Microsoft Security Bulletin(s) for January 2008

Microsoft Security Bulletin(s) for January 2008

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx

Critical (1)

Microsoft Security Bulletin MS08-001
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)

http://go.microsoft.com/fwlink/?LinkId=104919

Important (1)

Microsoft Security Bulletin MS08-002
Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)
http://go.microsoft.com/fwlink/?LinkID=104921

Non-Security, High-Priority Updates on MU, WU, and WSUS
For this month:

• Microsoft has released five non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

• Microsoft has released two non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.


Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days.

This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

TechNet Webcast: Information About Microsoft January Security Bulletins (Level 200)
Event ID: 1032357213

Language(s): English.
Product(s): Security.
Audience(s): IT Professionals.

Duration: 60 Minutes
Start Date: Wednesday, January 09, 2008 11:00 AM Pacific Time (US & Canada)

Event Overview

On January 8, 2008, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the January security bulletins. The intent of this webcast is to address your concerns. Therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from our security experts.

Presenters: Tim Rains, Security Response Communications Lead, Microsoft Corporation, and Adrian Stone, Lead Security Program Manager, Microsoft Corporation

Register now for the January security bulletin webcast.

 

Malicious Software Removal Tool
Published: January 11, 2005 | Updated: January 8, 2008

New Additions
We have added detection and cleaning capabilities for the following malicious software:

• Cutwail

http://go.microsoft.com/fwlink/?linkid=37020&name=Win32/Cutwail

 

January 2008 Security Releases ISO Image
Brief Description
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on January 8th, 2008.

Overview
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on January 8th, 2008. The image does not contain security updates for other Microsoft products. This DVD5 ISO image is intended for administrators that need to download multiple individual language versions of each security update and that do not use an automated solution such as Windows Server Update Services (WSUS). You can use this ISO image to download multiple updates in all languages at the same time.

Important: Be sure to check the individual security bulletins at http://www.microsoft.com/technet/security prior to deployment of these updates to ensure that the files have not been updated at a later date.

http://www.microsoft.com/downloads/...11-213f-461a-ac68-090a353cece2&DisplayLang=en

 

"********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: January 9, 2008
********************************************************************
Microsoft Security Bulletin MS07-042 - Critical
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
Published: August 14, 2007 | Updated: January 9, 2008
Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS07-042 - Critical

Bulletin Information:
=====================

* MS07-042 - Critical
http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx

Reason for Revision: Bulletin updated: Added Microsoft Word
Viewer 2003 as an affected product. Also added an Update FAQ
clarifying the kill bit for Microsoft XML Parser 2.6 and its
applicability to this security update.
- Originally posted: August 14, 2007
- Updated: January 9, 2008
- Bulletin Severity Rating: Critical
- Version: 3.0