Microsoft Security Bulletin(s) for 4/10/2007 in Security

Microsoft Security Bulletin(s) for 4/10/2007 in Security http://www.dslreports.com/forum/r18147773 en Sat, 06 Sep 2008 01:37:03 EDT Sat, 06 Sep 2008 01:37:03 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18181305 daringrey : had something like his happen to me. Thanks Melissa.
-- Darin Grey]]> http://www.dslreports.com/forum/remark,18181305 Mon, 16 Apr 2007 16:43:24 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18167211 Name Game : Those of you who would like to use QFECheck tool on Win2000
read these link and update your file cat as required for your SP first.

Some Windows 2000 hotfixes may cause a conflict with Service Pack 3 (SP3) for Windows 2000

»support.microsoft.com/kb/309601

Updated Sp2.cat available to resolve versioning issues with post Service Pack 1 hotfixes
»support.microsoft.com/?kbid=281767
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
»www.microsoft.com/technet/securi···IIS.mspx (»www.microsoft.com/technet/securi···IIS.mspx)
Under certain circumstances, the Windows 2000 post-Service Pack 1 (SP1) catalog file (Sp2.cat) that is included with Windows 2000 post-SP1 hotfixes may be incorrectly versioned. All Windows 2000 post-SP1 hotfixes that had this problem have been repackaged to include an updated Sp2.cat file.

If multiple Windows 2000 post-SP1 hotfixes are installed on your computer and one hotfix has this Sp2.cat versioning issue, your computer may be affected. Depending on the order in which the hotfixes were installed, a newer hotfixed Sp2.cat file may be replaced by an older version.

This problem occurs only with English-language hotfixes.
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/]]> http://www.dslreports.com/forum/remark,18167211 Fri, 13 Apr 2007 20:11:06 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18166988 Name Game :

said by Mele20

:

QFEcheck is nothing new. That title is rather misleading as it also verifies 98/ME. I don't know if it works with 95 because I never had 95 but I would think it probably does. You didn't have to download it special though for 98. I'm sure most everyone here has been using it since 98 days at least. Advisor uses the same method so if you use Advisor you don't need QFEcheck unless you want to doublecheck. I believe I recall MS has made it one of those where they call you a thief first and you have to prove you are not before you can download it. Google it and get it from a site that doesn't assume you stole your copy of Windows.

There is nothing misleading about the title you are just using it to rant again :D :D and that qfecheck will not work with win98 at that link..besides that win98 OS is no longer support..and for your win95 you can play here
»support.microsoft.com/kb/145990/EN-US/

And why would anyone want to download it from a site other than microsoft..sound like a good way of ending up with a "value added tool" with an exploit in it..just to scan your PC for KB's wherein some of those also require validation of your copy of the OS. But of course I guess you could find some on the net that are also not at the Microsoft site..or just wait around for someone to send it off to you in an email.. :D :D
»Warning regarding fake malware patch 'patch_4723.zip '

Your advice makes any average user who reads your posts and takes your "risky advice" on "How to Secure and maintain their PRODUCT" a joke..but then again they have not been at it as long as you. ;)Google it :D :D :D :D "hey here's one with rootkit in it..and it will never hurt you..and your AV will never find it until it's to late." :p
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/]]> http://www.dslreports.com/forum/remark,18166988 Fri, 13 Apr 2007 19:31:45 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18166780 Mele20 : QFEcheck is nothing new. That title is rather misleading as it also verifies 98/ME. I don't know if it works with 95 because I never had 95 but I would think it probably does. You didn't have to download it special though for 98. I'm sure most everyone here has been using it since 98 days at least. Advisor uses the same method so if you use Advisor you don't need QFEcheck unless you want to doublecheck. I believe I recall MS has made it one of those where they call you a thief first and you have to prove you are not before you can download it. Google it and get it from a site that doesn't assume you stole your copy of Windows.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.msfirefox.com/]]> http://www.dslreports.com/forum/remark,18166780 Fri, 13 Apr 2007 18:52:54 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18166094 Name Game : Here is another free tool I have used to find out what hotfixes are really on Win XP SP2..download it install it then go to the command prompt and type in qfecheck..it will list them all..but watch out for KB923689 if it tells you it needs to be reinstalled..that is not correct in all cases.(see this link)
»support.microsoft.com/kb/933066/

