Microsoft Security Bulletins for December 2007

  • Thread starter Thread starter Donna Buenaventura
  • Start date Start date
D

Donna Buenaventura

Microsoft Security Bulletins for December 2007

Microsoft released today the following security bulletins. Note: There may
be latency issues due to replication, if the page does not display keep
refreshing

Critical:
MS07-064 - Vulnerabilities in DirectX Could Allow Remote Code Execution
(941568)
http://www.microsoft.com/technet/security/bulletin/MS07-064.mspx
MS07-068 - Vulnerabilities in DirectX Could Allow Remote Code Execution
(941568)
http://www.microsoft.com/technet/security/bulletin/MS07-068.mspx
MS07-069 - Cumulative Security Update for Internet Explorer (942615)
http://www.microsoft.com/technet/security/bulletin/MS07-069.mspx

Important:

MS07-063 - Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)
http://www.microsoft.com/technet/security/bulletin/MS07-063.mspx
MS07-065 - Vulnerability in Message Queuing Could Allow Remote Code
Execution (937894)
http://www.microsoft.com/technet/security/bulletin/MS07-065.mspx
MS07-066 - Vulnerability in Windows Kernel Could Allow Elevation of
Privilege (943078)
http://www.microsoft.com/technet/security/bulletin/MS07-066.mspx
MS07-067 - Vulnerability in Macrovision Driver Could Allow Local Elevation
of Privilege (944653)
http://www.microsoft.com/technet/security/bulletin/MS07-067.mspx

Non-Security, High-Priority Updates on MU, WU, and WSUS

Microsoft has released four non-security, high-priority updates and 2007
Microsoft Office Service Pack 1 on Microsoft Update (MU) and Windows Server
Update Services (WSUS).

Microsoft has released four non-security, high-priority updates for Windows
and Windows SharePoint Services 3.0 Service Pack 1 on Windows Update (WU)
and WSUS.

References:
December 2007 Security Bulletins Summary:
http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx
Security Bulletin for end-users:
http://www.microsoft.com/protect/computer/updates/bulletins/200712.mspx
MSRC Blog: http://blogs.technet.com/msrc/default.aspx

Support:
Call 1-866-PCSAFETY. There is no charge for support calls that are
associated with security updates. International users should go to
http://support.microsoft.com/common/international.aspx

Security Bulletin Webcast:
Microsoft will host a Webcast tomorrow. The webcast focuses on addressing
your questions and concerns about the security bulletins. Therefore, most of
the live webcast is aimed at giving you the opportunity to ask questions and
get answers from their security experts:
http://msevents.microsoft.com/CUI/W...&EventCategory=4&culture=en-US&CountryCode=US

Update sources:
Microsoft NEVER send security updates via e-mail. As always, download the
updates only from the vendors' website - visit Windows Update and Office
Update or Microsoft Update. You may also get the updates thru Automatic
Updates functionality in Windows.
Security updates are available on ISO-9660 DVD5 image files from the
Microsoft Download Center. For more information, please see
http://support.microsoft.com/kb/913086
Note: Don't be a victim of spoofed emails. Read "How to tell whether a
security e-mail message is really from Microsoft" at
http://www.microsoft.com/athome/security/email/ms_genuine_mail.mspx

Recommendations:
Microsoft advises customers to install the latest product releases, security
updates, and service packs to remain as secure as possible. Older products,
such as Microsoft Windows NT 4.0, may not meet today's more demanding
security requirements. It may not be possible for Microsoft to provide
security updates for older products. More info at Microsoft Support
Lifecycle website: http://support.microsoft.com/lifecycle/

Tool:
Check your system for missing or misconfigured patches using Microsoft
Baseline Security Analyzer (MBSA) -
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
For 3rd Party tools in scanning your computer for missing updates, hotfixes
or out-dated version, please see the list at
http://www.dozleng.com/updates/index.php?showtopic=13587

Regards,
Donna Buenaventura
Windows Security MVP
 
Known issues as per Microsoft:

Microsoft Security Bulletin MS07-064: Microsoft Knowledge Base Article
941568 documents the currently known issues that customers may experience
when they install this security update. The article also documents
recommended solutions for these issues.
http://support.microsoft.com/kb/941568

Microsoft Security Bulletin MS07-069 - Microsoft Knowledge Base Article
942615 documents the currently known issues that customers may experience
when they install this security update. The article also documents
recommended solutions for these issues.
http://support.microsoft.com/kb/942615

NOTE: If pages of KB article is not available, please try later.

