Microsoft Security Bulletin Summary for June 2007 in Security

Microsoft Security Bulletin Summary for June 2007 in Security http://www.dslreports.com/forum/r18492617 en Thu, 04 Dec 2008 13:31:45 EDT Thu, 04 Dec 2008 13:31:45 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18654601 jose3030 : My sincerest apologies.]]> http://www.dslreports.com/forum/remark,18654601 Wed, 11 Jul 2007 19:31:55 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18652226 La Luna :

said by jose3030

:

Having a whale of a time trying to install KB935807.

I've done the workarounds of turning off Auto Updates and renaming the SoftwareUpdates folder in C:\Windows\ but it just wont install.

I've seen many other reports of the same thing here :

»itsvista.com/2007/07/important-u···kb935807

This is the June update thread. I think you want this one:

»Microsoft Security Bulletin(s) for 7/10/2007
--
~~"As long as America is an infidel enemy, terrorizing it is a duty." Sayed Imam Abdul-Aziz el-Sheriff~~

]]> http://www.dslreports.com/forum/remark,18652226 Wed, 11 Jul 2007 13:03:37 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18651801 jose3030 : Appears I found a workaround :

»www.microsoft.com/downloads/deta···ylang=en]]> http://www.dslreports.com/forum/remark,18651801 Wed, 11 Jul 2007 11:58:05 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18651557 jose3030 : Having a whale of a time trying to install KB935807.

I've done the workarounds of turning off Auto Updates and renaming the SoftwareUpdates folder in C:\Windows\ but it just wont install.

I've seen many other reports of the same thing here :

»itsvista.com/2007/07/important-u···kb935807]]> http://www.dslreports.com/forum/remark,18651557 Wed, 11 Jul 2007 11:17:21 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18547563 ftthz : hrmm i think i would still take the green lantern decoder ring]]> http://www.dslreports.com/forum/remark,18547563 Thu, 21 Jun 2007 18:36:55 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18547543 GuruGuy : Me too.

After a Vista reboot, it said "installing updates". I only ran the WGA update and looked at what was available....no installs. Rebooted a few mins later then saw this message.

What the hell is MS$ doing?
--
GuruGuy]]> http://www.dslreports.com/forum/remark,18547543 Thu, 21 Jun 2007 18:34:23 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18528869 AB :

said by antiserious

:

. . I just got me a new Arkansas quarter, though - it's a dime, two nickels and five pennies, all taped together. Guar-on-teed to be a Collector's item someday.

:D

apologies to all the Razorbacks out there, just couldn't resist

LMAO!! :D

Oh, btw-- I only availed myself of one Microsoft security update this month--KB935839.
I just like the sound of that number. :)]]> http://www.dslreports.com/forum/remark,18528869 Mon, 18 Jun 2007 18:56:04 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18528824 antiserious :
Wow. First it was Star Wars mailboxes, now this. Ads on money - geez.

I just got me a new Arkansas quarter, though - it's a dime, two nickels and five pennies, all taped together. Guar-on-teed to be a Collector's item someday.

:D

apologies to all the Razorbacks out there, just couldn't resist

--
"Baby, will you eat that there snack cracker in yer special outfit for me?"
"When all you have is a hammer, everything looks like a nail!"

]]> http://www.dslreports.com/forum/remark,18528824 Mon, 18 Jun 2007 18:48:47 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18528776 AB :

said by antiserious

:

Can he get me a Green Lantern Decoder Ring? That's what I really want.

Settle for a Silver Surfer quarter? ;)

»www.foxnews.com/story/0,2933,275655,00.html]]> http://www.dslreports.com/forum/remark,18528776 Mon, 18 Jun 2007 18:40:07 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18528751 antiserious :

Can he get me a Green Lantern Decoder Ring? That's what I really want.
]]> http://www.dslreports.com/forum/remark,18528751 Mon, 18 Jun 2007 18:35:53 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18528345 AB :

said by antiserious

:

. . you can just let MS handle it, and if so, don't b1tc# when you get a 'prize' in your Cracker Jacks. You wanted it, you really did, you just didn't know it until MS told you. :D

You're desperate for it, antiserious, who are you trying to kid? ;)

But don't worry-- I know a guy that can getchya one! Just let me know. :D]]> http://www.dslreports.com/forum/remark,18528345 Mon, 18 Jun 2007 17:20:38 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18526256 antiserious :

said by ElJay

:

:uhh: Looks like I'm finally going to be forced to install WGA.

