[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CSIRTUK ADVISORY - 3559 - Microsoft - Security Bulletin Minor Revisions



________________________________________________________________________


CSIRTUK ADVISORY - 3559 dated 24.01.08 time 10:58

Centre for the Protection of National Infrastructure (CPNI)

________________________________________________________________________

 Further details about CPNI, including information about our products
can be
 found at www.cpni.gov.uk

 Please note that CSIRTUK RSS Feeds are available from:
 http://www.cpni.gov.uk/rss/advisories.xml
________________________________________________________________________

Title
=====
Microsoft Security Bulletin Minor Revisions

Detail
======
ID: 3559
Date: 24/01/2008

------------------------------------------------------------------------
--------
Title: 3559 - Microsoft Security Bulletin Minor Revisions
Platform level affected:Net Application - Client
Hardware components affected:Intel PC
Specific operating systems components affected: 32-bit Windows
Net-enabled software: Enterprise Application
Other software: Web Browser
Remediation Summary:Update your copy of the software with the download
available from the supplier.
Vendors affected:Microsoft
Applications affected:Internet Explorer, Windows, DirectX
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Virulence: Unknown
Warning Status: Unknown
Potential Damage: Remote execution/modification
Possible Duration: Unknown
Availability of fix: Available
Type of fix: Patch
Source: Microsoft Corporation
Reliability of source: Trusted
Source URL: http://www.microsoft.com/technet/security/
Abstract: Details of some minor revisions to 4 Microsoft Security
Bulletins 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: January 23, 2008
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment. 
Please see the appropriate bulletin for more details.

  * MS07-068 - Critical
  * MS07-057 - Critical

Bulletin Information:
=====================

* MS07-068 - Critical

  - http://www.microsoft.com/technet/security/bulletin/ms07-068.mspx
  - Reason for Revision: Bulletin updated to add an FAQ regarding
    installing the updates for Windows Media Format Runtime 9.5
    on Windows XP Professional x64 Edition.  
  - Originally posted: December 11, 2007
  - Updated: January 23, 2008
  - Bulletin Severity Rating: Critical
  - Version: 1.2
    
* MS07-057 - Critical

  - http://www.microsoft.com/technet/security/bulletin/ms07-057.mspx
  - Reason for Revision: Bulletin revised to address rendering issues.  
  - Originally posted: October 9, 2007
  - Updated: January 23, 2008
  - Bulletin Severity Rating: Critical
  - Version: 1.3
        

Other Information
=================

Recognize and avoid fraudulent e-mail to Microsoft customers:
=============================================================
If you receive an e-mail message that claims to be distributing a
Microsoft security update, it is a hoax that may contain malware or
pointers to malicious Web sites. Microsoft does not distribute security
updates via e-mail.

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign
all security notifications. However, it is not required to read security
notifications, security bulletins, security advisories, or install
security updates. You can obtain the MSRC public PGP key at
https://www.microsoft.com/technet/security/bulletin/pgp.mspx.

To receive automatic notifications whenever Microsoft Security Bulletins
and Microsoft Security Advisories are issued or revised, subscribe to
Microsoft Technical Security Notifications on
http://www.microsoft.com/technet/security/bulletin/notify.mspx.


********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBR5fhnFKuubOIpnsTAQKICw//fxxGIACycdHmZdPlMAgZh8LvBParbq0z
IyZiYnUAOCnsfwxx15QPIpaUCqqkzmlp9gIWJfJRr2x2jsrFrrXEaPaufLxuDLv/
Xpdr7GG2xrXuFEtxHFhaAHxoieaezmXtbsNuOaSurvx3ZoP/RUpk4lvbCX0GNhmf
gTW5IyHwPw25eNl6yieBKJ7EsTgsrbtu/rKVNBl6EuRY9OfqvKLTVF/acKr0dypF
qNeebZlZ8R8Ddt0pSdscYhB8xfLrLBldrDWIEJplVKicGxNZn64sxqs5YmUlttz5
7xLjgyJnZkMPQQFi9pAuxtycLV9Sng0ZTQ5eeAEYgj34E4IhqlkOFfjGMRCyIwE4
oTs0NLcJMcsFbL4bzJyLKpLFGcBbKWHD3uAu8Z3XX7AXm3E2enUvd6DEXuh5ag6E
BZRKg9QeIvpA63KfE+4b085r5ptInrF11XlB6QJsBcfMNTz46fe9KVOdCstj5cMT
zi00w9Ma6BCSobRHEoXz1ALbIj298dQuMOvfhmIpcXSmhE776plBjt0Pakg1dePQ
KaW+d+nsx1juSrui935UGMg1Lij29banIgoLVzOjbqBl8C1K8lfc4Alvc29cK1vg
z3hN2krpqcTXmNP/Zc86NC6ITjRE0URxh3sW7+DiOy/gV6u9QLe6U3PBoLc7mDOC
4qR2+O0If6s=
=Z2Tr
-----END PGP SIGNATURE-----

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: January 23, 2008
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment. 
Please see the appropriate bulletin for more details.

