14, 2008

General Information

Executive Summary
This security update resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

This security update is rated Critical for the Snapshot Viewer for Microsoft Access and for supported versions of Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003.

The security update addresses the vulnerability by correcting an error in the Microsoft Access Snapshot Viewer control. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 955179.

Recommendation. Microsoft recommends that customers apply the update immediately.

Known Issues. None


http://www.microsoft.com/technet/sec.../ms08-041.mspx

[NICK ADSL UK]

Microsoft Security Bulletin MS08-062 - Important
Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
Published: October 14, 2008 | Updated: October 15, 2008

Version: 2.0

General Information
Executive Summary
This update resolves a privately reported vulnerability in the Windows Internet Printing Service that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses this vulnerability by changing the way that memory is allocated within the Internet Printing Protocol (IPP) service. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation. Microsoft recommends that customers apply the update at the earliest opportunity.

Known Issues. None

http://www.microsoft.com/technet/sec.../ms08-062.mspx

[NICK ADSL UK]

Microsoft Security Bulletin Minor Revisions - Oct. 16, 2008

********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: October 16, 2008
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS08-062 - Important

Bulletin Information:
=====================

* MS08-062 - Important

http://www.microsoft.com/technet/sec.../ms08-062.mspx

- Reason for Revision: V2.1 (October 16, 2008 Added entry to the
section, Frequently Asked Questions (FAQ) Related to This
Security Update, to clarify that the Windows Internet
Printing service runs in the context of the Spooler service,
which runs under system privileges. Also, removed references
to user rights in the Executive Summary and FAQ for Integer
Overflow in IPP Service Vulnerability - CVE-2008-1446 sections.
- Originally posted: October 14, 2008
- Updated: October 16, 2008
- Bulletin Severity Rating: Important
- Version: 2.1

[NICK ADSL UK]

Microsoft Security Bulletin Minor Revisions - October 15, 20

********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: October 15, 2008
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS08-065 - Important
* MS08-064 - Important
* MS08-063 - Important
* MS08-060 - Critical
* MS08-059 - Critical
* MS08-058 - Critical
* MS08-057 - Critical
* MS08-041 - Critical

Bulletin Information:
=====================

* MS08-065 - Important

http://www.microsoft.com/technet/sec.../ms08-065.mspx
- Reason for Revision: V1.1 (October 15, 2008 Added a link in the
Affected Software table to MS07-065, the bulletin replaced by
this update.
Originally posted: October 14, 2008
- Updated: October 15, 2008
Bulletin Severity Rating: Important
- Version: 1.1

* MS08-064 - Important

http://www.microsoft.com/technet/sec.../ms08-064.mspx
- Reason for Revision: V1.1 (October 15, 2008 Corrected the link
to a reference MSDN article in FAQ for Virtual Address
Descriptor Elevation of Privilege Vulnerability - CVE-2008-4036.
- Originally posted: October 14, 2008
- Updated: October 15, 2008
- Bulletin Severity Rating: Important
- Version: 1.1

* MS08-063 - Important

http://www.microsoft.com/technet/sec.../ms08-063.mspx
- Reason for Revision: V1.1 (October 15, 2008 Bulletin updated to
clarify that the updates for Windows Vista and Windows 2008
do not require a restart, and to correct the registry key
verification entry for Windows XP.
- Originally posted: October 14, 2008
- Updated: October 15, 2008
- Bulletin Severity Rating: Important
- Version: 1.1

* MS08-060 - Critical

http://www.microsoft.com/technet/sec.../ms08-060.mspx
- Reason for Revision: V1.1 (October 15, 2008 Updated the
Non-Affected Software table.
- Originally posted: October 14, 2008
- Updated: October 15, 2008- Bulletin Severity Rating: Critical
- Version: 1.1

* MS08-059 - Critical

http://www.microsoft.com/technet/sec.../ms08-059.mspx
- Reason for Revision: V1.1 (October 15, 2008 Added reference to
Microsoft Knowledge Base Article 956695 to Known Issues in
the Executive Summary section. Also, corrected the title of
the HIS Command Execution Vulnerability (CVE- 2008-3466) in
the Acknowledgments section.
- Originally posted: October 14, 2008
- Updated: October 15, 2008- Bulletin Severity Rating: Critical
- Version: 1.1

* MS08-058 - Critical

http://www.microsoft.com/technet/sec.../ms08-058.mspx
- Reason for Revision: V1.1 (October 15, 2008 Corrected a
registry key verification entry for Windows 2003, and
corrected File Information links.
- Originally posted: October 14, 2008
- Updated: October 15, 2008- Bulletin Severity Rating: Critical
- Version: 1.1