"Donna Buenaventura" <dbuenaventura@mvps.org> wrote in message
news:E3E51AED-8758-4393-94A8-596FF7110ED7@microsoft.com...
> Microsoft Security Bulletins for December 2007
>
> Microsoft released today the following security bulletins. Note: There may
> be latency issues due to replication, if the page does not display keep
> refreshing
>
> Critical:
> MS07-064 - Vulnerabilities in DirectX Could Allow Remote Code Execution
> (941568)
> http://www.microsoft.com/technet/security/bulletin/MS07-064.mspx
> MS07-068 - Vulnerabilities in DirectX Could Allow Remote Code Execution
> (941568)
> http://www.microsoft.com/technet/security/bulletin/MS07-068.mspx
> MS07-069 - Cumulative Security Update for Internet Explorer (942615)
> http://www.microsoft.com/technet/security/bulletin/MS07-069.mspx
>
> Important:
>
> MS07-063 - Vulnerability in SMBv2 Could Allow Remote Code Execution
> (942624)
> http://www.microsoft.com/technet/security/bulletin/MS07-063.mspx
> MS07-065 - Vulnerability in Message Queuing Could Allow Remote Code
> Execution (937894)
> http://www.microsoft.com/technet/security/bulletin/MS07-065.mspx
> MS07-066 - Vulnerability in Windows Kernel Could Allow Elevation of
> Privilege (943078)
> http://www.microsoft.com/technet/security/bulletin/MS07-066.mspx
> MS07-067 - Vulnerability in Macrovision Driver Could Allow Local Elevation
> of Privilege (944653)
> http://www.microsoft.com/technet/security/bulletin/MS07-067.mspx
>
> Non-Security, High-Priority Updates on MU, WU, and WSUS
>
> Microsoft has released four non-security, high-priority updates and 2007
> Microsoft Office Service Pack 1 on Microsoft Update (MU) and Windows
> Server Update Services (WSUS).
>
> Microsoft has released four non-security, high-priority updates for
> Windows and Windows SharePoint Services 3.0 Service Pack 1 on Windows
> Update (WU) and WSUS.
>
> References:
> December 2007 Security Bulletins Summary:
> http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx
> Security Bulletin for end-users:
> http://www.microsoft.com/protect/computer/updates/bulletins/200712.mspx
> MSRC Blog: http://blogs.technet.com/msrc/default.aspx
>
> Support:
> Call 1-866-PCSAFETY. There is no charge for support calls that are
> associated with security updates. International users should go to
> http://support.microsoft.com/common/international.aspx
>
> Security Bulletin Webcast:
> Microsoft will host a Webcast tomorrow. The webcast focuses on addressing
> your questions and concerns about the security bulletins. Therefore, most
> of the live webcast is aimed at giving you the opportunity to ask
> questions and get answers from their security experts:
> http://msevents.microsoft.com/CUI/W...&EventCategory=4&culture=en-US&CountryCode=US
>
> Update sources:
> Microsoft NEVER send security updates via e-mail. As always, download the
> updates only from the vendors' website - visit Windows Update and Office
> Update or Microsoft Update. You may also get the updates thru Automatic
> Updates functionality in Windows.
> Security updates are available on ISO-9660 DVD5 image files from the
> Microsoft Download Center. For more information, please see
> http://support.microsoft.com/kb/913086
> Note: Don't be a victim of spoofed emails. Read "How to tell whether a
> security e-mail message is really from Microsoft" at
> http://www.microsoft.com/athome/security/email/ms_genuine_mail.mspx
>
> Recommendations:
> Microsoft advises customers to install the latest product releases,
> security updates, and service packs to remain as secure as possible. Older
> products, such as Microsoft Windows NT 4.0, may not meet today's more
> demanding security requirements. It may not be possible for Microsoft to
> provide security updates for older products. More info at Microsoft
> Support Lifecycle website: http://support.microsoft.com/lifecycle/
>
> Tool:
> Check your system for missing or misconfigured patches using Microsoft
> Baseline Security Analyzer (MBSA) -
> http://www.microsoft.com/technet/security/tools/mbsahome.mspx
> For 3rd Party tools in scanning your computer for missing updates,
> hotfixes or out-dated version, please see the list at
> http://www.dozleng.com/updates/index.php?showtopic=13587
>
> Regards,
> Donna Buenaventura
> Windows Security MVP
 
Donna: I see nothing on those pages regarding known issues.

"Donna Buenaventura" <dbuenaventura@mvps.org> wrote in message
news:70E23C41-42A0-4D9C-9E9F-93B387947F08@microsoft.com...
: Known issues as per Microsoft:
:
: Microsoft Security Bulletin MS07-064: Microsoft Knowledge Base Article
: 941568 documents the currently known issues that customers may experience
: when they install this security update. The article also documents
: recommended solutions for these issues.
: http://support.microsoft.com/kb/941568
:
: Microsoft Security Bulletin MS07-069 - Microsoft Knowledge Base Article
: 942615 documents the currently known issues that customers may experience
: when they install this security update. The article also documents
: recommended solutions for these issues.
: http://support.microsoft.com/kb/942615
:
: NOTE: If pages of KB article is not available, please try later.
:
: "Donna Buenaventura" <dbuenaventura@mvps.org> wrote in message
: news:E3E51AED-8758-4393-94A8-596FF7110ED7@microsoft.com...
: > Microsoft Security Bulletins for December 2007
: >
: > Microsoft released today the following security bulletins. Note: There
may
: > be latency issues due to replication, if the page does not display keep
: > refreshing
: >
: > Critical:
: > MS07-064 - Vulnerabilities in DirectX Could Allow Remote Code Execution
: > (941568)
: > http://www.microsoft.com/technet/security/bulletin/MS07-064.mspx
: > MS07-068 - Vulnerabilities in DirectX Could Allow Remote Code Execution
: > (941568)
: > http://www.microsoft.com/technet/security/bulletin/MS07-068.mspx
: > MS07-069 - Cumulative Security Update for Internet Explorer (942615)
: > http://www.microsoft.com/technet/security/bulletin/MS07-069.mspx
: >
: > Important:
: >
: > MS07-063 - Vulnerability in SMBv2 Could Allow Remote Code Execution
: > (942624)
: > http://www.microsoft.com/technet/security/bulletin/MS07-063.mspx
: > MS07-065 - Vulnerability in Message Queuing Could Allow Remote Code
: > Execution (937894)
: > http://www.microsoft.com/technet/security/bulletin/MS07-065.mspx
: > MS07-066 - Vulnerability in Windows Kernel Could Allow Elevation of
: > Privilege (943078)
: > http://www.microsoft.com/technet/security/bulletin/MS07-066.mspx
: > MS07-067 - Vulnerability in Macrovision Driver Could Allow Local
Elevation
: > of Privilege (944653)
: > http://www.microsoft.com/technet/security/bulletin/MS07-067.mspx
: >
: > Non-Security, High-Priority Updates on MU, WU, and WSUS
: >
: > Microsoft has released four non-security, high-priority updates and 2007
: > Microsoft Office Service Pack 1 on Microsoft Update (MU) and Windows
: > Server Update Services (WSUS).
: >
: > Microsoft has released four non-security, high-priority updates for
: > Windows and Windows SharePoint Services 3.0 Service Pack 1 on Windows
: > Update (WU) and WSUS.
: >
: > References:
: > December 2007 Security Bulletins Summary:
: > http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx
: > Security Bulletin for end-users:
: > http://www.microsoft.com/protect/computer/updates/bulletins/200712.mspx
: > MSRC Blog: http://blogs.technet.com/msrc/default.aspx
: >
: > Support:
: > Call 1-866-PCSAFETY. There is no charge for support calls that are
: > associated with security updates. International users should go to
: > http://support.microsoft.com/common/international.aspx
: >
: > Security Bulletin Webcast:
: > Microsoft will host a Webcast tomorrow. The webcast focuses on
addressing
: > your questions and concerns about the security bulletins. Therefore,
most
: > of the live webcast is aimed at giving you the opportunity to ask
: > questions and get answers from their security experts:
: >
http://msevents.microsoft.com/CUI/W...&EventCategory=4&culture=en-US&CountryCode=US
: >
: > Update sources:
: > Microsoft NEVER send security updates via e-mail. As always, download
the
: > updates only from the vendors' website - visit Windows Update and Office
: > Update or Microsoft Update. You may also get the updates thru Automatic
: > Updates functionality in Windows.
: > Security updates are available on ISO-9660 DVD5 image files from the
: > Microsoft Download Center. For more information, please see
: > http://support.microsoft.com/kb/913086
: > Note: Don't be a victim of spoofed emails. Read "How to tell whether a
: > security e-mail message is really from Microsoft" at
: > http://www.microsoft.com/athome/security/email/ms_genuine_mail.mspx
: >
: > Recommendations:
: > Microsoft advises customers to install the latest product releases,
: > security updates, and service packs to remain as secure as possible.
Older
: > products, such as Microsoft Windows NT 4.0, may not meet today's more
: > demanding security requirements. It may not be possible for Microsoft to
: > provide security updates for older products. More info at Microsoft
: > Support Lifecycle website: http://support.microsoft.com/lifecycle/
: >
: > Tool:
: > Check your system for missing or misconfigured patches using Microsoft
: > Baseline Security Analyzer (MBSA) -
: > http://www.microsoft.com/technet/security/tools/mbsahome.mspx
: > For 3rd Party tools in scanning your computer for missing updates,
: > hotfixes or out-dated version, please see the list at
: > http://www.dozleng.com/updates/index.php?showtopic=13587
: >
: > Regards,
: > Donna Buenaventura
: > Windows Security MVP
:
 