  * MS08-001 - Critical
  * MS07-064 - Critical

Bulletin Information:
=====================

* MS08-001 - Critical

 - http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx
 - Reason for Revision: Bulletin updated to add Windows Small
    Business Server 2003 Service Pack 2 as an affected product.
    Also added an FAQ to clarify that current Microsoft detection
    and deployment tools already correctly offer the update to
    Windows Small Business Server 2003 Service Pack 2 customers.  
 - Originally posted: January 8, 2008
 - Updated: January 23, 2008
 - Bulletin Severity Rating: Critical
 - Version: 2.0
    
* MS07-064 - Critical

 - http://www.microsoft.com/technet/security/bulletin/ms07-064.mspx
 - Reason for Revision: Bulletin updated to reflect that DirectX 9.0
    and 9.0b are also included in this update.  
 - Originally posted: December 11, 2007
 - Updated: January 23, 2008
 - Bulletin Severity Rating: Critical
 - Version: 2.0
        

Other Information
=================

Recognize and avoid fraudulent e-mail to Microsoft customers:
=============================================================
If you receive an e-mail message that claims to be distributing a
Microsoft security update, it is a hoax that may contain malware or
pointers to malicious Web sites. Microsoft does not distribute security
updates via e-mail.

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign
all security notifications. However, it is not required to read security
notifications, security bulletins, security advisories, or install
security updates. You can obtain the MSRC public PGP key at
https://www.microsoft.com/technet/security/bulletin/pgp.mspx.

To receive automatic notifications whenever Microsoft Security Bulletins
and Microsoft Security Advisories are issued or revised, subscribe to
Microsoft Technical Security Notifications on
http://www.microsoft.com/technet/security/bulletin/notify.mspx.


********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBR5fhY1KuubOIpnsTAQK2gw//VnoZIjBV8Sx0pVlvW6M1GLLa2sQu9ECb
cC7Ax7ULYzlxsSH1ZknRRbXOLmCOzZ/9g66RAR2IvXcQClmTE5xfZfbmWrOBh/xW
XZtaWqJP3MGXt06l6T0gKnJybIhM7WprO1LFF3ijm+T1dj9Xtun6ZPSoJ7H1i4G9
XEjMkM0cn9BOWge01mX867FVgJVNIwaYLrpqXzDam5NEJq3iqXzpkHb4mmAEXEW8
X4Mml6d8mKHnQtLjoo0bSmEAVL9VK5zV/Y9DyalIIv44T/bK3kAkegfm7NLrGYG/
8nnuGhzrDODS7LS1sNw2hx8A0F3SpMefpIRaE7HeBk75ZWojSgvBvVjglzQu7H4e
St1fJnBoTZSXDHnurCdT5CXMhxYA+3Jft1kcm7x1enXiEry+BmeT/h2RZqSG0EvH
Ri+BY/+FGOcDn4BXuEBaSePHRW6lEuHs6yVFtf27M32v6UHwbWxy5PaV390LVPTo
KeKTiaxeHyryT/PJPUwmIagnVtLT+rFXZ05n5HcAcroFYgwF9fOq5BD0rvndUVmu
AW0b7VNNZ2Mu5GsjnLbU0gQaX57MRpHvU32/JJ84zuBqThuMD7bAwTEO+va/UVoZ
WnL/IeKM1wKD0YhJMiOrWd6QDXvA2CddR3VXsjoyThPV/ZJ7E19uJRBcR9BFbSMM
tWAreRHfmt8=
=rLoC
-----END PGP SIGNATURE-----

________________________________________________________________________

CPNI values your feedback.

1. Which of the following most reflects the value of the advisory to
you?
(Place an 'X' next to your choice)

Very useful:__ Useful:__ Not useful:__

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our advisories?


Thank you for your contribution.

________________________________________________________________________

CSIRTUK wishes to acknowledge the contributions of Microsoft for the
information
contained in this advisory.
________________________________________________________________________

This advisory contains information released by the original author. Some
of the
information may have changed since it was released. If the issue affects
you,
it may be prudent to retrieve the advisory from the site of the original
source to ensure that you receive the most current information
concerning that
problem.

Reference to any specific commercial product, process, or service by
trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its
endorsement, recommendation, or favouring by CPNI. The views and
opinions of
authors expressed within this notice shall not be used for advertising
or
product endorsement purposes.

CPNI shall not accept responsibility for any errors or omissions
contained
within this advisory. In particular, they shall not be liable for any
loss or
damage whatsoever, arising from or in connection with the usage of
information
contained within this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams
(FIRST)
and has contacts with other international Incident Response Teams (IRTs)
in
order to foster cooperation and coordination in incident prevention, to
prompt
rapid reaction to incidents, and to promote information sharing amongst
its
members and the community at large.
________________________________________________________________________

<End of CPNI Advisory>


The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless in partnership with MessageLabs. (CCTM Certificate Number 2007/11/0032.) On leaving the GSi this email was certified virus free.
Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.