Some people give in too easily. I have a valid XP Pro install which I barely boot up anymore, that I just updated to the latest round of patches (I usually wait a few days to see what breaks what). No WGA, no Validation tool, no problem.

There are a lot of ways to keep up-to-date without WU - it just requires a little motivation, and a little bit of working through all the FUD that gets posted in threads like these.

Or, you can just let MS handle it, and if so, don't b1tc# when you get a 'prize' in your Cracker Jacks. You wanted it, you really did, you just didn't know it until MS told you. :D

p s - I was surprised to see spell check let 'b1tc# pass - go figure

--
"Baby, will you eat that there snack cracker in yer special outfit for me?"
"When all you have is a hammer, everything looks like a nail!"

]]> http://www.dslreports.com/forum/remark,18526256 Mon, 18 Jun 2007 11:38:35 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18524082 Grail Knight :

quote:
To get that, you have to install WGA and all the other crap and not use Version 4. Besides, when you refuse the updates which include WGA, Version 4 becomes unstable and frequently will freeze or crash.

What other "crap" comes with WGA?

WGA plus the activeX control seem to be all that is installed. Of course Windows Update v4 but that is a separate Program.

Did you check for system instability yourself or is this something you read?

Edit* Spelling correction.

Progress is DRM.
]]> http://www.dslreports.com/forum/remark,18524082 Sun, 17 Jun 2007 22:26:42 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18523482 Mele20 : Yes, you can peruse the catalog from Version 4 but you can't get personalized information (and to store history) for what you need for your computer. To get that, you have to install WGA and all the other crap and not use Version 4. Besides, when you refuse the updates which include WGA, Version 4 becomes unstable and frequently will freeze or crash.

So, seems to me that something like Belarc Advisor is better because it keeps track of what patches you already have and what ones you need and unlike MSBA it doesn't require WGA.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason]]> http://www.dslreports.com/forum/remark,18523482 Sun, 17 Jun 2007 20:18:04 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18523473 antdude :

Why when you can still get all the updates here. Without the WGA bull crap.
»v4.windowsupdate.microsoft.com/c···cat=true

Interesting. How come it doesn't detect my current installed updates and I have to click on options? Is that normal?
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check often)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.]]> http://www.dslreports.com/forum/remark,18523473 Sun, 17 Jun 2007 20:16:35 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18523352 Bada Bing :

said by ElJay

:

:uhh: Looks like I'm finally going to be forced to install WGA.

Why when you can still get all the updates here. Without the WGA bull crap.
»v4.windowsupdate.microsoft.com/c···cat=true
--
Rock & Roll Never Forgets]]> http://www.dslreports.com/forum/remark,18523352 Sun, 17 Jun 2007 19:50:09 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18510512 swhx7 : As long as we're ranting, I've always been annoyed by this cute weasel-language in these bulletins:

said by Microsoft :

n a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability ... an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.

Of course it's literally true that "an attacker would have no way to force users to visit" an infective page. The other way of looking at it is that the only way to avoid the problem while using the affected software, is to avoid all web use altogether. The fact that "an attacker would have no way to force users to visit these Web sites" is not a "mitigating factor" as Microsoft calls it unless you already knew in advance which sites are hosting the malware, which obviously is never the case.]]> http://www.dslreports.com/forum/remark,18510512 Fri, 15 Jun 2007 09:21:54 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18507606 caffeinator : Yup, on my my old P3-366 it took longer to install BA than to get the report. ;)

From install to report was less than one minute.

Odd though, BA says I have 64 (!!!) missing M$ updates?!

Granted, most of them listed are non-critical and some are for things that have been mitigated otherwise, but how the heck can that be?

-CaFF
--
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - A. Einstein]]> http://www.dslreports.com/forum/remark,18507606 Thu, 14 Jun 2007 19:02:15 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18507422 jabarnut :

said by OZO

:

...
Then the simple question arises - what WU is doing all that time?

That's a good question OZO!