This tool also work great on a standalone PC. ;)
********************************
Qfecheck.exe verifies the installation of Windows 2000 and Windows XP hotfixes
Microsoft has released a command-line tool named Qfecheck.exe that gives network administrators increased ability to track and verify installed Windows 2000 and Windows XP hotfixes. This tool provides the following benefits: • This tool helps customers who thought they had properly installed an update, but had not, and are now experiencing a problem. Previously, it was somewhat difficult to identify which fixes were installed on a computer. This simple tool easily enumerates all of the installed fixes by Microsoft Knowledge Base article number. Customers can then confirm that they have installed the appropriate set of fixes before using a valuable support incident and potentially experiencing unplanned down time.

MORE INFORMATION
Qfecheck.exe determines which hotfixes are installed by reading the information that is stored in the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates
Using the file version information that is stored in this key by each hotfix that is installed, the Qfecheck.exe tool checks the installed binary files to verify that they match.

Qfecheck.exe identifies the following types of issues: • Files that have been hotfixed, but for which the installed binary file is not current.

Qfecheck reads the registry key that is associated with each update, and checks the version number that is recorded in the registry against the current version of the same file that is installed. If the current version is lower than the version that is recorded in the registry, Qfecheck reports an error.
• Hotfix files that are current, but are not considered valid by the installed catalogs.

For each file that is installed by a hotfix, Qfecheck checks to see that the current catalogs on the computer contain the information that would be used by Windows File Protection (WFP) to validate the file. If a file is valid according to the hotfix information in the registry, but the installed catalogs do not concur, Qfecheck reports an error.

NOTE: If WFP were to be triggered in this case, the hotfixed file would be rolled back to an earlier version.
Qfecheck displays its information in a command-prompt window when you run it. If you log the results of Qfecheck to a log file with the /l switch, the log file is stored in the current folder unless you specify a location. This location can be any valid path, including a Universal Naming Convention (UNC) path. Qfecheck does not log information in the event log.

»support.microsoft.com/kb/282784
***************************************************

How to install and remove hotfixes with Hotfix.exe
»support.microsoft.com/kb/184305
**************************************************

Those of you who do download an update or hotfix and install it that way..might then want to read the next link since it will tell you all the details of how it really works step by step..and it's limitations. ;)

The Package Installer (Formerly Called Update.exe) for Microsoft Windows Operating Systems and Windows Components
»www.microsoft.com/technet/prodte···dte.mspx
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/]]> http://www.dslreports.com/forum/remark,18166094 Fri, 13 Apr 2007 16:53:43 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18165518 Libra : Hi Argle :)
Thanks for your response to my question. I haven't updated our XP computer yet, but when I do I'll be sure to check services.msc.

Sincerely, Libra]]> http://www.dslreports.com/forum/remark,18165518 Fri, 13 Apr 2007 15:14:59 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18165102 Martinus :

said by Name Game

:

Q: I went to Gibson Research (www.grc.com)...

OMG, LOL :)
--
Si naciste pa' martillo del cielo te caen los clavos]]> http://www.dslreports.com/forum/remark,18165102 Fri, 13 Apr 2007 13:47:38 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18165101 AB :

said by altermatt

said by AB

:

the KB931261 exploit seems to require the UPNP service to be enabled.

As Name Game

said, PnP and UPnP are two different animals, so I can't see the patch affecting PnP-- but that's just my personal thought on the matter.
I'm not going to install any of these latest patches. But that's just me, and I in no way recommend that everyone else follow suit.
I'm slowly removing older patches that will never affect my machine, given it's configuration-- not adding new ones that also fit that criteria.
Two of the new patches require someone physically sitting at my computer and able to log-in in order to load/execute-- unlikely to happen.
One apparently requires the UPnP service to be enabled-- nope, that's not me.
The other requires IE user interaction through ActiveX-- again, not me. I no longer use IE, period.
So those don't affect me, regardless of how 'critical' the vulnerability might be.

Again-- I'm speaking strictly from a personal point of view, and don't recommend this course of action for users in general.]]> http://www.dslreports.com/forum/remark,18165101 Fri, 13 Apr 2007 13:47:33 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18165088 altermatt :

said by Name Game

:

The only problem with disabling UPnP in this manner is that subsequent patches and service packs from Microsoft may re-enable the two services you just disabled.