You will Tom, you will. There's just nothing to show at the mowment.


MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============



Tom [Pepper] Willett wrote:

> Donna: I see nothing on those pages regarding known issues.
>
> "Donna Buenaventura" <dbuenaventura@mvps.org> wrote in message
> news:70E23C41-42A0-4D9C-9E9F-93B387947F08@microsoft.com...
> : Known issues as per Microsoft:
> :
> : Microsoft Security Bulletin MS07-064: Microsoft Knowledge Base Article
> : 941568 documents the currently known issues that customers may experience
> : when they install this security update. The article also documents
> : recommended solutions for these issues.
> : http://support.microsoft.com/kb/941568
> :
> : Microsoft Security Bulletin MS07-069 - Microsoft Knowledge Base Article
> : 942615 documents the currently known issues that customers may experience
> : when they install this security update. The article also documents
> : recommended solutions for these issues.
> : http://support.microsoft.com/kb/942615
> :
> : NOTE: If pages of KB article is not available, please try later.
> :
 
Okay. Thanks, Steve.

Tom
"MowGreen [MVP]" <mowgreen@nowandzen.com> wrote in message
news:ulapCLDPIHA.4712@TK2MSFTNGP04.phx.gbl...
: You will Tom, you will. There's just nothing to show at the mowment.
:
:
: MowGreen [MVP 2003-2008]
: ===============
: *-343-* FDNY
: Never Forgotten
: ===============
:
:
:
: Tom [Pepper] Willett wrote:
:
: > Donna: I see nothing on those pages regarding known issues.
: >
: > "Donna Buenaventura" <dbuenaventura@mvps.org> wrote in message
: > news:70E23C41-42A0-4D9C-9E9F-93B387947F08@microsoft.com...
: > : Known issues as per Microsoft:
: > :
: > : Microsoft Security Bulletin MS07-064: Microsoft Knowledge Base Article
: > : 941568 documents the currently known issues that customers may
experience
: > : when they install this security update. The article also documents
: > : recommended solutions for these issues.
: > : http://support.microsoft.com/kb/941568
: > :
: > : Microsoft Security Bulletin MS07-069 - Microsoft Knowledge Base
Article
: > : 942615 documents the currently known issues that customers may
experience
: > : when they install this security update. The article also documents
: > : recommended solutions for these issues.
: > : http://support.microsoft.com/kb/942615
: > :
: > : NOTE: If pages of KB article is not available, please try later.
: > :
 
More: http://aumha.net/viewtopic.php?t=30454 &ff
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin http://aumha.net
DTS-L.ORG http://66.39.69.143/

Donna Buenaventura wrote:
> Microsoft Security Bulletins for December 2007
>
> Microsoft released today the following security bulletins. Note: There may
> be latency issues due to replication, if the page does not display keep
> refreshing
>
> Critical:
> MS07-064 - Vulnerabilities in DirectX Could Allow Remote Code Execution
> (941568)
> http://www.microsoft.com/technet/security/bulletin/MS07-064.mspx
> MS07-068 - Vulnerabilities in DirectX Could Allow Remote Code Execution
> (941568)
> http://www.microsoft.com/technet/security/bulletin/MS07-068.mspx
> MS07-069 - Cumulative Security Update for Internet Explorer (942615)
> http://www.microsoft.com/technet/security/bulletin/MS07-069.mspx
>
> Important:
>
> MS07-063 - Vulnerability in SMBv2 Could Allow Remote Code Execution
> (942624)
> http://www.microsoft.com/technet/security/bulletin/MS07-063.mspx
> MS07-065 - Vulnerability in Message Queuing Could Allow Remote Code
> Execution (937894)
> http://www.microsoft.com/technet/security/bulletin/MS07-065.mspx
> MS07-066 - Vulnerability in Windows Kernel Could Allow Elevation of
> Privilege (943078)
> http://www.microsoft.com/technet/security/bulletin/MS07-066.mspx
> MS07-067 - Vulnerability in Macrovision Driver Could Allow Local Elevation
> of Privilege (944653)
> http://www.microsoft.com/technet/security/bulletin/MS07-067.mspx
>
> Non-Security, High-Priority Updates on MU, WU, and WSUS
>
> Microsoft has released four non-security, high-priority updates and 2007
> Microsoft Office Service Pack 1 on Microsoft Update (MU) and Windows
> Server
> Update Services (WSUS).
>
> Microsoft has released four non-security, high-priority updates for
> Windows
> and Windows SharePoint Services 3.0 Service Pack 1 on Windows Update (WU)
> and WSUS.
>
> References:
> December 2007 Security Bulletins Summary:
> http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx
> Security Bulletin for end-users:
> http://www.microsoft.com/protect/computer/updates/bulletins/200712.mspx
> MSRC Blog: http://blogs.technet.com/msrc/default.aspx
>
> Support:
> Call 1-866-PCSAFETY. There is no charge for support calls that are
> associated with security updates. International users should go to
> http://support.microsoft.com/common/international.aspx
>
> Security Bulletin Webcast:
> Microsoft will host a Webcast tomorrow. The webcast focuses on addressing
> your questions and concerns about the security bulletins. Therefore, most
> of
> the live webcast is aimed at giving you the opportunity to ask questions
> and
> get answers from their security experts:
> http://msevents.microsoft.com/CUI/W...&EventCategory=4&culture=en-US&CountryCode=US
>
> Update sources:
> Microsoft NEVER send security updates via e-mail. As always, download the
> updates only from the vendors' website - visit Windows Update and Office
> Update or Microsoft Update. You may also get the updates thru Automatic
> Updates functionality in Windows.
> Security updates are available on ISO-9660 DVD5 image files from the
> Microsoft Download Center. For more information, please see
> http://support.microsoft.com/kb/913086
> Note: Don't be a victim of spoofed emails. Read "How to tell whether a
> security e-mail message is really from Microsoft" at
> http://www.microsoft.com/athome/security/email/ms_genuine_mail.mspx
>
> Recommendations:
> Microsoft advises customers to install the latest product releases,
> security
> updates, and service packs to remain as secure as possible. Older
> products,
> such as Microsoft Windows NT 4.0, may not meet today's more demanding
> security requirements. It may not be possible for Microsoft to provide
> security updates for older products. More info at Microsoft Support
> Lifecycle website: http://support.microsoft.com/lifecycle/
>
> Tool:
> Check your system for missing or misconfigured patches using Microsoft
> Baseline Security Analyzer (MBSA) -
> http://www.microsoft.com/technet/security/tools/mbsahome.mspx
> For 3rd Party tools in scanning your computer for missing updates,
> hotfixes
> or out-dated version, please see the list at
> http://www.dozleng.com/updates/index.php?showtopic=13587
>
> Regards,
> Donna Buenaventura
> Windows Security MVP
 
Robear, you may wish to add the links to the article re Office 2007 -

http://support.microsoft.com/Default.aspx?kbid=936982
and/or
http://www.microsoft.com/downloads/...94-992C-4165-A997-25DA01F388F5&displaylang=en

Kaylene

"PA Bear" wrote:

> More: http://aumha.net/viewtopic.php?t=30454 &ff
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE, OE, Security, Shell/User)
> AumHa VSOP & Admin http://aumha.net
> DTS-L.ORG http://66.39.69.143/
>
> Donna Buenaventura wrote:
> > Microsoft Security Bulletins for December 2007
> >
> > Microsoft released today the following security bulletins. Note: There may
> > be latency issues due to replication, if the page does not display keep
> > refreshing
> >
> > Critical:
> > MS07-064 - Vulnerabilities in DirectX Could Allow Remote Code Execution
> > (941568)
> > http://www.microsoft.com/technet/security/bulletin/MS07-064.mspx
> > MS07-068 - Vulnerabilities in DirectX Could Allow Remote Code Execution
> > (941568)
> > http://www.microsoft.com/technet/security/bulletin/MS07-068.mspx
> > MS07-069 - Cumulative Security Update for Internet Explorer (942615)
> > http://www.microsoft.com/technet/security/bulletin/MS07-069.mspx
> >
> > Important:
> >
> > MS07-063 - Vulnerability in SMBv2 Could Allow Remote Code Execution
> > (942624)
> > http://www.microsoft.com/technet/security/bulletin/MS07-063.mspx
> > MS07-065 - Vulnerability in Message Queuing Could Allow Remote Code
> > Execution (937894)
> > http://www.microsoft.com/technet/security/bulletin/MS07-065.mspx
> > MS07-066 - Vulnerability in Windows Kernel Could Allow Elevation of
> > Privilege (943078)
> > http://www.microsoft.com/technet/security/bulletin/MS07-066.mspx
> > MS07-067 - Vulnerability in Macrovision Driver Could Allow Local Elevation
> > of Privilege (944653)
> > http://www.microsoft.com/technet/security/bulletin/MS07-067.mspx
> >
> > Non-Security, High-Priority Updates on MU, WU, and WSUS
> >
> > Microsoft has released four non-security, high-priority updates and 2007
> > Microsoft Office Service Pack 1 on Microsoft Update (MU) and Windows
> > Server
> > Update Services (WSUS).
> >
> > Microsoft has released four non-security, high-priority updates for
> > Windows
> > and Windows SharePoint Services 3.0 Service Pack 1 on Windows Update (WU)
> > and WSUS.
> >
> > References:
> > December 2007 Security Bulletins Summary:
> > http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx
> > Security Bulletin for end-users:
> > http://www.microsoft.com/protect/computer/updates/bulletins/200712.mspx
> > MSRC Blog: http://blogs.technet.com/msrc/default.aspx
> >
> > Support:
> > Call 1-866-PCSAFETY. There is no charge for support calls that are
> > associated with security updates. International users should go to
> > http://support.microsoft.com/common/international.aspx
> >
> > Security Bulletin Webcast:
> > Microsoft will host a Webcast tomorrow. The webcast focuses on addressing
> > your questions and concerns about the security bulletins. Therefore, most
> > of
> > the live webcast is aimed at giving you the opportunity to ask questions
> > and
> > get answers from their security experts:
> > http://msevents.microsoft.com/CUI/W...&EventCategory=4&culture=en-US&CountryCode=US
> >
> > Update sources:
> > Microsoft NEVER send security updates via e-mail. As always, download the
> > updates only from the vendors' website - visit Windows Update and Office
> > Update or Microsoft Update. You may also get the updates thru Automatic
> > Updates functionality in Windows.
> > Security updates are available on ISO-9660 DVD5 image files from the
> > Microsoft Download Center. For more information, please see
> > http://support.microsoft.com/kb/913086
> > Note: Don't be a victim of spoofed emails. Read "How to tell whether a
> > security e-mail message is really from Microsoft" at
> > http://www.microsoft.com/athome/security/email/ms_genuine_mail.mspx
> >
> > Recommendations:
> > Microsoft advises customers to install the latest product releases,
> > security
> > updates, and service packs to remain as secure as possible. Older
> > products,
> > such as Microsoft Windows NT 4.0, may not meet today's more demanding
> > security requirements. It may not be possible for Microsoft to provide
> > security updates for older products. More info at Microsoft Support
> > Lifecycle website: http://support.microsoft.com/lifecycle/
> >
> > Tool:
> > Check your system for missing or misconfigured patches using Microsoft
> > Baseline Security Analyzer (MBSA) -
> > http://www.microsoft.com/technet/security/tools/mbsahome.mspx
> > For 3rd Party tools in scanning your computer for missing updates,
> > hotfixes
> > or out-dated version, please see the list at
> > http://www.dozleng.com/updates/index.php?showtopic=13587
> >
> > Regards,
> > Donna Buenaventura
> > Windows Security MVP
>
>
 
Donna Buenaventura added these comments in the current
discussion du jour ...

> Microsoft Security Bulletins for December 2007
>
> Microsoft released today the following security bulletins.
> Note: There may be latency issues due to replication, if the
> page does not display keep refreshing
>
> Critical:
> MS07-064 - Vulnerabilities in DirectX Could Allow Remote Code
> Execution (941568)
> http://www.microsoft.com/technet/security/bulletin/MS07-064.msp
> x MS07-068 - Vulnerabilities in DirectX Could Allow Remote
> Code Execution (941568)
> http://www.microsoft.com/technet/security/bulletin/MS07-068.msp
> x MS07-069 - Cumulative Security Update for Internet Explorer
> (942615)
> http://www.microsoft.com/technet/security/bulletin/MS07-069.msp
> x
>
> Important:
>
> MS07-063 - Vulnerability in SMBv2 Could Allow Remote Code
> Execution (942624)
> http://www.microsoft.com/technet/security/bulletin/MS07-063.msp
> x MS07-065 - Vulnerability in Message Queuing Could Allow
> Remote Code Execution (937894)
> http://www.microsoft.com/technet/security/bulletin/MS07-065.msp
> x MS07-066 - Vulnerability in Windows Kernel Could Allow
> Elevation of Privilege (943078)
> http://www.microsoft.com/technet/security/bulletin/MS07-066.msp
> x MS07-067 - Vulnerability in Macrovision Driver Could Allow
> Local Elevation of Privilege (944653)
> http://www.microsoft.com/technet/security/bulletin/MS07-067.msp
> x
>
> Non-Security, High-Priority Updates on MU, WU, and WSUS
>
> Microsoft has released four non-security, high-priority
> updates and 2007 Microsoft Office Service Pack 1 on Microsoft
> Update (MU) and Windows Server Update Services (WSUS).
>
> Microsoft has released four non-security, high-priority
> updates for Windows and Windows SharePoint Services 3.0
> Service Pack 1 on Windows Update (WU) and WSUS.
>
> References:
> December 2007 Security Bulletins Summary:
> http://www.microsoft.com/technet/security/bulletin/ms07-dec.msp
> x Security Bulletin for end-users:
> http://www.microsoft.com/protect/computer/updates/bulletins/200
> 712.mspx MSRC Blog: http://blogs.technet.com/msrc/default.aspx
>
> Support:
> Call 1-866-PCSAFETY. There is no charge for support calls that
> are associated with security updates. International users
> should go to
> http://support.microsoft.com/common/international.aspx
>
> Security Bulletin Webcast:
> Microsoft will host a Webcast tomorrow. The webcast focuses on
> addressing your questions and concerns about the security
> bulletins. Therefore, most of the live webcast is aimed at
> giving you the opportunity to ask questions and get answers
> from their security experts:
> http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?Even
> tID=1032344696&EventCategory=4&culture=en-US&CountryCode=US
>
> Update sources:
> Microsoft NEVER send security updates via e-mail. As always,
> download the updates only from the vendors' website - visit
> Windows Update and Office Update or Microsoft Update. You may
> also get the updates thru Automatic Updates functionality in
> Windows. Security updates are available on ISO-9660 DVD5 image
> files from the Microsoft Download Center. For more
> information, please see http://support.microsoft.com/kb/913086
> Note: Don't be a victim of spoofed emails. Read "How to tell
> whether a security e-mail message is really from Microsoft" at
> http://www.microsoft.com/athome/security/email/ms_genuine_mail.
> mspx
>
> Recommendations:
> Microsoft advises customers to install the latest product
> releases, security updates, and service packs to remain as
> secure as possible. Older products, such as Microsoft Windows
> NT 4.0, may not meet today's more demanding security
> requirements. It may not be possible for Microsoft to provide
> security updates for older products. More info at Microsoft
> Support Lifecycle website:
> http://support.microsoft.com/lifecycle/
>
> Tool:
> Check your system for missing or misconfigured patches using
> Microsoft Baseline Security Analyzer (MBSA) -
> http://www.microsoft.com/technet/security/tools/mbsahome.mspx
> For 3rd Party tools in scanning your computer for missing
> updates, hotfixes or out-dated version, please see the list at
> http://www.dozleng.com/updates/index.php?showtopic=13587
>
> Regards,
> Donna Buenaventura
> Windows Security MVP
>
Donna, what is your level of confidence on these updates? i.e.,
are they going to work for the vast majority of people or be
problematic for at least some percentage? I ask because I never
do the updates they day they are released by MS, preferring to
lurk for awhile in this and other MS peer-to-peer help NGs to see
what issues others may be having.

