FYI...

Microsoft Security Advisory (951306)
Vulnerability in Windows Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/951306.mspx
April 17, 2008 - "Microsoft is investigating new public reports of a vulnerability which could allow elevation of privilege from authenticated user to LocalSystem, affecting Windows XP Professional Service Pack 2 and all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008. Customers who allow user-provided code to run in an authenticated context, such as within Internet Information Services (IIS) and SQL Server, should review this advisory. Hosting providers may be at increased risk from this elevation of privilege vulnerability. Currently, Microsoft is not aware of any attacks attempting to exploit the potential vulnerability. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers..."

FYI...

Microsoft Security Advisory (950627)
Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/950627.mspx
Updated: May 13, 2008 - "...We have issued Microsoft Security Bulletin MS08-028 to address this issue. For more information about this issue, including download links for an available security update, please review MS08-028*... In addition to immediately installing the update in Microsoft Security Bulletin MS08-028, we recommend that customers with Microsoft Word also immediately install the update in Microsoft Security Bulletin MS08-026**: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207), for the most up-to-date protection against the attack vector for these types of attacks..."

* http://go.microsoft.com/fwlink/?LinkId=114750

** http://go.microsoft.com/fwlink/?LinkId=117295

.

FYI...

Microsoft Security Advisory (953818)
Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform
- http://www.microsoft.com/technet/security/advisory/953818.mspx
Published: May 30, 2008 - "Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed. Safari is not installed with Windows XP or Windows Vista by default; it must be installed independently or through the Apple Software Update application. Customers running Safari on Windows should review this advisory.
At the present time, Microsoft is unaware of any attacks attempting to exploit this blended threat. Upon completion of this investigation, Microsoft will take the appropriate measures to protect our customers. This may include providing a solution through a service pack, the monthly update process, or an out-of-cycle security update, depending on customers needs.

Mitigating Factors:
• Customers who have changed the default location where Safari downloads content to the local drive are -not- affected by this blended threat."

- http://blogs.technet.com/msrc/archive/2008/05/30/security-advisory-953818-posted.aspx
May 30, 2008

FYI...

- http://secunia.com/advisories/30467/
Release Date: 2008-06-02
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
OS: Microsoft Windows Vista, Microsoft Windows XP Home Edition, Microsoft Windows XP Professional
Software: Safari for Windows 3.x
...The vulnerability is reported in Safari running on Windows XP or Vista.
Solution: Set the download location in Safari to a location other than "Desktop"...
Original Advisory: http://www.microsoft.com/technet/security/advisory/953818.mspx

FYI...

Microsoft Security Advisory (953818)
Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform
- http://www.microsoft.com/technet/security/advisory/953818.mspx
Revisions:
• May 30, 2008: Advisory published.
• June 6, 2008: Modified the steps in the workaround and added acknowledgment.

FYI...

Microsoft Security Advisory (954474)
System Center Configuration Manager 2007 Blocked from Deploying Security Updates
- http://www.microsoft.com/technet/security/advisory/954474.mspx
June 13, 2008 - "Microsoft is investigating public reports of a non-security issue that affects environments with System Center Configuration Manager 2007 that deploy updates to Systems Management Services (SMS) 2003 clients. Microsoft is aware of reports from customers who are experiencing this issue. Upon completion of the investigation, Microsoft will take the appropriate action to resolve the problem within System Center Configuration Manager 2007.
Mitigating Factors:
• This issue impacts customers using System Center Configuration Manager 2007 servers to deploy updates to SMS 2003 clients..."

FYI...

Microsoft Security Advisory (954474)
System Center Configuration Manager 2007 Blocked from Deploying Security Updates
- http://www.microsoft.com/technet/security/advisory/954474.mspx
Updated: June 17, 2008 - "... Microsoft has confirmed those reports and has released an update to correct this issue under Microsoft Knowledge Base Article 954474*. Microsoft encourages customers affected by this issue to review and install this update..."
* http://support.microsoft.com/kb/954474
Last Review: June 17, 2008
Revision: 2.1

FYI...