Just add it to the list of stuff I have to do after running MU ;); this includes stopping AU and setting it back to manual; I use the MU.bat file posted here a long time ago, but while it starts up AU fine, it never gets a chance to shut it down since I let MU reboot the computer. Refusing the reboot, letting MU.bat shut things down, and then manually rebooting is another option. Six of one...

So now, I'll just add, this one time, "make sure UPNP and SSDP is disabled again" to my list of after-update tasks (which always include "breathe a sigh of relief if it successfully reboots." ;)
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick]]> http://www.dslreports.com/forum/remark,18165088 Fri, 13 Apr 2007 13:44:17 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18163690 Name Game :

said by altermatt

said by AB

:

the KB931261 exploit seems to require the UPNP service to be enabled.

no problems with PnP here.
And could not even think of a reason PnP would ever be affected by that last patch. Its like apples and oranges on how they function.

»www.microsoft.com/technet/prodte···pxp.mspx

**********************************

Q: I went to Gibson Research (www.grc.com), and the site advised me to use its tool to disable UPnP (Universal Plug and Play) from WinXP. So, I downloaded the tool, but every time I try to disable UPnP, my hourglass cursor icon appears and won’t go away, so I had to push the CTRL-ALT-DELETE keys. I understand that Gibson Research is a reputable Web site, and it did send me a Zip file containing its UPnP disabling tool, but that didn’t work, either. From its site information, I learned that the FBI requested that the UPnP file be disabled from WinXP but changed that request later on. Is UPnP an issue anymore? If so, what should I do about it?

A: Microsoft included UPnP in WinXP, but it’s also available for Win98 and WinMe. The idea behind UPnP is to allow devices on a network to easily find each other. This means that if you connect a printer that supports UPnP to your network, your computer will automatically recognize and be able to use the printer. Other network-capable devices, such as scanners, also can take advantage of this technology.

When Microsoft first released its implementation of UPnP, there were flaws in it that would allow someone on your network to potentially take over your computer. Because this was a pretty serious vulnerability, coupled with the fact that UPnP was enabled by default, the FBI decided to issue a warning. However, despite some of the hyperbole about this vulnerability, we don’t believe that it remains a serious issue.

The first reason for our optimism is that Microsoft has already issued a patch for the vulnerability. The patch corrects the flaw in Microsoft’s UPnP implementation, while still allowing the UPnP service to function. The second reason for our optimism is that WinXP SP2 now includes a more robust software-based firewall. With either a software-or hardware-based firewall in place, outsiders wouldn’t be able to attack your computer. And with Microsoft’s patch in place, they would fail if they somehow were able to bypass your firewall.

We're not sure why the utility you downloaded failed to work on your computer. It might be having a conflict with an antivirus application or some security setting on your system. However, if you still feel that you want to disable UPnP, here are the steps that should do the trick: Open the Start menu, choose Control Panel, click Performance And Maintenance, click Administrative Tools, and double-click Services. When a window opens displaying the services (programs that run continuously) currently running on your computer, scroll down to SSDP Discovery Service and double-click it. Click the Stop button to stop this service, select Disabled from the Startup Type drop-down menu, and click OK. Next, select the Universal Plug And Play entry from the same list of services and stop it, as well. Select Disabled from its Startup Type drop-down menu and click OK.

The only problem with disabling UPnP in this manner is that subsequent patches and service packs from Microsoft may re-enable the two services you just disabled. Our recommendation for any security concerns regarding Windows is to keep your system patched via Windows Update, install an antivirus application and keep it current, and set up a firewall either on your computer or between your computer and the Internet. You also might want to consider installing and regularly updating an antispyware application. Although these safety suggestions won’t prevent every type of attack, they will help you avoid the most common security issues that lurk on the Internet.

»www.smartcomputing.com/editorial···sp&guid=

--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/]]> http://www.dslreports.com/forum/remark,18163690 Fri, 13 Apr 2007 08:36:24 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18163473 altermatt :

said by AB

:

the KB931261 exploit seems to require the UPNP service to be enabled.

If we run with UPNP service disabled (for security reasons this is how I prefer it, and recommend it), can we avoid this patch?

EDIT: I see now this has been discussed already (posted too soon.) But my concern stands because some users are reporting that Plug n play (NOT the same as UPNP) stops working well after the patch---plug n play I need, Universal PNP I don't. So wondering if anyone else experienced plug n play problems, or problems disabling UPNP after the patch?

--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick]]> http://www.dslreports.com/forum/remark,18163473 Fri, 13 Apr 2007 07:18:01 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18163379 lilhurricane : Thank you Melissa :)]]> http://www.dslreports.com/forum/remark,18163379 Fri, 13 Apr 2007 06:14:53 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18158715 Martinus :

said by Mele20

:

I've been living in Dell Hell since summer 2005.

Hey, that line looks really good for a Don Henley song - "The Dell Hell Boys of Summer".

Nah more like Ozzy Osbourne.
--
Si naciste pa' martillo del cielo te caen los clavos]]> http://www.dslreports.com/forum/remark,18158715 Thu, 12 Apr 2007 11:20:05 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18158206 Mele20 : You didn't read what I said. You do that a LOT. I said check the FILE version. Geez. :(

Plus, mine has NEVER turned into a boat anchor. I have no idea though what you mean by a computer turning into a boat anchor...that is an odd thing to say.

You keep accusing me of stuff that has never happened. I have had a lot of hardware issues and some of those I need help with but those are mostly Dell's responsibility. I've been living in Dell Hell since summer 2005. My older Dell has had no hardware problems except for the floppy drive being replaced at year 4 and it will be 8 years old in May and it is running the same installation of 98SE since November 2000. Someone who is always turning their computers into "boat anchors" wouldn't be able to run the same 98SE installation for 7 years.

I don't have any important software issues and never have had. I post about minor things because I'm bored or because I want to learn more, etc. but the only major issue I have had with XP was back with the Dell 8300 when I got it in November 2003 and it kept BSODing due to infinite loop because of the crap driver for the nVidia 5200 card and it took nVidia almost a year to issue a driver that fixed the problem for me and countless others and they only did because so many raised a stink about it.]]> http://www.dslreports.com/forum/remark,18158206 Thu, 12 Apr 2007 09:30:32 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18158038 Name Game :

said by Mele20

:

You sure have a low opinion of people in this forum. Geez. Why are you so sure they haven't checked the file version before and after installing a patch? Besides, anything is better than bending over and letting Microsoft rape you. I won't do that and a lot of others won't either. When Microsoft removes both types of WGA from WU/MU then I will use them again but not until then.

Checking the OS VERSION that it applies to is just the first step..if you want to do it all manually you had better also continue reading everything about it on the technet write up..instead of just blindly install the thing..if you do not understand why that is important
and you want to play IT that's fine with me..I have great uptime on my systems and so do people I help..that is important to them..and every time you play this crap "You sure have a low opinion of people in this forum " it just rolls off my back when I see you constantly post on that lastest time your's turned into a boat anchor. :D
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/]]> http://www.dslreports.com/forum/remark,18158038 Thu, 12 Apr 2007 08:36:49 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18157995 Mele20 : You sure have a low opinion of people in this forum. Geez. Why are you so sure they haven't checked the file version before and after installing a patch? Besides, anything is better than bending over and letting Microsoft rape you. I won't do that and a lot of others won't either. When Microsoft removes both types of WGA from WU/MU then I will use them again but not until then. ]]> http://www.dslreports.com/forum/remark,18157995 Thu, 12 Apr 2007 08:16:31 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18157939 Name Game :

said by caffeinator

:

You don't, check the box for "don't restart"

I tried all 3 updates applicable to win2k...oops, restarted and my NOD32 wouldn't load AMON.

That won't work.

Needless to say, all updates were soon gone..then all was fine. I don't think I'l even update anymore...it'
s all FUD from here.

I have no IE, I removed it, active browser is Opera, even for URL.

I'm behind two firewalls, how are they gona get me?

Bleh,. I could run M$-supplied win98se right now, no patches, and not get infected.

Silly FUD..98% of it all of for esoteric crap i dont run, dumb clueless users, or new comps and probs.

My newest comp is from 2001 and stil runs Win2K.

Nobody cares about it.

Win2K is my last M$ OS..,when it's tiresome, i'll use linux or solaris.

My reseller CentOS server.has had like mebbe an hour downtime in the last year+...all published maint. events.

An expected patch every Tuesday? how bad is this OS?

Sad.

BTW, my smoothwall i built has had -0- downtime since yesterday.

