MS08-039 – Important: Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) - Version:1.1

Severity Rating: Important - Revision Note: V1.1 (July 9, 2008): Changed the information reference link for OWA Premium in the Mitigating Factors sections for both vulnerabilities.Summary: This security update resolves two privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server. An attacker who successfully exploited these vulnerabilities could gain access to an individual OWA client’s session data, allowing elevation of privilege. The attacker could then perform...

MS08-040 – Important: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) - Version:1.1

Severity Rating: Important - Revision Note: V1.1 (July 9, 2008): Removed erroneous references to SQL Server 2005 Service Pack 1 in the MBSA and SMS Detection and Deployment tables. Also clarified permissions requirements for vulnerability mitigating factors.Summary: This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then...

Microsoft Security Advisory (953635): Vulnerability in Microsoft Word Could Allow Remote Code Execution

Revision Note: Advisory published.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS08-042 to address this issue. For more information about this issue, including download links for an available security update, please review MS08-042. The vulnerability addressed is the Word Record Parsing Vulnerability - CVE-2008-2244.

MS08-037 – Important: Vulnerabilities in DNS Could Allow Spoofing (953230) - Version:1.0

Severity Rating: Important - Revision Note: Bulletin published.Summary: This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.

MS08-038 – Important: Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582) - Version:1.0

Severity Rating: Important - Revision Note: Bulletin published.Summary: This security update resolves a publicly reported vulnerability in Windows Explorer that could allow remote code execution when a specially crafted saved-search file is opened and saved. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create...

MS08-039 – Important: Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) - Version:1.0

Severity Rating: Important - Revision Note: Bulletin published.Summary: This security update resolves two privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server. An attacker who successfully exploited these vulnerabilities could gain access to an individual OWA client’s session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from within the individual client’s OWA session.

MS08-040 – Important: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) - Version:1.0

Severity Rating: Important - Revision Note: Bulletin published.Summary: This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

Microsoft Security Bulletin Summary for July 2008

Revision Note: Bulletin Summary published.Summary: This bulletin summary lists security bulletins released for July 2008.

Microsoft Security Advisory (955179): Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution

Revision Note: Advisory published.Summary: Microsoft has completed the investigation into a private report of this vulnerability. We have issued MS08-041 to address this issue. For more information about this issue, including download links for an available security update, please review MS08-041. The vulnerability addressed is the Snapshot Viewer Arbitrary File Download Vulnerability - CVE-2008-2463.

Microsoft Security Bulletin Advance Notification for July 2008

Revision Note: Advance Notification publishedSummary: This advance notification lists security bulletins to be released for July 2008.

MS08-030 – Critical: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) - Version:2.0

Severity Rating: Critical - Revision Note: V2.0 (June 18, 2008): Added "Why was this security update reoffered on June 18, 2008?" entry to the Update FAQ to advise customers running Windows XP Service Pack 2 and Windows XP Service Pack 3 that a revised version of the security update is available.Summary: This security update resolves a privately reported vulnerability in the Bluetooth stack in Windows that could allow remote code execution. An attacker who successfully exploited this vulnerability...

MS07-042 - Critical: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227) - Version:4.0

Severity Rating: Critical - Revision Note: V4.0 (June 24, 2008): Bulletin updated: Added Windows XP Service Pack 3, Windows Vista Service Pack 1, Windows Vista x64 Edition Service Pack 1, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for x64-based Systems, and Windows Server 2008 for Itanium-based Systems as affected software. This is a detection update only. There were no changes to the binaries.Summary: This critical security update resolves a privately reported vulnerability. This...

Microsoft Security Bulletin Summary for August 2007

Revision Note: V4.0 (June 24, 2008): Affected Software table updated to add Windows XP Service Pack 3, Windows Vista Service Pack 1, Windows Vista x64 edition Service Pack 1, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for x64-based Systems, and Windows Server 2008 for Itanium-based Systems under MS07-042 for the KB936181 update for Microsoft XML Core Services 4.0. This is a detection change only. There were no changes to the binaries.Summary: This bulletin summary lists security...

Microsoft Security Advisory (954462): Rise in SQL Injection Attacks Exploiting Unverified User Data Input

Revision Note: June 25, 2008: Removed erroneous references to form field and cookie value testing from the HP Scrawlr tool description.Summary: Microsoft is aware of a recent escalation in a class of attacks targeting Web sites that use Microsoft ASP and ASP.NET technologies but do not follow best practices for secure Web application development. These SQL injection attacks do not exploit a specific software vulnerability, but instead target Web sites that do not follow secure coding practices for...

Microsoft Security Advisory (954960): Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates

Revision Note: Advsiory published.Summary: Microsoft is investigating public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft is aware of reports from customers who are experiencing this issue.

Microsoft Security Advisory (953818): Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform

Revision Note: July 2, 2008: Updated the Suggested Actions.Summary: Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed. Safari is not installed with Windows XP or Windows Vista by default; it must be installed independently or through the Apple Software Update application. Customers running Safari on Windows should review this advisory.

Билл Гейтс уходит из Microsoft

27 июня 2008 года в жизни корпорации Microsoft и всей мировой ИТ-индустрии наступит "час Х". Завтрашний день станет последним для Билла Гейтса в должности руководителя и главного программного архитектора Microsoft. С 28 июня Гейтс полностью посвятит себя работе в благотворительном фонде Билла и Мелинды Гейтс. В самой Microsoft говорят, что вместе с Гейтсом уходит целая эпоха, у его персоны были как почитатели, так и ненавистники, но очевидно одно - без него Microsoft станет другой. Несмотря на то...

Microsoft продлевает срок поддержки Windows XP до конца 2014 года

Билл Вет, вице-президент компании опубликовал открытое письмо к пользователям Windows, в котором сообщает, что после 30 июня (срок окончания продаж Windows XP) компания не прекратит поддержку операционной системы, и что поддержка будет осуществляться до конца 2014 года. Таким образом, срок поддержки Windows XP станет рекордно долгим для компании – 13 лет. До сих пор срок сервисного обслуживания операционных систем не превышал десяти лет. Обслуживание Windows 2000 планируется прекратить в 2010 году...

Объявлены сроки выхода Windows 7

Новая клиентская операционная система Windows 7 выйдет в январе 2010 года, либо вблизи этой даты. Об этом сегодня в письме крупным заказчикам и партнерам корпорации сообщил старший вице-президент Microsoft Билл Вегте, завтра текст письма должен быть опубликован на сайте Microsoft. В своем послании Билл Вегте поспешил заверить заказчиков в добросовестности корпорации. «Вы неоднократно говорили нам о том, что хотели бы получать более регулярные и предсказуемые графики разработки новых операционных...

MS08-031 - Critical: Cumulative Security Update for Internet Explorer (950759) - Version:1.1

Severity Rating: Critical - Revision Note: V1.1 (June 11, 2008): Added entry to Update FAQ to communicate that the file information in the associated Microsoft Knowledge Base Article 950759 has been updated.Summary: This security update resolves one privately reported and one publicly disclosed vulnerability. The privately reported vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer...