Microsoft Security Bulletin(s) for July 8 2008

Discussion in 'other security issues & news' started by NICK ADSL UK, Jul 8, 2008.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin(s) for July 8 2008

    Note: There may be latency issues due to replication, if the page does not display keep refreshing

    Today Microsoft released the following Security Bulletin(s).

    Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

    Bulletin Summary:

    http://www.microsoft.com/technet/security/bulletin/ms08-jul.mspx

    Important(4)

    Microsoft Security Bulletin MS08-040
    Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
    http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx

    Microsoft Security Bulletin MS08-038
    Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
    http://www.microsoft.com/technet/security/bulletin/ms08-038.mspx

    Microsoft Security Bulletin MS08-037
    Vulnerabilities in DNS Could Allow Spoofing (953230)
    http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx

    Microsoft Security Bulletin MS08-039
    Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
    http://www.microsoft.com/technet/security/bulletin/ms08-039.mspx


    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    TechNet Webcast: Information About Microsoft July Security Bulletins (Level 200)
    Event ID: 1032374629

    Language(s): English.
    Product(s): Security.
    Audience(s): IT Professionals.


    Duration: 60 Minutes
    Start Date: Wednesday, July 09, 2008 11:00 AM Pacific Time (US & Canada)




    Event Overview

    On July 8, 2008, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the July security bulletins. The intent of this webcast is to address your concerns. Therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from our security experts.

    Presenters: Bill Sisk, Security Response Communications Manager, Microsoft Corporation and Adrian Stone, Lead Security Program Manager, Microsoft Corporation


    Register now for the July security bulletin webcast.
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    ***************************************************
    Title: Microsoft Security Bulletin Minor Revisions
    Issued: July 9, 2008
    ***************************************************

    Summary
    =======
    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS08-040 - Important
    * MS08-039 - Important

    Bulletin Information:
    =====================

    * MS08-040 - Important
    http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx

    - Reason for Revision: V1.1 (July 9, 2008 Removed erroneous
    references to SQL Server 2005 Service Pack 1 in the MBSA and
    SMS Detection and Deployment tables. Also clarified
    permissions requirements for vulnerability mitigating factors.
    - Originally posted: July 8, 2008
    - Updated: July 9, 2008
    - Bulletin Severity Rating: Important
    - Version: 1.1

    * MS08-039 - Important

    http://www.microsoft.com/technet/security/bulletin/ms08-039.mspx

    - Reason for Revision: V1.1 (July 9, 2008 Changed the information
    reference link for OWA Premium in the Mitigating Factors
    sections for both vulnerabilities.
    - Originally posted: July 8, 2008
    - Updated: July 9, 2008
    - Bulletin Severity Rating: Important
    - Version: 1.1
    --
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    ********************************************************************
    Title: Microsoft Security Bulletin Major Revisions
    Issued: July 10, 2008
    ********************************************************************

    Summary
    =======
    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS08-037 - Important

    Bulletin Information:
    =====================

    * MS08-037 - Important

    - http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
    - Reason for Revision: V2.0 (July 10, 2008 Bulletin revised to
    inform users of ZoneAlarm and Check Point Endpoint Security
    of an Internet connectivity issue detailed in the section,
    Frequently Asked Questions (FAQ) Related to this Security
    Update. The revision did not change the security update files
    in this bulletin, but users of ZoneAlarm and Check Point
    Endpoint Security should read the FAQ entries for guidance.
    - Originally posted: July 8, 2008
    - Updated: July 10, 2008
    - Bulletin Severity Rating: Important
    - Version: 2.0
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions - July 18, 2008

    ***************************************************
    Title: Microsoft Security Bulletin Minor Revisions
    Issued: July 18, 2008
    ***************************************************

    Summary
    =======
    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS08-040 - Important

    Bulletin Information:
    =====================

    * MS08-040 - Important

    http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx
    - Reason for Revision: V1.4 (July 18, 2008 Corrected the list of
    valid product instance names in the Microsoft SQL Server 2000
    Desktop Engine (WMSDE) subsection under the Security Update
    Information section. Also added entry to the Frequently Asked
    Questions (FAQ) Related to This Security Update to
    communicate a detection change in the way that Windows Server
    Update Services (WSUS) offers the update for Microsoft SQL
    Server 2000 Desktop Engine (WMSDE).
    - Originally posted: July 8, 2008-
    Updated: July 18, 2008
    - Bulletin Severity Rating: Important
    - Version: 1.4
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS08-037 – Important
    Vulnerabilities in DNS Could Allow Spoofing (953230)
    Published: July 8, 2008 | Updated: July 25, 2008


    Version: 2.2

    General Information
    Executive Summary
    This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.

    This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

    The security update addresses the vulnerabilities by using strongly random DNS transaction IDs, using random sockets for UDP queries, and updating the logic used to manage the DNS cache. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

    Recommendation. Microsoft recommends that customers apply the update at the earliest opportunity.

    Known Issues. Microsoft Knowledge Base Article 953230 documents the currently known issues that customers may experience when they install this security update.

    http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
     
Loading...
Thread Status:
Not open for further replies.