Connected (1d 22h 18m 49s)

M$ is the way of the past. Bill can't steal/buy ideas forever.

The Net started on unix, and it'll end there as well. It wasn't meant for clueless users.

I started computing in BASIC and PASCAL on a green screen in '83 ...way before Bill, and I was on the fledgling 'Net in 300 Baud before Windows was a thought. We called it BBS / Fidonet or the WELL.

I don't need Bill, he sold us out.
Smart guy, but he can kiss my ascii.

-CaFF

Next time when you update disable your NOD before you proceed no matter if one does it at WU or manually..and those that do it manully and think they understand if their OS with it's current SP really needs the update..or since they are doing it all manually..let me advise you that just because its list in the documentation that the update applies to you OS..you had better start reading the fine print also where many times you will find yours is listed for advisory purposes only on the full details at technet..and you would also have to have installed some previous hotfixes or be at a certain SP level. They call that roll up.

It cracks me up that so many people that hit this forum think they can best maintain their OS with a manual push of a fix or updated by downloading and then installing it..when they have no idea of the exact version of every .dll or other files on their OS. They for sure will not know what changes are included in the hotfix or update when they install it..and by the time they are done..so many have a crippled OS..with a mix of file version that do not even come close to the real world in file verification.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,18157939 Thu, 12 Apr 2007 07:44:19 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18157789 caffeinator : You don't, check the box for "don't restart"

I tried all 3 updates applicable to win2k...oops, restarted and my NOD32 wouldn't load AMON.

That won't work.

Needless to say, all updates were soon gone..then all was fine. I don't think I'l even update anymore...it'
s all FUD from here.

I have no IE, I removed it, active browser is Opera, even for URL.

I'm behind two firewalls, how are they gona get me?

Bleh,. I could run M$-supplied win98se right now, no patches, and not get infected.

Silly FUD..98% of it all of for esoteric crap i dont run, dumb clueless users, or new comps and probs.

My newest comp is from 2001 and stil runs Win2K.

Nobody cares about it.

Win2K is my last M$ OS..,when it's tiresome, i'll use linux or solaris.

My reseller CentOS server.has had like mebbe an hour downtime in the last year+...all published maint. events.

An expected patch every Tuesday? how bad is this OS?

Sad.

BTW, my smoothwall i built has had -0- downtime since yesterday.

Connected (1d 22h 18m 49s)

M$ is the way of the past. Bill can't steal/buy ideas forever.

The Net started on unix, and it'll end there as well. It wasn't meant for clueless users.

I started computing in BASIC and PASCAL on a green screen in '83 ...way before Bill, and I was on the fledgling 'Net in 300 Baud before Windows was a thought. We called it BBS / Fidonet or the WELL.

I don't need Bill, he sold us out.
Smart guy, but he can kiss my ascii.

-CaFF
--
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - A. Einstein]]> http://www.dslreports.com/forum/remark,18157789 Thu, 12 Apr 2007 05:50:21 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18157725 Mele20 : All four went without a hitch. But why did I have to reboot FOUR TIMES? ugh..

I did have a problem with Fx and this site after the second patch. This site would not load...Fx just kept saying ..waiting for i.dslr.net. So, I tried IE and the sited loaded immediately. So, I got the third patch using IE. Had to reboot again after installing it and Fx was still borked at this site. So, I used IE again for the fourth patch. Rebooted yet again and Fx was still borked here. This site is my home site on Fx so none of the last session's 35 tabs could load until this site loaded. I had to stop the waiting on i.dslr.net and load the saved tab session from the tab menu. Thank goodness I saved it specifically like that otherwise I would have been upset if all my tabs had been lost.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.msfirefox.com/]]> http://www.dslreports.com/forum/remark,18157725 Thu, 12 Apr 2007 04:37:27 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18156825 AB : Hello, Libra! :)

I think if you keep UPNP disabled the update is unnecessary, though I guess I'd recommend you go ahead and install it anyway.
After it's installed, just run services.msc to see if UPNP is started or not, which I doubt it would be.

A.B.]]> http://www.dslreports.com/forum/remark,18156825 Wed, 11 Apr 2007 22:59:27 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18156629 La Luna :

said by fatness

:

I think I figured out what causes it. There was some update for Outlook 2003 Junk Mail filter or some such thing. I believe that's what did it.

