Update

Vulnerability in Server Service Could Allow Remote Code Execution (958644)

Executive Summary

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.

This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

Out-of-band update, extremely urgent to patch ASAP.
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx

Edit
Get Protected, Now!
http://blogs.technet.com/mmpc/archive/2008/10/23/get-protected-now.aspx

MS08-067 and the SDL
http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx

Note:
Threat Expert’s Blog called Gimmiv.A a worm.  A worm may follow but at this stage the attack is a trojan as shown in their own reports.

Sunbelt Blog. The trojan itself isn’t a worm but a dll dropped by Gimmiv is.

{ 0 comments }

Scheduled October bulletin release day, Tuesday, Oct. 14, 2008.

The Microsoft Security Response Center (MSRC)

Preliminary information, subject to change.

As part of our regularly scheduled bulletin release, we’re currently planning to release:

• Four Microsoft Security Bulletins rated as Critical, six rated Important, and one rated Moderate. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.

We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the Other Information section of the Advanced Notification.

We also want to announce the availability of the Exploitability Index in upcoming security bulletin summaries and the official release of Microsoft Active Protections Program, which were both announced at Black Hat in August. The Exploitability Index provides additional information to help customers prioritize deployment of monthly security bulletins while the Microsoft Active Protections Program provides vulnerability information to security software providers in advance of Microsoft’s monthly security bulletin releases. Both the Exploitability Index and Microsoft Active Protection Program provide additional support to customers and partners to defend against emerging online threats.

As always, we’ll be holding the October edition of the monthly security bulletin webcast on Wednesday, Oct. 15, 2008 at 11 a.m., Pacific Standard Time. We will review this month’s release and take your questions live on-air with answers from our panel of experts. As a friendly reminder, if you can’t make the live webcast, you can listen to it on-demand as well at the same URL. In addition, we’ll also be posting the text of the questions and answers from each month’s webcast. You can see a full listing of the posted questions and answers on this page.

You can register for the webcast here: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032374639&Culture=en-US

Update 1: Microsoft Security Advisory 951306

{ 0 comments }

Live Writer now supports my blog’s tag plugin which means I don’t have to edit every post to add tags.

Strike that, the tags generated gave a 404 and my plugin, “No tag for this post”.

I will add an update once I have played with all the new beta goodies, and hopefully fixed a few things too.

Building Windows Live

Windows Live Beta Round-Up & Plug-ins for Windows Live Photo Gallery

{ 0 comments }

Scheduled September bulletin release day, Tuesday, September 9, 2008

The Microsoft Security Response Center (MSRC)

Preliminary information, subject to change.

As part of our regularly scheduled bulletin release, we’re currently planning to release:

• Four Microsoft Security Bulletins rated as Critical. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.

We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the Other Information section of the Advanced Notification.

As always, we’ll be holding the September edition of the monthly security bulletin webcast on Wednesday, September 10, 2008 at 11 a.m., Pacific Standard Time. We will review this month’s release and take your questions live on-air with answers from our panel of experts. As a friendly reminder, if you can’t make the live webcast, you can listen to it on-demand as well at the same URL. In addition, we’ll also be posting the text of the questions and answers from each month’s webcast. You can see a full listing of the posted questions and answers on this page.

You can register for the webcast here: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032374633&Culture=en-US

TechNet

{ 0 comments }

Opera 9.52 is a recommended security and stability upgrade.

The patch closes 7 holes in Opera for Windows, 5 holes in Opera for Mac OS X, and 6 holes in the Linux version.

Extremely Severe Advisory, Opera for Microsoft Windows.

When Opera is registered as a handler for a given protocol, it can be started by external applications. In some cases, being started in this way can cause Opera to crash. To inject code, additional techniques will have to be employed.

This vulnerability is fixed by upgrading to Opera 9.52.

Download

Changelog for Windows

{ 0 comments }

VMware’s CEO, Paul Maritz, released a letter yesterday, apologizing to customers and explaining the problem.

Last night, we became aware of a code issue with the recently released update to ESX 3.5 and ESXi 3.5 (Update 2).

When the time clock in a server running ESX 3.5 or ESXi 3.5 Update 2 hits 12:00AM on August 12th, 2008, the released code causes the product license to expire. The problem has also occurred with a recent patch to ESX 3.5 or ESXi 3.5 Update 2. When an ESX or ESXi 3.5 server thinks its license has expired, the following can happen:

• Virtual machines that are powered off cannot be turned on;

• Virtual machines that have been suspended fail to leave suspend mode; and,

• Virtual machines cannot be migrated using VMotion.

The issue was caused by a piece of code that was mistakenly left enabled for the final release of Update 2. This piece of code was left over from the pre-release versions of Update 2 and was designed to ensure that customers are running on the supported generally available version of Update 2.

In remedying the situation, we’ve already released an express patch for those customers that have installed/upgraded to ESX or ESXi 3.5 Update 2. Within the next 24 hours, we also expect to issue a full replacement for Update 2, which should be used by customers who want to perform fresh installs of ESX or ESXi.

{ 0 comments }

Scheduled August bulletin release day, Tuesday, August 12, 2008

The Microsoft Security Response Center (MSRC)

Preliminary information, subject to change.

As part of our regularly scheduled bulletin release, we’re currently planning to release:

• Seven Microsoft Security Bulletins with maximum severity of Critical, and five with maximum severity of Important. These updates may require a restart and will be detectable using the newly released version of the Microsoft Baseline Security Analyzer.

As we do each month, we’ll be releasing an updated version of the Microsoft Windows Malicious Software Removal Tool.

And finally, we are planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). You can get additional information, in the “Other Information” section of the Advanced Notification.

Also, please do register for next week’s TechNet Monthly Security Bulletin webcast. This month’s will be on Wednesday August 13, 2008 at 11 AM Pacific time. We’ll be reviewing the bulletins during the call and then taking your questions live on the air and providing answers to them from our panel of subject matter experts.

You can register for the webcast here:
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032374631&EventCategory=4&culture=en-US&CountryCode=US

TechNet

{ 0 comments }

Release Notes

Upgrading Firefox

Automatic updates

By default, Firefox is configured to automatically check for updates for itself.

1. When an update is available, the Software Update dialog is automatically displayed. It contains a list of updates for Firefox components that are installed on your system. To begin updating your software, click OK. The new versions of any selected updates are downloaded and installed.
2. When the install process is complete, you must restart Firefox. To close Firefox and re-open it, click Done.
3. After Firefox restarts, all updated versions of Firefox components are available.

http://www.mozilla.com/en-US/firefox/

{ 0 comments }

Scheduled July bulletin release day, Tuesday, July 8, 2008

The Microsoft Security Response Center (MSRC)

Preliminary information, subject to change.

• As part of our regularly scheduled bulletin release, we’re currently planning to release:Four Microsoft Security Bulletins rated as Important. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.

We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the Other Information section of the Advanced Notification.

Finally, in late July, we’ll also be releasing KB946928 which updates the infrastructure of the Windows Update client itself. For more information on this update, please visit the Microsoft Update blog.

As always, we’ll be holding the July edition of the monthly security bulletin webcast on Wednesday, July 9, 2008 at 11 a.m., Pacific Standard Time. We will review this month’s release and take your questions live on-air with answers from our panel of experts. As a friendly reminder, if you can’t make the live webcast, you can listen to it on-demand as well. You can register for the webcast here:

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032374629&Culture=en-US

TechNet

{ 0 comments }