antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
|  MS Security Bulletin Advanced Notification for 4/3/2007
********************************************************************
Title: Microsoft Security Bulletin Advanced Notification
Issued: April 1, 2007
********************************************************************
Summary
=======
On Tuesday 3 April 2007 Microsoft is planning to release:
Security Updates
. One Microsoft Security Bulletin affecting Microsoft Windows.
The highest Maximum Severity rating for these is Critical. These
updates will require a restart. These updates will be detectable
using the Microsoft Baseline Security Analyzer.
Microsoft Windows Malicious Software Removal Tool
. Microsoft will not release an updated version of the Microsoft
Windows Malicious Software Removal Tool on Windows Update, Microsoft
Update, Windows Server Update Services and the Download Center on
Tuesday 3 April 2007.
Non-security High Priority updates on MU, WU, WSUS and SUS
. Microsoft will not release any NON-SECURITY High-Priority
Updates for Windows on Windows Update (WU) and Software Update
Services (SUS) on Tuesday 3 April 2007.
. Microsoft will not release any NON-SECURITY High-Priority
Updates on Microsoft Update (MU) and Windows Server Update Services
(WSUS) on Tuesday 3 April 2007.
Microsoft will host a webcast next week to address customer
questions on these bulletins. For more information on this webcast
please see below:
. TechNet Webcast: Information about Microsoft's Security
Bulletins (Level 100)
. Wednesday, 11 April 2007 11:00 AM (GMT-08:00) Pacific Time (US
& Canada)
»msevents.microsoft.com/CUI/WebCa···ventID=1
032327017&EventCategory=4&culture=en-US&CountryCode=US
At this time no additional information on these bulletins such as
details regarding severity or details regarding the vulnerability
will be made available until 3 April 2007.
********************************************************************
Support:
========
Technical support is available from Microsoft Product Support
Services at 1-866-PC SAFETY (1-866-727-2338). There is no
charge for support calls associated with security updates.
International customers can get support from their local Microsoft
subsidiaries. Phone numbers for international support can be found
at: »support.microsoft.com/common/int···nal.aspx
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:
»www.microsoft.com/technet/securi···ult.mspx
* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
»www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates via e-mail.
You can learn more about Microsoft's software distribution
policies here:
»www.microsoft.com/technet/securi···ist.mspx
...
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check often)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. | |
|
 |
daveinpoway
Premium
join:2006-07-03
Poway, CA | Will Microsoft also be releasing some updates on April 10 (the "normal" patch Tuesday), or will the April 3 releases be all that will be released this month? | |
|
 |
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
| Re: MS Security Bulletin Advanced Notification for 4/3/2007 said by daveinpoway  :Will Microsoft also be releasing some updates on April 10 (the "normal" patch Tuesday), or will the April 3 releases be all that will be released this month? From what I understand, tomorrow is an urgent patch for ANI cursors in Vista issue.
Remember, MS said they will release any urgent ones ASAP outside of monthly schedules.
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check often)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. | |
|
| | |
| | |
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
1 edit | Re: MS Security Bulletin Advanced Notification for 4/3/2007 said by La Luna :said by antdude :From what I understand, tomorrow is an urgent patch for ANI cursors in Vista issue. Just Vista? What about everyone else, like XP users?  Maybe XP. Was the ANI cursor issue only for Vista or did it affect XP too? I don't remember the full details. 
Remember, I am just assuming from what I read and recall. So all this could be wrong. 
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check often)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. | |
|
|
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25 | Re: MS Security Bulletin Advanced Notification for 4/3/2007 Wow. Thanks "La Luna". I thought it was only Vista. Wow. I guess tomorrow will be a fun day for me. | |
|
| | Mele20
Premium
join:2001-06-05
Hilo, HI
| Re: MS Security Bulletin Advanced Notification for 4/3/2007 ALL Operating Systems from Microsoft starting with W95 are affected by ANI exploit.
It has been confirmed by members of the GRC Security NG that W95, 98/98SE, and ME are affected by this critical vulnerability. Unfortunately, there will be NO patch for them. Also, unfortunately, the patch issued by ZERT which originally stated that it patched Windows 98/98SE DOES NOT PATCH any system below 2000.