That makes sense. Probably what caused it the other times too.
--
~~If you could ignore what you've become, take it out and see it die again, you could be here, for who's a friend...and still you don't feel...do you know you're beautiful?~~

]]> http://www.dslreports.com/forum/remark,18156629 Wed, 11 Apr 2007 22:24:20 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18156550 MarkAW :

said by FiOS Dan

:

No luck downloading the updates this week. Do you think it's because I have been refusing the latest WGA? :(

I haven't install a WGA updates since the very first one Microsoft put out and i haven't had any problems downloading updates from MU or WU sites.

it may have something to do with your security settings. Just my 0.02 cents.
--
I hear and forget. I see and remember. I do and understand. - Confucious (551 BC - 479 BC)

The real voyage of discovery consists not in seeking new landscapes but in having new eyes. - Marcel Proust (1871 - 1922)]]> http://www.dslreports.com/forum/remark,18156550 Wed, 11 Apr 2007 22:09:04 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18156447 FiOS Dan : No luck downloading the updates this week. Do you think it's because I have been refusing the latest WGA? :(
--
Courage is being scared to death but saddling up anyway.
]]> http://www.dslreports.com/forum/remark,18156447 Wed, 11 Apr 2007 21:50:13 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18156312 Libra :

said by AB

:

the KB931261 exploit seems to require the UPNP service to be enabled.
KB931261 is an ActiveX vulnerability that requires a certain amount of user interaction to execute.

Hi Argle,
I have the UPNP and SSDP discovery services disabled. Will the KB931261 update enable UPNP? I thought both of those services are insecure.

If it does enable it, can we disable UPNP after the update?

Thanks.

Sincerely, Libra]]> http://www.dslreports.com/forum/remark,18156312 Wed, 11 Apr 2007 21:27:28 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18152396 fatness : I think I figured out what causes it. There was some update for Outlook 2003 Junk Mail filter or some such thing. I believe that's what did it.
--
Sure, that'll work..]]> http://www.dslreports.com/forum/remark,18152396 Wed, 11 Apr 2007 09:06:52 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18151428 La Luna :

said by fatness

:

Did anyone besides me have their default browser reset (from Firefox to IE) when installing these updates?

Yes. I changed it back.

I've had that occasionally happen before, but I can't remember why, not even if it had to do with updates. I just reset it back to default and all is well again.
--
~~If you could ignore what you've become, take it out and see it die again, you could be here, for who's a friend...and still you don't feel...do you know you're beautiful?~~

]]> http://www.dslreports.com/forum/remark,18151428 Wed, 11 Apr 2007 00:38:25 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18151118 AB : Thank you, Melissa. :)

And just as a point of info--

KB930178 & KB931784 require local log-on privileges to run (not a remotely exploitable vulnerability), and the KB931261 exploit seems to require the UPNP service to be enabled.
KB931261 is an ActiveX vulnerability that requires a certain amount of user interaction to execute.

*Edit- clarification]]> http://www.dslreports.com/forum/remark,18151118 Tue, 10 Apr 2007 23:31:33 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18151035 Abiosis : Right on~~~thanks a bunch~~~ :D :D :D]]> http://www.dslreports.com/forum/remark,18151035 Tue, 10 Apr 2007 23:17:23 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18151023 Kiwi :

said by fatness

:

Did anyone besides me have their default browser reset (from Firefox to IE) when installing these updates?

*Shame* on you, FF has so many issues; few garner those with Opera. Personally I'm confident & comfortable with IE ;) a breeze free experience, just takes a few minor tweaks.

I could give u a horror story or two with respect to third party aps, like nailing your cache...Na....Lol.

I'm still doing some research on how, when & why some idiot progo's decide they can delve deeper than they are entitled.]]> http://www.dslreports.com/forum/remark,18151023 Tue, 10 Apr 2007 23:14:12 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18150831 fatness : Did anyone besides me have their default browser reset (from Firefox to IE) when installing these updates?
--
Sure, that'll work..]]> http://www.dslreports.com/forum/remark,18150831 Tue, 10 Apr 2007 22:43:48 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18150670 La Luna : All updated on PC and laptop. So far, so good, knock wood. :D]]> http://www.dslreports.com/forum/remark,18150670 Tue, 10 Apr 2007 22:19:55 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18150541 onDvine : Gracias, Melissa.