And, how does any customer or group of customers figure out if
the particular vulnerability even applies to them? If not, seems
like risking a problem for a fix that isn't needed.

Thanks.

--
HP, aka Jerry

"Never complain, never explain" - Henry Ford II
 
Non-issues as far as I am concerned. I rely on Microsoft Update to
present only those updates that my computer needs and I image my system
partition before installing. If any problems occur (which has not
happened to me in years) I would just restore my image and watch the
newsgroups for advice.

---
Leonard Grey
Errare humanum est

HEMI-Powered wrote:
> Donna Buenaventura added these comments in the current
> discussion du jour ...
>
>> Microsoft Security Bulletins for December 2007
>>
>> Microsoft released today the following security bulletins.
>> Note: There may be latency issues due to replication, if the
>> page does not display keep refreshing
>>
>> Critical:
>> MS07-064 - Vulnerabilities in DirectX Could Allow Remote Code
>> Execution (941568)
>> http://www.microsoft.com/technet/security/bulletin/MS07-064.msp
>> x MS07-068 - Vulnerabilities in DirectX Could Allow Remote
>> Code Execution (941568)
>> http://www.microsoft.com/technet/security/bulletin/MS07-068.msp
>> x MS07-069 - Cumulative Security Update for Internet Explorer
>> (942615)
>> http://www.microsoft.com/technet/security/bulletin/MS07-069.msp
>> x
>>
>> Important:
>>
>> MS07-063 - Vulnerability in SMBv2 Could Allow Remote Code
>> Execution (942624)
>> http://www.microsoft.com/technet/security/bulletin/MS07-063.msp
>> x MS07-065 - Vulnerability in Message Queuing Could Allow
>> Remote Code Execution (937894)
>> http://www.microsoft.com/technet/security/bulletin/MS07-065.msp
>> x MS07-066 - Vulnerability in Windows Kernel Could Allow
>> Elevation of Privilege (943078)
>> http://www.microsoft.com/technet/security/bulletin/MS07-066.msp
>> x MS07-067 - Vulnerability in Macrovision Driver Could Allow
>> Local Elevation of Privilege (944653)
>> http://www.microsoft.com/technet/security/bulletin/MS07-067.msp
>> x
>>
>> Non-Security, High-Priority Updates on MU, WU, and WSUS
>>
>> Microsoft has released four non-security, high-priority
>> updates and 2007 Microsoft Office Service Pack 1 on Microsoft
>> Update (MU) and Windows Server Update Services (WSUS).
>>
>> Microsoft has released four non-security, high-priority
>> updates for Windows and Windows SharePoint Services 3.0
>> Service Pack 1 on Windows Update (WU) and WSUS.
>>
>> References:
>> December 2007 Security Bulletins Summary:
>> http://www.microsoft.com/technet/security/bulletin/ms07-dec.msp
>> x Security Bulletin for end-users:
>> http://www.microsoft.com/protect/computer/updates/bulletins/200
>> 712.mspx MSRC Blog: http://blogs.technet.com/msrc/default.aspx
>>
>> Support:
>> Call 1-866-PCSAFETY. There is no charge for support calls that
>> are associated with security updates. International users
>> should go to
>> http://support.microsoft.com/common/international.aspx
>>
>> Security Bulletin Webcast:
>> Microsoft will host a Webcast tomorrow. The webcast focuses on
>> addressing your questions and concerns about the security
>> bulletins. Therefore, most of the live webcast is aimed at
>> giving you the opportunity to ask questions and get answers
>> from their security experts:
>> http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?Even
>> tID=1032344696&EventCategory=4&culture=en-US&CountryCode=US
>>
>> Update sources:
>> Microsoft NEVER send security updates via e-mail. As always,
>> download the updates only from the vendors' website - visit
>> Windows Update and Office Update or Microsoft Update. You may
>> also get the updates thru Automatic Updates functionality in
>> Windows. Security updates are available on ISO-9660 DVD5 image
>> files from the Microsoft Download Center. For more
>> information, please see http://support.microsoft.com/kb/913086
>> Note: Don't be a victim of spoofed emails. Read "How to tell
>> whether a security e-mail message is really from Microsoft" at
>> http://www.microsoft.com/athome/security/email/ms_genuine_mail.
>> mspx
>>
>> Recommendations:
>> Microsoft advises customers to install the latest product
>> releases, security updates, and service packs to remain as
>> secure as possible. Older products, such as Microsoft Windows
>> NT 4.0, may not meet today's more demanding security
>> requirements. It may not be possible for Microsoft to provide
>> security updates for older products. More info at Microsoft
>> Support Lifecycle website:
>> http://support.microsoft.com/lifecycle/
>>
>> Tool:
>> Check your system for missing or misconfigured patches using
>> Microsoft Baseline Security Analyzer (MBSA) -
>> http://www.microsoft.com/technet/security/tools/mbsahome.mspx
>> For 3rd Party tools in scanning your computer for missing
>> updates, hotfixes or out-dated version, please see the list at
>> http://www.dozleng.com/updates/index.php?showtopic=13587
>>
>> Regards,
>> Donna Buenaventura
>> Windows Security MVP
>>
> Donna, what is your level of confidence on these updates? i.e.,
> are they going to work for the vast majority of people or be
> problematic for at least some percentage? I ask because I never
> do the updates they day they are released by MS, preferring to
> lurk for awhile in this and other MS peer-to-peer help NGs to see
> what issues others may be having.
>
> And, how does any customer or group of customers figure out if
> the particular vulnerability even applies to them? If not, seems
> like risking a problem for a fix that isn't needed.
>
> Thanks.
>
 