Just a wild guess, but it may take quite some time to scan the fingerprints from my Mouse, and compare it to fingerprints of known high profile criminals in the enormous FBI database. :D
--
I had a life once.....now I have a Computer and a Modem.]]> http://www.dslreports.com/forum/remark,18507422 Thu, 14 Jun 2007 18:28:49 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18507232 OZO : I can confirm that this time new WGA was pushed once again on my computer.

Here is my collection of WGA's (LegitCheckControl.DLL):
•1.5.526.0; 555,824 bytes; 2006-04-10 12:00:34
•1.5.530.0; 579,888 bytes; 2006-05-17 10:23:38
•1.5.716.0; 1,488,688 bytes, 2006-10-30 11:25:08
•1.5.723.1; 1,474,864 bytes, 2006-12-12 10:45:04
•1.7.36.0; 1,485,696 bytes, 2007-04-24 11:32:06
I must admit they're working hard on this one...

It's interesting to know why WU needs considerably more time (this time it was around 1:40) to get the same list of updates required for my computer comparing to Belarc Advisor (it took around 20 sec). Notice, that in 20 sec Belarc makes not only the list of updates required (as WU does), but also analyzes and provides detailed info about all hardware of my computer, all installed software packages, all keys, all users, and lot more interesting stuff...

Then the simple question arises - what WU is doing all that time?
--
Keep it simple, it'll become complex by itself...]]> http://www.dslreports.com/forum/remark,18507232 Thu, 14 Jun 2007 17:54:30 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18503942 jabarnut : I didn't really look into it too much...all I know is that I had to install what was referred to as the "Windows Genuine Advantage Validation Tool" through Microsoft Update (it was the first thing that came up, after a custom scan), before the site would even let me download and install anything else.

And considering the fact that I've probably downloaded and installed what I believe to be same thing at least 2 or 3 times before in the past, I have to assume something changed, somewhere. :)

(Edit) I just looked at my LegitCheckControl.dll file, and it is indeed v1.7.36.0 as you mentioned.
However, that doesn't negate the fact that I still had to 'play the game' before I was allowed to continue.
--
I had a life once.....now I have a Computer and a Modem.]]> http://www.dslreports.com/forum/remark,18503942 Thu, 14 Jun 2007 08:09:56 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18503895 antdude : It appears that WGA's LegitCheckControl.dll file is v1.7.36.0 and from April 2007. So, it's not really new/updated.
Sneaky MS wants GA everywhere. :P]]> http://www.dslreports.com/forum/remark,18503895 Thu, 14 Jun 2007 07:55:04 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18503088 Vista RTM : Stop whinning about the wga and pay for your OS]]> http://www.dslreports.com/forum/remark,18503088 Thu, 14 Jun 2007 00:45:37 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18502874 OZO : Why the time needed to find out all required updates for computer is so short for Belarc Advisor and so long for common Windows Update procedure?
--
Keep it simple, it'll become complex by itself...]]> http://www.dslreports.com/forum/remark,18502874 Thu, 14 Jun 2007 00:06:14 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18502792 La Luna :

said by Vista RTM

:

wow thatks for the help............ :mad:

Help with what?

said by Vista RTM

:

Seems they were sucessful

--
~~"As long as America is an infidel enemy, terrorizing it is a duty." Sayed Imam Abdul-Aziz el-Sheriff~~

]]> http://www.dslreports.com/forum/remark,18502792 Wed, 13 Jun 2007 23:50:13 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18501448 Vista RTM : :mad:]]> http://www.dslreports.com/forum/remark,18501448 Wed, 13 Jun 2007 20:36:25 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18501187 bigdarby : The current MS Udates I downloaded are:ks933566 935840 935839 935846 929123 890830 as of June 14,2007]]> http://www.dslreports.com/forum/remark,18501187 Wed, 13 Jun 2007 19:47:45 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18500999 Mele20 :

said by NICK ADSL UK

:

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

Thank you for the notice. :)

Another place to get the patches is Microsoft Download site which you didn't mention. I think one should always read the Technet bulletin and Knowledge base article for each patch first and then download each patch to disk from the Microsoft Download site.