Considering the number of 98 users world wide, I think this is one instance where a patch should be issued. Most people still using 98 or ME are doing so because the machines are too old to allow upgrades of the OS without substantial hardware upgrades which make no sense on machines this old. Still these old machines generally have a lot less hardware issues than new machines (at least if they are Dells) and are adequate for email and websurfing. Many of those using these old OSes use IE only and use Outlook Express. Maybe they can move to web mail with out much difficulty but moving to another browser is something most probably won't do.
A vulnerability this serious should be patched...not other less serious things...but this should be patched IMO. While these old machines may be of no interest to criminals for purposes of netbots, people doing banking and shopping online on these old machines with old OSes would be of interest to criminals.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"
»www.msfirefox.com/ | |
|
|
| Mele20
Premium
join:2001-06-05
Hilo, HI | Re: MS Security Bulletin Advanced Notification for 4/3/2007 Spanner, How do you know your 98 is not vulnerable? | |
|
| | 
Woody79_00
join:2004-07-08
united state
| Re: MS Security Bulletin Advanced Notification for 4/3/2007 My McAfee has it covered with the latest updates | |
|
| | 
SpannerITWks
Premium
join:2005-04-22 | Mele20
Click on the handy link i included and you'll see my screenie !
Spanner | |
|
| | | Mele20
Premium
join:2001-06-05
Hilo, HI
| Re: MS Security Bulletin Advanced Notification for 4/3/2007 Couldn't you just answer the question?
Your link sends me to another thread that has 3 pages. I have no idea where in that thread you put a screeshot.
Plus, I don't look at screenshots that are off site and you have a bad habit of doing that.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"
»www.msfirefox.com/ | |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA | Thanks antdude!  | |
|
|
| Mele20
Premium
join:2001-06-05
Hilo, HI
| Re: MS Security Bulletin Advanced Notification for 4/3/2007 said by Link Logger :I believe this is for all affected systems. Blake ALL Microsoft OSes from 95 on are affected. Only those from 2000 on will be patched.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"
»www.msfirefox.com/ | |
|
Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
 ·Shaw
| If your still driving Windows 9x then I think it goes without saying, your on your own.
Windows ME - Mainstream support ended 31/12/2003, Extended support ended 31/12/2003.
Windows 98SE - Mainstream support ended 30/06/2002, Extended support ended 11/07/2006
Windows 95 - Mainstream support ended 31/12/2000, Extended support ended 31/12/2001
So I think given these puppies have been support dead for some time, they just don't matter anymore in terms of announcing for what versions of Windows things will be fixed for.
I still have a couple of systems running Windows 9x on them as they were totally security void and hence its far easier doing some things on them then configuring a XP box for example. I even have a Windows ME virtual machine that I sometimes load up for testing.
Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool | |
|
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
| FYI.
"Budd added that Microsoft is not canceling its monthly security release scheduled for April 10, which the company will provide advance notification for on Thursday." --»www.betanews.com/article/Micorso···75626872
More updates on the 10th.
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check often)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. | |
|
fatness
subtle
Janitor
join:2000-11-17
fishing
 ·EarthLink
Host:
Earthlink DSL
TekSavvy
Forum Feature Requ..
Need Site Help?
Rants, Raves, and ..
| quote:
********************************************************************
Title: Microsoft Security Bulletin Advanced Notification
Issued: April 1, 2007
********************************************************************
Summary
=======
On Tuesday 3 April 2007 Microsoft is planning to release:
They just "released" the god damn WGA notification choice again, after I've chosen several times not to show the "update" again. I won't go into how I feel about the ethics involved.
--
Sure, that'll work.. | |
|
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
| Re: MS Security Bulletin Advanced Notification for 4/3/2007 said by fatness : quote:
********************************************************************
Title: Microsoft Security Bulletin Advanced Notification
Issued: April 1, 2007
********************************************************************
Summary
=======
On Tuesday 3 April 2007 Microsoft is planning to release:
They just "released" the god damn WGA notification choice again, after I've chosen several times not to show the "update" again. I won't go into how I feel about the ethics involved. Actually, that was a few weeks ago.
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check often)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. | |
|
| |
fatness
subtle
Janitor
join:2000-11-17
fishing | Re: MS Security Bulletin Advanced Notification for 4/3/2007 Yes, it was. And again today. | |
|
| | |
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
| Re: MS Security Bulletin Advanced Notification for 4/3/2007 said by fatness :Yes, it was. And again today. Really? I didn't get any earlier today. Maybe it was done later in the day. Ugh. | |
|
| | | |
fatness
subtle
Janitor
join:2000-11-17
fishing
·EarthLink
Host:
Earthlink DSL
TekSavvy
Forum Feature Requ..