Hi,

I don't trust any updates because many things may or may not happen. It is
recommended to update soon especially if it's security-related and major bug
fixes that affects the user's application. Every PC including those from
vendors (e.g. Microsoft) has their own settings and other products that is
not the same to all users in the world so what might work to User A, B, C...
may not work to User X, Y, Z. Even if I don't trust any updates, I have to
install them to enjoy the fixes and improvements. I don't delay as I'm
confident I can go back in the good system state. Like Leonard, I rely on
backup and ensure that System Restore is functioning (not only running)
prior installation of big updates.
If I may add here the link to what I wrote last year: What to do before
"Patch Tuesday"? http://www.dozleng.com/updates/index.php?showtopic=9112
If anything is screwed, I'll just try System Restore. If no joy, I use the
full system backup.

Windows Update should only offer products that is applicable for your system
(windows and other components that WU can detect/install/offer). It should
not offer products that is not installed in your machine. Although, today..
it offered me some product updates that is nowhere to be found in my system:
http://www.dozleng.com/updates/index.php?showtopic=16588.

A suggestion: Avoid using Automatic Updates but use the setting to notify
you on updates then review the offered updates. Set to ignore the products
that you don't need or don't want to install (except security updates).

Sometimes MS release some toolkit to block installation of Service Pack or
upgrade on major component in Windows.

Regards,
Donna

"HEMI-Powered" <none@none.en> wrote in message
news:Xns9A04381813BC3ReplyScoreID@140.99.99.130...
> Donna, what is your level of confidence on these updates? i.e.,
> are they going to work for the vast majority of people or be
> problematic for at least some percentage? I ask because I never
> do the updates they day they are released by MS, preferring to
> lurk for awhile in this and other MS peer-to-peer help NGs to see
> what issues others may be having.
>
> And, how does any customer or group of customers figure out if
> the particular vulnerability even applies to them? If not, seems
> like risking a problem for a fix that isn't needed.
>
> Thanks.
>
> --
> HP, aka Jerry
>
> "Never complain, never explain" - Henry Ford II
 
"Donna Buenaventura" <dbuenaventura@mvps.org> wrote in message
news:B4A29F9A-B8B3-49CC-97E0-19561FBE5BBF@microsoft.com...
> Hi,
....snip

> A suggestion: Avoid using Automatic Updates but use the setting to notify
> you on updates then review the offered updates. Set to ignore the
> products that you don't need or don't want to install (except security
> updates).

I agree but even some security updates may not be appropriate for a
particular computer. As an example, there is one update that only applies if
you have a third-party web browser such as Firefox installed. If all you
have is IE, you don't need that update. Without reading the bulletin for
that update you have no way to know this.
--
Allan
 
Allan wrote:
> "Donna Buenaventura" <dbuenaventura@mvps.org> wrote in message
> news:B4A29F9A-B8B3-49CC-97E0-19561FBE5BBF@microsoft.com...
> ...snip
>
>> A suggestion: Avoid using Automatic Updates but use the setting to
>> notify
>> you on updates then review the offered updates. Set to ignore the
>> products that you don't need or don't want to install (except security
>> updates).
>
> I agree but even some security updates may not be appropriate for a
> particular computer. As an example, there is one update that only applies
> if
> you have a third-party web browser such as Firefox installed. If all you
> have is IE, you don't need that update. Without reading the bulletin for
> that update you have no way to know this.

IE is an integral part of the Windows Operating System, Allan. If IE is
vulnerable, Windows is vulnerable, period. It doesn't matter what browser
you use.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin http://aumha.net
DTS-L.ORG http://66.39.69.143/
 
Reread what Allan posted, BroRo:

> As an example, there is one update that only applies if you have a third-party web
> browser such as Firefox installed. If all you have is IE, you don't need that update

<w>

MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============


PA Bear wrote:

> Allan wrote:
>
>> "Donna Buenaventura" <dbuenaventura@mvps.org> wrote in message
>> news:B4A29F9A-B8B3-49CC-97E0-19561FBE5BBF@microsoft.com...
>> ...snip
>>
>>> A suggestion: Avoid using Automatic Updates but use the setting to
>>> notify
>>> you on updates then review the offered updates. Set to ignore the
>>> products that you don't need or don't want to install (except security
>>> updates).
>>
>>
>> I agree but even some security updates may not be appropriate for a
>> particular computer. As an example, there is one update that only
>> applies if
>> you have a third-party web browser such as Firefox installed. If all you
>> have is IE, you don't need that update. Without reading the bulletin for
>> that update you have no way to know this.
>
>
> IE is an integral part of the Windows Operating System, Allan. If IE is
> vulnerable, Windows is vulnerable, period. It doesn't matter what
> browser you use.
 
