Re: Microsoft Security Bulletin(s) for September 9, 2008 in Security

Re: Microsoft Security Bulletin(s) for September 9, 2008 in Security http://www.dslreports.com/forum/r21082258 en Fri, 27 Nov 2009 10:18:19 EDT Fri, 27 Nov 2009 10:18:19 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21095341 Curley : Thank you Dp! Only needed 1 patch for GDI+.]]> http://www.dslreports.com/forum/remark,21095341 Thu, 11 Sep 2008 17:33:10 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21090349 anon : "...at some point, something you installed may have included WME 9. You may have removed it later but still have something on the PC that triggers the update."

Hmmm you maybe right HA Nut, I wonder what it could be.]]> http://www.dslreports.com/forum/remark,21090349 Wed, 10 Sep 2008 19:43:04 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21089923 HA Nut : I have 2 XP PCs. One needed the WME 9 patch and the other did not. The one that did, indeed has the encoder package as it was bundled with some media software I loaded some time ago. My guess (and that's all it is :) ) is that at some point, something you installed may have included WME 9. You may have removed it later but still have something on the PC that triggers the update.]]> http://www.dslreports.com/forum/remark,21089923 Wed, 10 Sep 2008 18:28:02 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21089907 anon : I was on the phone with Microsoft for a couple of hours yesterdays and was transfer to many different departments, one them was the XP dept, in the end the Tech person on the line told me to download the Encoder and then install the patch and that is what made the problem go away.

I just want Microsoft to fix this problem because I don't want and I don't need Windows Media Encoder 9 on my computer. I guess another way to resolve the problem is if I turn off Automatic Updates. I just think that is not a good idea.

An hour later, I thinking maybe if I uninstall Windows Media Encoder 9 the patch will somehow stay on the computer. It did not and guess what happen when I restarted my computer? Automatic Updates prompt's me I have a update..... arrgghhhh this is madness.

FYI, I have XP SP3]]> http://www.dslreports.com/forum/remark,21089907 Wed, 10 Sep 2008 18:23:55 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21089648 Mele20 :

said by Anonymous1 :

And there is no treat to you if you don't have Windows Media Encoder 9 installed. Doesn't Windows Update scan your computer for the patches you do need?

I don't use WU. I get patches directly from Microsoft Download site each month after reading the monthly security bulletin both here and I also get the bulletin in my email. Probably, if I used WU, I would be offered this even though I don't have Windows Media Encoder 9. I agree it sounds like Microsoft goofed with this patch and their scanner is not working right since folks without the program are still being offered the patch.

You won't find any Microsoft folks here except Aaron Huelett who posts occasionally but his area of expertise is malware. I think you should call Microsoft. Problems with patches is a free call. However, the times I have called you have to get beyond the first line of response as those folks don't know much. You have to make it clear to the operator, who routes all the calls, that you are calling regarding a security patch for XP and that you want to speak to someone in the XP department. The operator may try and tell you that your credit card will be charged for the help but that is incorrect as all help regarding security patches is free of charge. But you need to get to someone in either XP or Vista (whichever you have) department.

--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason]]> http://www.dslreports.com/forum/remark,21089648 Wed, 10 Sep 2008 17:36:51 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21089588 AB :

said by Mele20

:

. . Windows Media Encoder 9 is NOT installed on this computer. . . .

. . What exactly is it for as I think it sort of odd it was on my earlier Dell that came with XP Pro SP1 but not on this Dell with XP Pro SP2. Hmmm...I went and read about it and I still don't really get what it is for . . . .

Seems pretty straight-forward to me:

quote:
Overview
Windows Media Encoder 9 Series is a powerful tool for content producers who want to take advantage of the many innovations in Windows Media 9 Series, including high-quality multichannel sound, high-definition video quality, new support for mixed-mode voice and music content, and more.