Belarc Advisor will also show you what patches you have and which you need and if you use it, and Microsoft Download site, then you totally avoid having Microsoft yet again demand that you "show your papers". So, for those who feel insulted by the "prove repeatedly that you are not a thief attitude", first read the Technet bulletins, then download from MS Download site, or wait until Belarc has the latest definitions out for Advisor (usually 24 hours after Microsoft publishes the patches) and let the Advisor guide you to the patches you need. MSBA is a fine tool also but some feel the current version is too invasive and if you feel that way then Belarc Advisor is a good substitute.

I'm off now to read the Technet bulletins and the Knowledge base articles.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason]]> http://www.dslreports.com/forum/remark,18500999 Wed, 13 Jun 2007 19:13:01 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18500283 ElJay : :uhh: Looks like I'm finally going to be forced to install WGA.

Fun

]]> http://www.dslreports.com/forum/remark,18500283 Wed, 13 Jun 2007 17:14:24 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18498024 AB :

said by jabarnut

:

Thanks for the vote of confidence there AB

! ;)

Of course, I'm assuming it's an 'updated version', because (as mentioned in the second post above), I had to install it before I was able to install the other updates.

And I understand the problem you guys have with them continually hounding you with this thing.
It bothered me a lot at first too.

Now, I just don't care any more, and figure it's not worth getting an ulcer over.

You know you always have my utmost confidence, jabarnut, and I hold your opinions in high esteem, regardless of any of my sometimes silly comments to the possible contrary. :)

I don't blame you for taking that attitude. I have a similar one, actually, except without allowing the installation of that thing (which I initially did allow, until they started getting pushier and pushier about it).
Every once in a while when the subject of it comes up though, it still makes my blood boil.
I just don't care to play 98 lb. weakling to their bully, is all.

To be honest, the fact that my wife is constantly hounding me to finish staining the house, is a lot more irritating. :mad: :D

Just curious-- what are her rates for conversation?

»Re: The Geek Squad

;) :D]]> http://www.dslreports.com/forum/remark,18498024 Wed, 13 Jun 2007 11:21:52 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18496993 jabarnut :

said by AB

said by antdude

:

I don't think they were updated? The wga*.* files look old. I could be wrong here. . . .

I'm just going by jabarnut

's post:

»Re: Microsoft Security Bulletin Summary for June 2007

If he says there's an updated version, I believe him.

Thanks for the vote of confidence there AB

! ;)

Of course, I'm assuming it's an 'updated version', because (as mentioned in the second post above), I had to install it before I was able to download and install the other updates.

And I understand the problem you guys have with them continually hounding you with this thing.
It bothered me a lot at first too.

Now, I just don't care any more, and figure it's not worth getting an ulcer over.
I let them have their fun, install it, and move on. (Like ~~most~~ many of you, my installations are all legit too, and I figure they should certainly know that by now, but oh well).
And I do like the 'convenience' of Microsoft Update (even though I have auto-updates turned off..and run custom scans).

To be honest, the fact that my wife is constantly hounding me to finish staining the house, is a lot more irritating. :mad: :D
--
I had a life once.....now I have a Computer and a Modem.]]> http://www.dslreports.com/forum/remark,18496993 Wed, 13 Jun 2007 07:34:03 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18496969 Curley :

said by caffeinator

said by antdude

:

Wow, I didn't even notice that too: Windows Genuine Advantage Validation Tool (KB892130)

Gah, MS is really pushing this WGA!

Precisely why I only get the email bulletins and only download the files directly. :)

Ditto! :)]]> http://www.dslreports.com/forum/remark,18496969 Wed, 13 Jun 2007 07:22:55 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18496701 anon :

Well I don't know is its an updated WGA or not...an really don't care///its not getting installed on my computers.....it was install once before and I left it on just to see what would happen....an sure enough today I could not download the updates unless I installed it again///what the hell is this ?
Well I got the updates....just not from the windows update website.....]]> http://www.dslreports.com/forum/remark,18496701 Wed, 13 Jun 2007 02:59:47 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18496647 AB :

said by antdude

:

I don't think they were updated? The wga*.* files look old. I could be wrong here. . . .

I'm just going by jabarnut

's post:

»Re: Microsoft Security Bulletin Summary for June 2007

If he says there's an updated version, I believe him.