If AU offers a critical update, install it.

MowGreen [MVP] wrote:
> Reread what Allan posted, BroRo:
>
>> As an example, there is one update that only applies if you have a
>> third-party web browser such as Firefox installed. If all you have is IE,
>> you don't need that update
>
> PA Bear wrote:
>
>> Allan wrote:
>>
>>> "Donna Buenaventura" <dbuenaventura@mvps.org> wrote in message
>>> news:B4A29F9A-B8B3-49CC-97E0-19561FBE5BBF@microsoft.com...
>>> ...snip
>>>
>>>> A suggestion: Avoid using Automatic Updates but use the setting to
>>>> notify
>>>> you on updates then review the offered updates. Set to ignore the
>>>> products that you don't need or don't want to install (except security
>>>> updates).
>>>
>>>
>>> I agree but even some security updates may not be appropriate for a
>>> particular computer. As an example, there is one update that only
>>> applies if
>>> you have a third-party web browser such as Firefox installed. If all you
>>> have is IE, you don't need that update. Without reading the bulletin for
>>> that update you have no way to know this.
>>
>>
>> IE is an integral part of the Windows Operating System, Allan. If IE is
>> vulnerable, Windows is vulnerable, period. It doesn't matter what
>> browser you use.
 
"PA Bear" . wrote in message
news:On5W3%23ZPIHA.5860@TK2MSFTNGP04.phx.gbl...
> Allan wrote:
>> "Donna Buenaventura" <dbuenaventura@mvps.org> wrote in message
>> news:B4A29F9A-B8B3-49CC-97E0-19561FBE5BBF@microsoft.com...
>> ...snip
>>
>>> A suggestion: Avoid using Automatic Updates but use the setting to
>>> notify
>>> you on updates then review the offered updates. Set to ignore the
>>> products that you don't need or don't want to install (except security
>>> updates).
>>
>> I agree but even some security updates may not be appropriate for a
>> particular computer. As an example, there is one update that only applies
>> if
>> you have a third-party web browser such as Firefox installed. If all you
>> have is IE, you don't need that update. Without reading the bulletin for
>> that update you have no way to know this.
>
> IE is an integral part of the Windows Operating System, Allan. If IE is
> vulnerable, Windows is vulnerable, period. It doesn't matter what browser
> you use.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE, OE, Security, Shell/User)
> AumHa VSOP & Admin http://aumha.net
> DTS-L.ORG http://66.39.69.143/
Hello PA Bear,
The update which I alluded to as an example is this one :
http://support.microsoft.com/default.aspx?scid=kbEN-USQ911564
http://www.microsoft.com/technet/security/bulletin/MS06-006.mspx . It is a
security update but I believe the level is "important" rather than
"critical". I know that IE is considered by MS if not by European antitrust
regulators to be a Windows component. We are talking about security rather
than legal distinctions here.

Again , this update pertains to installed non-IE third-party browsers such
as Firefox, Netscape, Safari beta, Opera. If you do not any of them
installed, it is unnecessary to install this security update. It does not
make you any more secure to have it installed.
 
Last edited by a moderator:
> What causes the vulnerability?
> An unchecked buffer in the Windows Media Player plug-in.
>
> What is the Windows Media Player plug-in?
> The Windows Media Player plug-in allows users the ability to stream media through a
> non-Microsoft Internet browser.
>
> Can the Windows Media Player plug-in be used from within Internet Explorer?
> No, the Windows Media Player plug-in can only be used from within a non-Microsoft
> Internet browser such as Netscape Navigator.

On second thought ... if one has installed the ActiveX plugin for WMP,
then this update should be installed. Ex: WMP plugin for Firefox
Signing off ... youse guyz can talk amongst yerselfs. <w>


MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============



Allan wrote:

>
> "PA Bear" . wrote in message
> news:On5W3%23ZPIHA.5860@TK2MSFTNGP04.phx.gbl...
>
>> Allan wrote:
>>
>>> "Donna Buenaventura" <dbuenaventura@mvps.org> wrote in message
>>> news:B4A29F9A-B8B3-49CC-97E0-19561FBE5BBF@microsoft.com...
>>> ...snip
>>>
>>>> A suggestion: Avoid using Automatic Updates but use the setting to
>>>> notify
>>>> you on updates then review the offered updates. Set to ignore the
>>>> products that you don't need or don't want to install (except security
>>>> updates).
>>>
>>>
>>> I agree but even some security updates may not be appropriate for a
>>> particular computer. As an example, there is one update that only
>>> applies if
>>> you have a third-party web browser such as Firefox installed. If all you
>>> have is IE, you don't need that update. Without reading the bulletin for
>>> that update you have no way to know this.
>>
>>
>> IE is an integral part of the Windows Operating System, Allan. If IE
>> is vulnerable, Windows is vulnerable, period. It doesn't matter what
>> browser you use.
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-Windows (IE, OE, Security, Shell/User)
>> AumHa VSOP & Admin http://aumha.net
>> DTS-L.ORG http://66.39.69.143/
>
> Hello PA Bear,
> The update which I alluded to as an example is this one :
> http://support.microsoft.com/default.aspx?scid=kbEN-USQ911564
> http://www.microsoft.com/technet/security/bulletin/MS06-006.mspx . It is
> a security update but I believe the level is "important" rather than
> "critical". I know that IE is considered by MS if not by European
> antitrust regulators to be a Windows component. We are talking about
> security rather than legal distinctions here.
>
> Again , this update pertains to installed non-IE third-party browsers
> such as Firefox, Netscape, Safari beta, Opera. If you do not any of them
> installed, it is unnecessary to install this security update. It does
> not make you any more secure to have it installed.
 
Last edited by a moderator:
Back
Top