IEBlog
Windows XP SP3 contains some new updates, and a number of bug fixes and security improvements. You can learn more about XPSP3 features by reading the white paper located here. We expect XPSP3 will be publicly available shortly and want you to have this information prior to its final release to the web.
Internet Explorer 6 Users
Internet Explorer 7 Users
Internet Explorer 8 Beta 1 Users
Before upgrading to XPSP3 see the following.
IEBlog: IE and Windows XP Service Pack 3
Microsoft KB 950717: Steps to take before you install Windows XP Service Pack 3
by certifiedbug on April 29, 2008
in Microsoft
XP Service Pack (SP) 3 to Windows Update and the Microsoft Download Center was not released Tuesday April 29, 2008.
According to a Microsoft spokesperson, the Release to Web (RTW) of Windows XP SP3 has been delayed.
In the last few days, we have uncovered a compatibility issue between Microsoft Dynamics Retail Management System (RMS) and both Windows XP SP3 and Windows Vista Service Pack 1 (SP1). In order to make sure customers have the best possible experience, we have decided to delay releasing Windows XP Service Pack 3 (SP3) to the web.
To help protect customers, we plan to put filtering in place shortly to prevent Windows Update from offering both service packs to systems running Microsoft Dynamics RMS. Once filtering is in place, we expect to release Windows XP SP3 to the web.
We are also testing a fix, and will make it available once that process is complete. Once they have installed the fix, Microsoft Dynamics RMS customers should be able to run both service packs.
Until then, we advise Microsoft Dynamics RMS customers to not install either service pack. Microsoft Dynamics RMS customers running Windows XP SP3 or Windows Vista SP1 should contact Microsoft Customer Support Services for additional information.
TechNet
Microsoft Dynamics Retail Management System (RMS) product information
by certifiedbug on April 3, 2008
in Microsoft
Scheduled April bulletin release day, Tuesday, April 8, 2008
The Microsoft Security Response Center (MSRC)
Preliminary information, subject to change.
As part of our regularly scheduled bulletin release, we’re currently planning to release:
- Five Microsoft Security Bulletins rated Critical and three that are rated as Important. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
- As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.
- Finally, we are planning to release five high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as three high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS).
As always, we’ll be holding the April edition of the monthly security bulletin webcast on Wednesday, April 9, 2008 at 11 a.m., Pacific Standard Time. We will review this month’s release and take your questions live on-air with answers from our panel of experts. As a friendly reminder, if you can’t make the live webcast, you can listen to it on-demand as well.
You can register for the webcast here:
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032357219&Culture=en-US
TechNet
With the Vista Service Pack 1 prerequisite updates released last week, reports came in that KB937287 had caused some Vista PCs to either fail to properly boot up or enter an endless boot up loop.
Microsoft released a statement:
We’ve received reports that some customers may be experiencing an unusual reboot cycle after installing KB937287, the servicing stack update we released last week. To prevent further instances of this issue, we temporarily stopped automatic distribution of the update and are investigating solutions to the problem. We believe this problem only impacts a small number of customers. We are working to identify possible solutions and will resume automatic distribution again after we address the issue.
If you were unfortunate to experience this problem you can try using system restore to correct it, or contact 1-866-PC-Safety for help troubleshooting.
Vista Team Blog
by certifiedbug on February 7, 2008
in Browser
Please update as soon as possible.
Fixed in Firefox 2.0.0.12
MFSA 2008-11 Web forgery overwrite with div overlay
Low
MFSA 2008-10 URL token stealing via stylesheet redirect
Low
MFSA 2008-09 Mishandling of locally-saved plain text files
Low
MFSA 2008-08 File action dialog tampering
Moderate
MFSA 2008-06 Web browsing history and forward navigation stealing
Critical
MFSA 2008-05 Directory traversal via chrome: URI
High
MFSA 2008-04 Stored password corruption
Moderate
MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
Critical
MFSA 2008-02 Multiple file input focus stealing vulnerabilities
High
MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
Critical
Download from Mozilla
Or use browser, Help > Check For Updates.
by certifiedbug on February 6, 2008
in Security
Adobe Reader 8.1.2 Release Notes
The absence of a bulletin with details and severity ratings has raised eyebrows in the security research community.
The patch, included in Adobe Reader 8.1.2, plugs at least one known critical issue that allows rigged PDF files to be used in code execution attacks, says Kostya Kortchinsky, a vulnerability researcher at Immunity.
eWeek
A lot of bug fixes.
It is important not only to keep Sun Java up to date, but also to remove older versions which have security holes and can be exploited. Vulnerabilities in old Sun Java versions may be partly responsible for Vundo/Winfixer infections.
Before un-installing your previous version, first download the latest upgrade, as of today Java Runtime Environment (JRE) 6 Update 4. Just in case you experience any difficulty in obtaining a copy.
Download from http://java.sun.com/javase/downloads/?intcmp=1281 and save, do not install yet.
- 1. Uninstall old versions of Sun Java via Add/Remove Programs.
- 2. Click the Remove or Change/Remove button.
- 3. Reboot your PC if prompted.
- 4. Install the latest version which you previously downloaded.
To verify a successful install: http://www.java.com/en/download/installed.jsp
Congratulations!
You have the recommended Java installed (1.6.0_04).
Microsoft January 2008 Bulletin Release included a Windows Sidebar Protection update for Windows Vista.
SUMMARY
This article documents the Windows Sidebar Protection update that was made to the Windows Sidebar for Windows Vista. The update was made to allow for the Windows Sidebar to perform the following actions:
- Generate unique identifiers for all gadgets that run in the Windows Sidebar
- Receive a list of known vulnerable gadgets from Microsoft by using Windows Update
- Stop a gadget from running in the Windows Sidebar if the gadget has been determined to be vulnerable
- Stop a gadget from being installed if the gadget has been determined to be vulnerable
Please see the Microsoft Knowledge Base Article 941411 for information and screenshots: http://support.microsoft.com/kb/941411
Scheduled December bulletin release day, Tuesday, December 11, 2007.
The Microsoft Security Response Center (MSRC)
- Six Microsoft Security Bulletins affecting Microsoft Windows with a Maximum Severity rating of Critical. Some of these updates will require a restart and will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.
- One Microsoft Security Bulletin affecting Internet Explorer with a Maximum Severity rating of Critical. This update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.
As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.
Finally, we are planning to release six high-priority, non-security updates on Microsoft Update and one high-priority, non-security update on Windows Update.
TechNet Advance Notification
Adobe® Flash® Player 9 Update 3 is available for download.
It is wise to keep flash updated as there are exploits which use it to install nasty stuff on your computer. You can check which version you have installed here.
If you use Firefox, the Flashblock extension is useful for blocking all Flash content from loading automatically and allows selective activation and whitelisting of sites.