* MS08-057 - Critical

www.microsoft.com/technet/securi···057.mspx
- Reason for Revision: V1.1 (October 15, 2008 Changed the Systems
Management Server detection and deployment summary to "yes"
for all supported versions of Microsoft Office Excel Viewer
2003 in the Detection and Deployment Tools and Guidance
section. This is an informational change only. There were no
changes to the security update binaries or detection logic.
- Originally posted: October 14, 2008
- Updated: October 15, 2008- Bulletin Severity Rating: Critical
- Version: 1.1

* MS08-041 - Critical

http://www.microsoft.com/technet/sec.../ms08-041.mspx
- Reason for Revision: V2.1 (October 15, 2008 Added reference to
Microsoft Knowledge Base Article (KB957198 for SnapShot
Viewer for Microsoft Access. Also, clarified that users who
have successfully installed the update for Microsoft Office
2000 Service Pack 3, Office XP Service Pack 2, or Office 2003
Service Pack 2 or Office 2003 Service Pack 3 do not need to
reinstall the update for the standalone Snapshot Viewer for
Microsoft Access.
- Originally posted: August 12, 2008
- Updated: October 15, 2008
- Bulletin Severity Rating: Critical
- Version: 2.1
--

[NICK ADSL UK]

Microsoft out-of-band security bulletin summary for October 2008

Microsoft Security Bulletin Summary for October 2008
Published: October 14, 2008 | Updated: October 23, 2008

Version: 3.0

This bulletin summary lists security bulletins released for October 2008.

With the release of the bulletins for October 2008, this bulletin summary replaces the bulletin advance notification originally issued October 9, 2008. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

Please note that the updates that were posted on october 14 2008 have been either updated or revised with the addition of

Microsoft Security Bulletin MS08-067
Vulnerability in Server Service Could Allow Remote Code Execution (958644)

http://www.microsoft.com/technet/sec.../MS08-067.mspx

[NICK ADSL UK]

Update on MS08-067

Quote:

Hello everyone,



This is Christopher Budd once again. As I said in my last post, we aren’t done when we release an update. Our response teams are constantly watching the situation around the world to understand as much as possible what’s going on with things like the threat environment and the state of security update deployments.



Based on some of our latest situation reports I wanted to provide you with an update as of this morning. You’ve told us it’s helpful for you to have this information on an ongoing basis.



In terms of the security update itself, we’re seeing strong deployments worldwide. We also have no reports of known issues with the security update at this time.



In terms of the overall threat environment, we’ve not seen any major changes so far. We are aware that people are working to develop reliable public exploit code for the vulnerability. We are aware of discussion about code posted on a public site, but our analysis has shown that code always results in a denial of service, to demonstrate the vulnerability. So far, we’ve not seen evidence of public, reliable exploit code showing code execution.



Additionally, we’re not aware of any broad attacks or new malware seeking to exploit this vulnerability since we’ve released the security update on Thursday. While there have been a couple of reports of a “new worm”, these reports are actually inaccurate: they’re talking about malware we found in our investigation of the original targeted and limited attacks that we talked about in our posting on Thursday. Specifically, these reports are talking about TrojanSpy:Win32/Gimmiv.A and TrojanSpy:Win32/Arpoc.A (which is the specific attack associated with Exploit:Win32/MS08067.gen!A). Both of these are trojans, not self-replicating worms.



While deployments of the updates are happening quickly and relatively smoothly, and the threat environment hasn’t changed significantly since Thursday, we don’t want customers to take that as a sign to decrease their pace of, or even delay, deployments for this update. This is a Critical vulnerability that is being actively attacked, though so far in a limited, targeted fashion. Those were the reasons we released this out-of-band and it is because of this that we continue to urge customers to aggressively test and deploy this update as soon as possible.



In addition, we are not relaxing our vigilance here. Our teams around the world continue to work around the clock, watching for any changes in the threat environment or issues that could impact customers’ ability to deploy these updates. As always, we will let you know through the MSRC weblog of any changes in this situation.



Thanks,

Christopher

http://blogs.technet.com/msrc/archiv...-ms08-067.aspx


Most common questions that we've been asked regarding MS08-067

http://blogs.technet.com/swi/archive...-ms08-067.aspx

[NICK ADSL UK]

Update on MS08-067 and Microsoft Security Advisory 958963

Quote:

Hi, this is Christopher Budd. As we go into the weekend I wanted to take a moment and give you an update on the latest information around MS08-067 and Microsoft Security Advisory 958963.

Essentially there is no new information to report. We’ve seen no significant changes in the threat landscape since our posting of Microsoft Security Advisory 958963 on Monday. We continue to see strong, rapid and wide deployments of the security update worldwide. We also still have no reports of issues with the security update.

All that said, as Mike noted on Monday, we have seen exploit code resulting in code execution in public. If you’ve not yet tested and deployed the security update, we continue to urge you to do so as quickly as possible.

Like we always do, we will keep watching the situation and will let you know if anything changes.

Thanks!

Christopher