MS08-030 - new patch, for XPSP2 & XPSP3
- http://isc.sans.org/diary.html?storyid=4600
Last Updated: 2008-06-20 01:20:41 UTC - "Microsoft issued a new patch, for XPSP2 & XPSP3, for MS08-030*: Vulnerability in Bluetooth stack could allow remote code execution. "Customers who are running Windows XP Service Pack 2 and Windows XP Service Pack 3 should download and deploy this new security update. Customers running Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 and all supported versions of Windows Vista who have already applied these original security updates do not need to take any further action"... The Technet Security Vulnerability Research & Defense blog** on the vulnerability was "MS08-030: All bark and no bite? The case of the Bluetooth update".
Related update- KB KB951376 Security Update for Windows XP:
http://support.microsoft.com/kb/951376/en-us ..."
Last Review: June 19, 2008
Revision: 2.0

* http://www.microsoft.com/technet/security/bulletin/ms08-030.mspx
Revisions:
• V1.0 (June 10, 2008): Bulletin published.
• V2.0 (June 19, 2008): Added "Why was this security update reoffered on June 19, 2008?" entry to the Update FAQ to advise customers running Windows XP Service Pack 2 and Windows XP Service Pack 3 that a revised version of the security update is available.
"...Customers who are running Windows XP Service Pack 2 and Windows XP Service Pack 3 should download and deploy this new security update..."

** http://preview.tinyurl.com/67t4uw
(blogs.technet.com)

FYI...

Microsoft Security Advisory (954462)
Rise in SQL Injection Attacks Exploiting Unverified User Data Input
- http://www.microsoft.com/technet/security/advisory/954462.mspx
June 24, 2008 - "Microsoft is aware of a recent escalation in a class of attacks targeting Web sites that use Microsoft ASP and ASP.NET technologies but do not follow best practices for secure Web application development. These SQL injection attacks do not exploit a specific software vulnerability, but instead target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. When a SQL injection attack succeeds, an attacker can compromise data stored in these databases and possibly execute remote code. Clients browsing to a compromised server could be forwarded unknowingly to malicious sites that may install malware on the client machine.
Mitigating Factors:
This vulnerability is not exploitable in Web applications that follow generally accepted best practices for secure Web application development by verifying user data input...
(See) Suggested Actions..."

Microsoft SQL Injection Prevention Strategy
- http://isc.sans.org/diary.html?storyid=4621
Last Updated: 2008-06-24 22:17:41 UTC - "...Microsoft recommends three approaches to help mitigate SQL Injection.
1. Runtime scanning...
2. URLScan...
3. Code Scanning..."

(More detail at both URLs above.)

FYI...

Microsoft Security Advisory (954960)
Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates
- http://www.microsoft.com/technet/security/advisory/954960.mspx
June 30, 2008 - "Microsoft is investigating public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft is aware of reports from customers who are experiencing this issue. Upon completing the investigation, Microsoft will take appropriate action to resolve the issue within Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1.

Note: The issue affecting System Center Configuration Manager 2007 first described in Microsoft Security Advisory 954474, where System Center Configuration Manager 2007 systems were blocked from deploying security updates, is separate from the issue described in this advisory.
Mitigating Factors:
• This issue is limited to customers who deploy updates through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1, and have Microsoft Office 2003 installed in their environments..."

- http://preview.tinyurl.com/6xdp79
June 30, 2008 (MSRC blog)

FYI...