Need Site Help?
Rants, Raves, and ..
| Re: MS Security Bulletin Advanced Notification for 4/3/2007 I had just told it a few weeks ago not to offer that "update" again, so I was a bit pissed off to see it again today. I feel like I'm dealing with a car salesman.
"I'll buy the car if you come down $500, and I don't want the Tru-Coat."
"Let me go talk to my boss."
pause
"Ok we can come down $500."
"I don't want the Tru-Coat."
"Let me go talk to my boss."
pause
"OK, we'll throw in the Tru-Coat."
--
Sure, that'll work.. | |
|
| | | | | 
Owlbet
Ignite the Ice
Premium,MVM
join:2002-09-24
Palmer, AK
clubs:
·MTA Online
1 edit | Re: MS Security Bulletin Advanced Notification for 4/3/2007 said by fatness :I had just told it a few weeks ago not to offer that "update" again, so I was a bit pissed off to see it again today. I understand your frustration. I have the WGA, so no issues there. However, I do not want Internet Explorer 7.0 in any way, shape, or form. Imagine my surprise when it was offered during March's Crash Tuesday update schedule when it previously had been "hidden". | |
|
| | | | | |
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
| Re: MS Security Bulletin Advanced Notification for 4/3/2007 said by Owlbet :said by fatness :I had just told it a few weeks ago not to offer that "update" again, so I was a bit pissed off to see it again today. I understand your frustration. I have the WGA, so no issues there. However, I do not want Internet Explorer 7.0 in any way, shape, or form. Imagine my surprise when it was offered during March's Crash Tuesday update schedule when it previously had been "hidden". Yeah, me too. I noticed IE7 went from critical update to optional update. Annoying. MS will continue to annoy us so BE CAREFUL!
I am pissed off with its OGA ActiveX check and WGA Validation Tool (snucked onto my Windows XP machine on 3/3/2007 and I have no idea how and I don't even use automatic updates).
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check often)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. | |
|
| | 
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
| said by antdude : Actually, that was a few weeks ago. Yes, but when fatness told them he didn't want to be bothered with it, they held off until they couldn't stand it anymore and decided to offer it again.
I mean, this time the "Genuine advantage' is SO advantageous, they couldn't understand why he refused it, and felt it was only fair to make this GREAT offer once last time (well, until next time), to see if he's come to his senses yet. 
--
I had a life once.....now I have a Computer and a Modem. | |
|
| | | 
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
 ·AT&T U-Verse
| Re: MS Security Bulletin Advanced Notification for 4/3/2007 said by jabarnut :said by antdude : Actually, that was a few weeks ago. Yes, but when fatness told them he didn't want to be bothered with it, they held off until they couldn't stand it anymore and decided to offer it again. I mean, this time the "Genuine advantage' is SO advantageous, they couldn't understand why he refused it, and felt it was only fair to make this GREAT offer once last time (well, until next time), to see if he's come to his senses yet. Of if he just wasn't paying attention to what they put on the screen, figuring the critical update would be so important he'd click to anything.
I just keep keep declining it every time they insist I "must" have it.
--
Team Discovery
| |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| Custom install at the update site..then you can decide what you want..on a few of my PC's I do not want IE7..so custom is my choice it time..and I have stopped the Auto update thingie long ago.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ | |
|
| Mele20
Premium
join:2001-06-05
Hilo, HI
| Re: MS Security Bulletin Advanced Notification for 4/3/2007 Why use WU at all? I don't get any WGA notification or IE7 crap. I just go to the Microsoft Download site via the bulletins and download the patch to disk and then install. Better that way because you don't install a bunch all at once and then have a problem and not know which patch caused the problem. I haven't used WU since version 4 of the site. | |
|
| | |
| | | Mele20
Premium
join:2001-06-05
Hilo, HI
| Re: MS Security Bulletin Advanced Notification for 4/3/2007 But you have to allow WGA Validation and I am pissed about that...not just WGA Notification. If I could uninstall WGA Validation after it "validates" I wouldn't mind quite as much but when I got it hidden in the IE7 beta, and I allowed it, I did son only because I really wanted to try IE7 and I thought I could later uninstall WGA Validation. I couldn't though. First and only time I was compelled to go to the "dark" side and find some cracks so I could at least spit on it, and stomp it, and kill it, even if I couldn't actually remove it. So, I'm not about to use WU and get a live WGA Validation on here again after all that trouble I went to to zap the one I had!