I don't and won't have that genuine POS on my computer. And this is one of the very reasons why not.
This is maybe the fourth or fifth 'update' to it they've come out with. Why? What is it about it that needs to be "updated"?
Wait, let me guess-- Microsoft's explanation will be that they're continually tweaking it to lessen the chances of a 'false positive' (or a 'false negative' would be more accurate in this case, I guess). :uhh:

I have two genuine licenses for their genuine OS software-- one genuine full retail, one genuine OEM. I paid genuine American greenbacks for both of them, I have genuine sales receipts for both of them, I have validated both of them upon install, and I have spoken with genuine Microsoft representatives via telephone on a couple of occasions. Microsoft Corp. has my genuine name, my genuine address, and my genuine telephone number. If that's not good enough (which apparently it isn't) then they can go pound sand up their genuine corporate asses, as far as I'm concerned.

End of story, and pardon my rant.]]> http://www.dslreports.com/forum/remark,18496647 Wed, 13 Jun 2007 02:19:56 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18496545 antdude :

said by AB

said by swhx7

:

MS07-031 is about "Windows Schannel" which is explained as Microsoft's implementation of SSL and TLS. "This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using an Internet Web browser or used an application that makes use of SSL/TLS."

The bulletin says "Microsoft has not identified any workarounds for this vulnerability". So is it true, as the bulletin implies, that any browser running on Windows and using SSL or TLS is using Microsoft's version of SSL/TLS? I thought other browsers such as Firefox or Opera supplied their own SSL/TLS code. Is Microsoft just refusing to acknowledgme that using a browser other than IE is a workaround?

Edit: I didn't see anything on point with a quick Google, but then I looke on mozilla.org and of course the Moz browsers have their own SSL/TLS code. It's just a deceptive bulletin.

I don't think they were updated? The wga*.* files look old. I could be wrong here.

I think MS just wants to force Windows Update (and MS Update) users to have WGA checking like OGA. Annoying!
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check often)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.]]> http://www.dslreports.com/forum/remark,18496545 Wed, 13 Jun 2007 01:29:34 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18495980 Vista RTM : ....]]> http://www.dslreports.com/forum/remark,18495980 Tue, 12 Jun 2007 23:17:14 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18495849 Vista RTM : whatever]]> http://www.dslreports.com/forum/remark,18495849 Tue, 12 Jun 2007 22:54:24 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18495613 AB :

said by swhx7

Isn't that interesting? (Making the assumption here that that's true.)

So what does that also tell us, I wonder, about why it is that WGA might need to be 'updated' yet again?

I'm reserving any judgment for now-- but I can't help but think I smell a stench coming from somewhere.]]> http://www.dslreports.com/forum/remark,18495613 Tue, 12 Jun 2007 22:13:21 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18495488 hayc59 : Nick you da man and danke ;)]]> http://www.dslreports.com/forum/remark,18495488 Tue, 12 Jun 2007 21:45:53 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18495379 swhx7 : MS07-031 is about "Windows Schannel" which is explained as Microsoft's implementation of SSL and TLS. "This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using an Internet Web browser or used an application that makes use of SSL/TLS."

The bulletin says "Microsoft has not identified any workarounds for this vulnerability". So is it true, as the bulletin implies, that any browser running on Windows and using SSL or TLS is using Microsoft's version of SSL/TLS? I thought other browsers such as Firefox or Opera supplied their own SSL/TLS code. Is Microsoft just refusing to acknowledge that using a browser other than IE is a workaround?

Edit: I didn't see anything on point with a quick Google, but then I looked on mozilla.org and of course the Moz browsers have their own SSL/TLS code. It's just a deceptive bulletin.

Edit2: Thanks for the links as always.]]> http://www.dslreports.com/forum/remark,18495379 Tue, 12 Jun 2007 21:23:06 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18494561 NICK ADSL UK : Additionally Microsoft is re-releasing two bulletins:

MS07-012 Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) (Updated to v2.0 to reflect applicability to Windows Server 2003 Service Pack 2, and explicitly noting that Platform SDK is not affected)
»www.microsoft.com/technet/securi···012.mspx

MS07-018 Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939) Updated to fix an issue whereby custom CMS2002 install paths could be reset in the registry to the default paths, as noted in KB article 924429 "known issues" section)
»www.microsoft.com/technet/securi···018.mspx
--
Wilders Security Forum Admin
Microsoft MVP-Windows Security

]]> http://www.dslreports.com/forum/remark,18494561 Tue, 12 Jun 2007 19:02:10 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18494335 antdude :

said by grumpi

said by antdude

:

In »support.microsoft.com/kb/935840 ... »www.microsoft.com/technet/securi···0xx.mspx seems to be missing for "IT professionals" link. :( Does anyone have the downloadable link for this EXE file?