I remembered this was that day about 13 hours ago, then forgot about it entirely until now. ]]> http://www.dslreports.com/forum/remark,18150541 Tue, 10 Apr 2007 21:59:47 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18150047 Kiwi : Fair question! So.

On the 'Virgin' drive [Meaning I'll accept everything MS offers] IF you have already accepted WGA, the "Critical update" provides only four downloads; the fifth is hidden and notable only because there are FOUR and five get loaded.

It's not surprising that WGA gets loaded without authorization. It's already loaded to begin with, or there would be a prompt to load it [I still get ticked @ this being considered a "Critical update"].

Although with auto update, you won't see any progressive anomalies. Is that bad? Probably not for the large majority that can't discern the difference on the finer points of a patch. Protection for the masses Vs the discerning few.

The patch today will take care of those that need some help.

Cheers]]> http://www.dslreports.com/forum/remark,18150047 Tue, 10 Apr 2007 20:36:20 EDT Six tips for a painless Patch Tuesday http://www.dslreports.com/forum/remark,18149927 antiphishing :

said by melissatrv

:

Note:
April 10, 2007
Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

* Microsoft patches Vista bug that snuck through beta test
»cwflyris.computerworld.com/t/143···58663/2/

* Six tips for a painless Patch Tuesday
»cwflyris.computerworld.com/t/143···58664/2/
--

Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
]]> http://www.dslreports.com/forum/remark,18149927 Tue, 10 Apr 2007 20:14:25 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18149756 anon : Hmm I only see one update available via autoupdate on my XP system, and it's the same update that was released last Tuesday.]]> http://www.dslreports.com/forum/remark,18149756 Tue, 10 Apr 2007 19:33:15 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18149599 Curley : Thanks Melissa!

Computer hasn't exploded yet...]]> http://www.dslreports.com/forum/remark,18149599 Tue, 10 Apr 2007 19:08:06 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18149514 MarkAW : Thanks Melissa. :)]]> http://www.dslreports.com/forum/remark,18149514 Tue, 10 Apr 2007 18:52:59 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18149401 Kiwi : Don't feel much like posting lately, with the last patch saga there were no problems in this house because of several clearly defined rules. I check each patch and most understand after a good while of patching systems there comes a time when a patch will break a previous patch. So, knowing how to patch has become as important on XP knowing the 'Life' expectancy of any program/OS with a multiple patch history; lends itself to a most difficult time.

I watched people having issues with the quick release .nai patch; the VIAO laptop, no problem the X2 AMD rigs, no problem and the primary Intel XP Pro x1 drive, no problem. With a small caveat I believe WGA caused some serious issues -That's the only item not installed, except on one XP drive [x1] left that for today's patch, seemed prudent.

Today's patch, WGA not downloaded or installed on the primary drive XP and I found a performance improvement...way to go. That's a pretty rare item with any patch! Accidental perhaps :D]]> http://www.dslreports.com/forum/remark,18149401 Tue, 10 Apr 2007 18:33:58 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18149066 NICK ADSL UK : April 2007 Security Releases ISO Image
Brief Description
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on April 10th, 2007.

Overview
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on April 10th, 2007. The image does not contain security updates for other Microsoft products. This DVD5 ISO image is intended for corporate administrators who manage large multinational organizations, who need to download multiple individual language versions of each security update and who do not use an automated solution such as WSUS. Use this image to download multiple updates in all languages at the same time.

Caution: Be sure to check the individual security bulletins at http://www.microsoft.com/technet/security prior to deployment of these updates to ensure that the files have not been updated at a later date.

http://www.microsoft.com/downloads/details.aspx?FamilyID=d8e3ac4b-de00-47d8-bc4c-b57cd3b37cf3&DisplayLang=en
--
Wilders Security Forum Admin
Microsoft MVP-Windows Security

]]> http://www.dslreports.com/forum/remark,18149066 Tue, 10 Apr 2007 17:19:29 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18148996 Cudni : thanks :)

Cudni]]> http://www.dslreports.com/forum/remark,18148996 Tue, 10 Apr 2007 17:06:44 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18148977 mhhack : Melissa:

Thanks a million for your post - I stay away from all of Microsoft's updating methods.
A real handy software inspector is Secunia Software Inspector, which when run online inspects a lot of installed major software and lets you know which are up-to-date. For any needed Microsoft update I go to Microsoft Technet Security Center, where it is possible to download manually.