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"
»www.msfirefox.com/ | |
|
| | | |
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| Re: MS Security Bulletin Advanced Notification for 4/3/2007 said by Mele20 :But you have to allow WGA Validation and I am pissed about that...not just WGA Notification. If I could uninstall WGA Validation after it "validates" I wouldn't mind quite as much but when I got it hidden in the IE7 beta, and I allowed it, I did son only because I really wanted to try IE7 and I thought I could later uninstall WGA Validation. I couldn't though. First and only time I was compelled to go to the "dark" side and find some cracks so I could at least spit on it, and stomp it, and kill it, even if I couldn't actually remove it. So, I'm not about to use WU and get a live WGA Validation on here again after all that trouble I went to to zap the one I had! Wrong..but you do it your way..my machines run just fine.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ | |
|
| | | | | Mele20
Premium
join:2001-06-05
Hilo, HI | Re: MS Security Bulletin Advanced Notification for 4/3/2007 "Wrong" what? Your remarks are too cryptic sometimes. | |
|
| |
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
| said by Mele20 :Why use WU at all? I don't get any WGA notification or IE7 crap. I just go to the Microsoft Download site via the bulletins and download the patch to disk and then install. Better that way because you don't install a bunch all at once and then have a problem and not know which patch caused the problem. I haven't used WU since version 4 of the site. That takes too long. I also use custom WU.
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check often)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. | |
|
| | | Mele20
Premium
join:2001-06-05
Hilo, HI | Re: MS Security Bulletin Advanced Notification for 4/3/2007 Takes too long? You still have to read about each one from WU ...unless are you one of those who blindly installs every patch? I don't do that. I don't install all offered patches. I read about each and then decide if I need it. | |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
1 edit | And I will tell ya another story..I remember when users refused to update to SP2 from SP1 and then all of the sudden some real nasty bad boy found an exploit those users got paranoid about..so they ran off to the tech net and just download and install that particular ONE and they broke their machine since they also really needed a few more they refused to install for many months...at least the WU is smart enough to install the stuff in the right order and also let you know your history if you care to check..so for the average user it just makes more sense letting Microsoft give them all they help they can get.
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ | |
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
2 edits | I'm like Mele, getting patches manually is the way for me. I read about each one, download relevant ones, watch for problem reports for a while, then maybe install. Also I keep a spreadsheet of the whole list, and what each one is for, which ones supersede others, which ones are installed, which ones are in my archive. When reinstalling I have the whole lot on a disc and patch with the cable unplugged, before even setting up networking. And no WGA of any kind, at all, ever.
It takes about 15 minutes per month for downloading, 45 for reading and entering in spreadsheet.
The .ani patch, downloadable version: »www.microsoft.com/technet/securi···017.mspx
Edit: Why it took them so long (interesting): »erratasec.blogspot.com/2007/04/w···ong.html
2nd edit: I was trying to be funny with a low estimate of time, now realistic. | |
|
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
2 edits | Re: MS Security Bulletin Advanced Notification for 4/3/2007 said by swhx7 :I'm like Mele, getting patches manually is the way for me. I read about each one, download relevant ones, watch for problem reports for a while, then maybe install. Also I keep a spreadsheet of the whole list, and what each one is for, which ones supersede others, which ones are installed, which ones are in my archive. When reinstalling I have the whole lot on a disc and patch with the cable unplugged, before even setting up networking. And no WGA of any kind, at all, ever. And it takes only about 15 minutes per month. The .ani patch, downloadable version: » www.microsoft.com/technet/securi···017.mspxEdit: Why it took them so long (interesting): » erratasec.blogspot.com/2007/04/w···ong.html Ahh, I don't do that. I do read the MS bulletins, WU update titles, etc. I do test them on my test machines at work first. I download them at night of the release since I am not even at home during the release times. I just don't have the time to manually go to each update link, download, etc.
I *WILL* have to do that for Office XP/2002 updates because my dad's Dell machine keeps failing OGA check via Office Update. You can read about that in my »Office Update/Online now requires OGA thread.
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check often)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. | |
|
|
|
|
·