Try this antdude:
»www.microsoft.com/technet/securi···031.mspx

Thanks! :)
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check often)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.]]> http://www.dslreports.com/forum/remark,18494335 Tue, 12 Jun 2007 18:24:26 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18494326 grumpi :

said by antdude

Try this antdude:
»www.microsoft.com/technet/securi···031.mspx]]> http://www.dslreports.com/forum/remark,18494326 Tue, 12 Jun 2007 18:22:57 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18494310 antdude :

said by NICK ADSL UK

:

Hi antdude :)
Would this be what your looking for ?
»www.microsoft.com/downloads/deta···ylang=en

Thank you! MS still hasn't fixed its broken link. :(]]> http://www.dslreports.com/forum/remark,18494310 Tue, 12 Jun 2007 18:20:31 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18494280 NICK ADSL UK : Hi antdude :)
Would this be what your looking for ?
»www.microsoft.com/downloads/deta···ylang=en]]> http://www.dslreports.com/forum/remark,18494280 Tue, 12 Jun 2007 18:15:09 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18494248 dadkins : Thanks Nick! :)]]> http://www.dslreports.com/forum/remark,18494248 Tue, 12 Jun 2007 18:07:56 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18493915 La Luna : Thanks Nick!! :)]]> http://www.dslreports.com/forum/remark,18493915 Tue, 12 Jun 2007 17:11:59 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18493829 NICK ADSL UK : Your welcome :)]]> http://www.dslreports.com/forum/remark,18493829 Tue, 12 Jun 2007 16:57:58 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18493773 antdude :

said by NICK ADSL UK

:

Hi antdude :)
I will make some inquires for you

Thanks. :)]]> http://www.dslreports.com/forum/remark,18493773 Tue, 12 Jun 2007 16:47:51 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18493734 NICK ADSL UK : Hi antdude :)
I will make some inquires for you

regards ]]> http://www.dslreports.com/forum/remark,18493734 Tue, 12 Jun 2007 16:40:38 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18493594 antdude : In »support.microsoft.com/kb/935840 ... »www.microsoft.com/technet/securi···0xx.mspx seems to be missing for "IT professionals" link. :( Does anyone have the downloadable link for this EXE file?]]> http://www.dslreports.com/forum/remark,18493594 Tue, 12 Jun 2007 16:19:22 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18493568 caffeinator :

said by antdude

:

Wow, I didn't even notice that too: Windows Genuine Advantage Validation Tool (KB892130)

Gah, MS is really pushing this WGA!

Precisely why I only get the email bulletins and only download the files directly. :)
--
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - A. Einstein]]> http://www.dslreports.com/forum/remark,18493568 Tue, 12 Jun 2007 16:15:07 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18493510 antdude :

said by jabarnut

:

As always, thanks for the great info, Nick!

Just ran Microsoft Update manually on my XP Pro Machine(s).
Downloaded and installed 5 updates without issue (So far). :)

2 for XP, 1 for IE7, and 1 for OE.
And of course, one of my all time favorites, the Windows Malicious Software Removal Tool! ;)

Oh my, what was I thinking?
The fist thing I downloaded and installed, before anything else, was a new version of the Windows Genuine Advantage Validation Tool!

While I LOVE the Malicious Software Removal Tool, nothing comes close to the excitement of being a part of the Genuine Advantage Team!

(Restart was required here).

Thanks again, Nick! :)

Wow, I didn't even notice that too: Windows Genuine Advantage Validation Tool (KB892130)

Gah, MS is really pushing this WGA!
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check often)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.]]> http://www.dslreports.com/forum/remark,18493510 Tue, 12 Jun 2007 16:03:29 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18493396 Jrb2 : Thanks Nick !]]> http://www.dslreports.com/forum/remark,18493396 Tue, 12 Jun 2007 15:40:59 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18493395 Hutch : Thanks Nick. :D]]> http://www.dslreports.com/forum/remark,18493395 Tue, 12 Jun 2007 15:40:46 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18493390 caffeinator : Cool beans, except I'm having difficulty getting to the MS07-033 page to D/L it.
Keeps timing out on me. :(

Other ones were not any problem.