Thanks again!]]> http://www.dslreports.com/forum/remark,18148977 Tue, 10 Apr 2007 17:02:46 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18148373 antdude :

said by jaykaykay

:

So......... No difficulty in downloading/installing these updates? Nothing to throw the computer into a tailspin? :)

I can throw YOUR computer into a tailspin. :) ]]> http://www.dslreports.com/forum/remark,18148373 Tue, 10 Apr 2007 15:10:52 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18148300 La Luna :

said by jaykaykay

:

So......... No difficulty in downloading/installing these updates? Nothing to throw the computer into a tailspin? :)

:D

Thank you Melissa! :)
--
~~If you could ignore what you've become, take it out and see it die again, you could be here, for who's a friend...and still you don't feel...do you know you're beautiful?~~

]]> http://www.dslreports.com/forum/remark,18148300 Tue, 10 Apr 2007 14:58:17 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18148289 jaykaykay : So......... No difficulty in downloading/installing these updates? Nothing to throw the computer into a tailspin? :)]]> http://www.dslreports.com/forum/remark,18148289 Tue, 10 Apr 2007 14:56:43 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18148015 jabarnut : As always, thank you Melissa! :)]]> http://www.dslreports.com/forum/remark,18148015 Tue, 10 Apr 2007 14:05:00 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18148006 dadkins : Thank you Melissa!]]> http://www.dslreports.com/forum/remark,18148006 Tue, 10 Apr 2007 14:03:16 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18147985 NICK ADSL UK : Thank you melissa :)

Malicious Software Removal Tool
Published: January 11, 2005 | Updated: April 10, 2007

New Additions
We have added detection and cleaning capabilities for the following malicious software:

Funner
http://go.microsoft.com/fwlink/?linkid=37020&name=Win32/Funner

See the complete list of malicious software cleaned by this tool.
http://www.microsoft.com/security/malwareremove/families.mspx
--
Wilders Security Forum Admin
Microsoft MVP-Windows Security

]]> http://www.dslreports.com/forum/remark,18147985 Tue, 10 Apr 2007 13:59:13 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18147977 MagMan : Thanks! :)

No problems here either with XP Home.]]> http://www.dslreports.com/forum/remark,18147977 Tue, 10 Apr 2007 13:57:37 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18147957 DrDemento : Got 4 updates here on two machines. No malicious software removal tool as yet. Thanks for the notification.]]> http://www.dslreports.com/forum/remark,18147957 Tue, 10 Apr 2007 13:54:24 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18147880 RayMorris : Got 5 updates here on WinXP x64 with Office 2003 Pro.
Thanks for the heads-up! :)

]]> http://www.dslreports.com/forum/remark,18147880 Tue, 10 Apr 2007 13:41:10 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18147872 TK Junk Mail : 4 fixes applied to my 2 XP systems successfully.]]> http://www.dslreports.com/forum/remark,18147872 Tue, 10 Apr 2007 13:39:22 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18147864 dp : Thank you Melissa :)]]> http://www.dslreports.com/forum/remark,18147864 Tue, 10 Apr 2007 13:37:44 EDT Re: Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18147833 CalamityJane : Thanks, Melissa! :)]]> http://www.dslreports.com/forum/remark,18147833 Tue, 10 Apr 2007 13:32:34 EDT Microsoft Security Bulletin(s) for 4/10/2007 http://www.dslreports.com/forum/remark,18147773 melissatrv : Note: There may be latency issues due to replication, if the page does not display keep refreshing

April 10, 2007
Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»www.microsoft.com/technet/securi···Apr.mspx

Critical Bulletins:

Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939)
»www.microsoft.com/technet/securi···018.mspx

Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261)
»www.microsoft.com/technet/securi···019.mspx

Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168)
»www.microsoft.com/technet/securi···020.mspx

Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)
»www.microsoft.com/technet/securi···021.mspx

Released out of band on April 3rd – Critical Bulletin

Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
»www.microsoft.com/technet/securi···017.mspx

Important Bulletins:

Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784)
»www.microsoft.com/technet/securi···022.mspx

This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary]]> http://www.dslreports.com/forum/remark,18147773 Tue, 10 Apr 2007 13:17:05 EDT