Microsoft Security Advisory (955179)
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
- http://www.microsoft.com/TechNet/security/advisory/955179.mspx
July 7, 2008 - "Microsoft is investigating active, targeted attacks leveraging a potential vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. The ActiveX control for the Snapshot Viewer for Microsoft Access enables you to view an Access report snapshot without having the standard or run-time versions of Microsoft Office Access. The vulnerability only affects the ActiveX control for the Snapshot Viewer for Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003. The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007. The ActiveX control is also shipped with the standalone Snapshot Viewer...
Suggested Actions / Workarounds:
Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, this is stated in the entry.
• Prevent COM objects from running in Internet Explorer
You can disable attempts to instantiate a COM object in Internet Explorer by setting the kill bit for the control in the registry..."

(Kill bit listings shown in the advisory at the URL above.)

FYI...

Microsoft Security Advisory (953635)
Vulnerability in Microsoft Word Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/953635.mspx
July 8, 2008 - "Microsoft is investigating new public reports of a possible vulnerability in Microsoft Office Word 2002 Service Pack 3. Our initial investigation indicates that customers who use all other supported versions of Microsoft Office Word, Microsoft Office Word Viewer, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, and Microsoft Office for Mac are not affected. At this time, Microsoft is aware of limited, targeted attacks that attempt to use this vulnerability. While Microsoft Office Word 2000 does not appear vulnerable to this issue, Word 2000 may unexpectedly exit when opening a specially crafted .doc file that the attacker is using in an attempt to exploit the vulnerability.
Microsoft is investigating the public reports and customer impact. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers..."

- http://preview.tinyurl.com/5vec22
July 08, 2008 (blogs.technet.com/msrc)

FYI...

Microsoft Security Advisory (954960)
Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates
- http://www.microsoft.com/technet/security/advisory/954960.mspx
Published: June 30, 2008 | Updated: July 9, 2008 - "Microsoft has completed the investigation into public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft confirmed those reports and has released an update to correct this issue under Microsoft Knowledge Base Article 954960*. Microsoft encourages customers affected by this issue to review and install this update..."
* http://support.microsoft.com/kb/954960
Last Review: July 9, 2008
Revision: 2.0

//

FYI...

Update 2: Microsoft Security Advisory (954960)
- http://blogs.technet.com/msrc/archive/2008/07/10/update-2-microsoft-security-advisory-954960.aspx
July 10, 2008 - "...customers running Windows Server Update Services 3.0 Service Pack 1 on Windows Server 2008 may experience an issue installing the update provided in Microsoft Knowledge Base Article 954960*. The update does not correctly elevate privileges, which are required for the installation to complete. In order to successfully install this update we have identified steps in Advisory 954960**. Additionally, the update does not place an entry in Add or Remove Programs, and cannot be uninstalled. Microsoft has identified the packaging inconsistencies in the current update and is investigating options to resolve them. We will continue to monitor the situation and post updates to the advisory and the MSRC blog as we become aware of any important new information..."
* http://support.microsoft.com/kb/954960
Last Review: July 11, 2008 -?-
Revision: 3.0

** http://www.microsoft.com/technet/security/advisory/954960.mspx
• July 10, 2008: Advisory updated to reflect specific installation and uninstallation procedures for the update for Windows Server Update Services running on Windows Server 2008.

//

FYI...

Microsoft Security Advisory (956187)
Increased Threat for DNS Spoofing Vulnerability
- http://www.microsoft.com/technet/security/advisory/956187.mspx
July 25, 2008 - "Microsoft released Microsoft Security Bulletin MS08-037* on July 8, 2008, offering security updates to protect customers against Windows Domain Name System (DNS) spoofing attacks. Microsoft released this update in coordination with other DNS vendors who were also similarly impacted. Since the coordinated release of these updates, the threat to DNS systems has increased due to a greater public understanding of the attacks, as well as detailed exploit code being published on the Internet... attacks are likely imminent due to the publicly posted proof of concept..."
* http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
Updated: July 25, 2008
Version: 2.2

- http://support.microsoft.com/kb/953230
Last Review: July 25, 2008
Revision: 4.1

- http://securitylabs.websense.com/content/Alerts/3141.aspx
07.25.2008

//