Must just be busy I guess, will try later.

(No, I don't use any of the update services..no IE here. But, since I still have windows explorer..which can "browse" just as well as IE, I'll need that update I think.)

Thx,

-CaFF
--
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - A. Einstein]]> http://www.dslreports.com/forum/remark,18493390 Tue, 12 Jun 2007 15:40:17 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18493350 jabarnut : As always, thanks for the great info, Nick!

Just ran Microsoft Update manually on my XP Pro Machine(s).
Downloaded and installed 5 updates without issue (So far). :)

2 for XP, 1 for IE7, and 1 for OE.
And of course, one of my all time favorites, the Windows Malicious Software Removal Tool! ;)

Oh my, what was I thinking?
The fist thing I downloaded and installed, before anything else, was a new version of the Windows Genuine Advantage Validation Tool!

While I LOVE the Malicious Software Removal Tool, nothing comes close to the excitement of being a part of the Genuine Advantage Team!

(Restart was required here).

Thanks again, Nick! :)
--
I had a life once.....now I have a Computer and a Modem.]]> http://www.dslreports.com/forum/remark,18493350 Tue, 12 Jun 2007 15:31:30 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18492710 NICK ADSL UK : Malicious Software Removal Tool
Published: January 11, 2005 | Updated: June 12, 2007
Allaple
Win32/Allaple is a multi-threaded, polymorphic network worm capable of spreading to other computers connected to a local area network (LAN) and performing denial-of-service (DoS) attacks against targeted remote Web sites.

»go.microsoft.com/fwlink/?linkid=···/Allaple
--
Wilders Security Forum Admin
Microsoft MVP-Windows Security

]]> http://www.dslreports.com/forum/remark,18492710 Tue, 12 Jun 2007 13:40:14 EDT Re: Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18492656 NICK ADSL UK : TechNet Webcast: Information About Microsoft May Security Bulletins (Level 200)
Language(s): English.
Product(s): Security.
Audience(s): IT Professional.

Duration: 60 Minutes
Start Date: Wednesday, june 13, 2007 11:00 AM Pacific Time (US & Canada)

Event Overview

On Tuesday June 12, 2007, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the May security bulletins. The intent of this webcast is to address your concerns. Therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from our security experts.

Presenters: Christopher Budd, CCE, CISA, CISM, CISSP, ISSMP Security Program Manager, Microsoft Corporation and Mike Reavey, Lead Security Program Manager, Microsoft Corporation

Register now for the June security bulletin webcast.
--
Wilders Security Forum Admin
Microsoft MVP-Windows Security

]]> http://www.dslreports.com/forum/remark,18492656 Tue, 12 Jun 2007 13:30:34 EDT Microsoft Security Bulletin Summary for June 2007 http://www.dslreports.com/forum/remark,18492617 NICK ADSL UK : Hi everyone! :)
Owing to Melissa Travers (Microsoft MVP Lead Security) being unavailable again this month she has kindly asked me to post the Microsoft June security bulletin in which is as follows

Microsoft Security Bulletin(s) for 6/12/2007
»www.microsoft.com/technet/securi···jun.mspx

June 12 2007
Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
Vulnerability in Win 32 API Could Allow Remote Code Execution (935839): MS07-035
»www.microsoft.com/technet/securi···035.mspx

Cumulative Security Update for Outlook Express and Windows Mail (929123): MS07-034
»www.microsoft.com/technet/securi···034.mspx

Cumulative Security Update for Internet Explorer (933566): MS07-033
»www.microsoft.com/technet/securi···033.mspx

Vulnerability in Windows Vista Could Allow Information Disclosure (931213): MS07-032
Affected Software: Windows Vista, Windows Vista x64
»www.microsoft.com/technet/securi···032.mspx

Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840): MS07-031
»www.microsoft.com/technet/securi···031.mspx

Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051): MS07-030
Affected Software: Visio 2002, Visio 2003
»www.microsoft.com/technet/securi···030.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.
--
Wilders Security Forum Admin
Microsoft MVP-Windows Security

]]> http://www.dslreports.com/forum/remark,18492617 Tue, 12 Jun 2007 13:21:25 EDT