More Control and Flexibility
Capture content with frame-accurate control. Protect live streams and initiate broadcasts. Author for a range of delivery scenarios including MBR streaming and CD/DVD.

Unmatched Audio and Video Quality
Create the clearest audio from multichannel to voice-only content. Encode to any levelfrom HD quality (1080i/1080p) to low data rate screen capture. Fine tune compression using new encoding modes.

Extensibility and Automation
Extend the Encoders functionality. Fully automate the encoding process. Includes 4 new utilities.

»www.microsoft.com/downloads/deta···ylang=en

»www.microsoft.com/windows/window···req.aspx

-----------------

From the KB page:

quote:
Mitigating Factors for Windows Media Encoder Buffer Overrun Vulnerability - CVE-2008-3008

• By default, Windows Media Encoder 9 Series is not installed on any version of Windows.

»www.microsoft.com/technet/securi···053.mspx]]> http://www.dslreports.com/forum/remark,21089588 Wed, 10 Sep 2008 17:27:11 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21089399 anon : Mele20, I didn't want to install Windows Media Encoder 9 on my computer but if I didn't Automatic Updates would always prompt me saying I have updates to download.

The only way to fixed the problem for me was to download Windows Media Encoder 9 install it on my computer and then I install the patch from Windows Update.

What is really frustrating is why was this patch showing up for me on Windows Update in the first place? I didn't have the program so I didn't need the patch since the patch ONLY work with the program installed. And there is no treat to you if you don't have Windows Media Encoder 9 installed. Doesn't Windows Update scan your computer for the patches you do need?

I think, Microsoft needs to fix there scanner on Windows Update. Am I the only on here having the same issue? If you do how did you resolve it? Are there any Microsoft people here, on this forum, that I can talk too?]]> http://www.dslreports.com/forum/remark,21089399 Wed, 10 Sep 2008 16:59:37 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21088784 jaykaykay : Thanks for the heads up and thank heaven I know where to come before installing anything, from MS or anyone else. I will feel secure in doing so now. You guys are great.]]> http://www.dslreports.com/forum/remark,21088784 Wed, 10 Sep 2008 15:19:14 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21086505 Mele20 : I searched for it and found it in an obscure file that I forgot was copied from my old XP machine that died under warranty and replaced by Dell with this one. But Windows Media Encoder 9 is NOT installed on this computer. It was on my older XP computer. What exactly is it for as I think it sort of odd it was on my earlier Dell that came with XP Pro SP1 but not on this Dell with XP Pro SP2. Hmmm...I went and read about it and I still don't really get what it is for or why I had it on my older XP computer but don't on this one.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason]]> http://www.dslreports.com/forum/remark,21086505 Wed, 10 Sep 2008 07:17:46 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21086428 plk : Same problem here with windows media encoder 9 patch.
Fails to install. Not sure if I have this or not.

But the patch fails]]> http://www.dslreports.com/forum/remark,21086428 Wed, 10 Sep 2008 06:22:23 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21086379 lilhurricane : Thanks Don :)

Got it. No issues.]]> http://www.dslreports.com/forum/remark,21086379 Wed, 10 Sep 2008 05:39:34 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21086323 Mele20 : I just tried to install this patch and was told that I didn't need it because I don't have Windows Media Encoder 9 Series installed on this XP Pro SP2 computer.

Why would I want to install Windows Media Encoder 9 Series like Microsoft told you to do? My computer works fine without it. I don't even know what it is but I can't see why I should install it so I can then install a patch for it since I don't miss not having it!

So, are you saying that there is something wrong with the patch or what? I am thoroughly confused here.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason]]> http://www.dslreports.com/forum/remark,21086323 Wed, 10 Sep 2008 04:08:48 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21085554 anon : Let me explain, the file shows up in Windows Update that I need to download yet reading the Microsoft documentation this patch is for people who have Windows Media Encoder 9 Series installed which I do not have in on my computer, and does not come with Windows you have to download it from Microsoft.com. So here is the problem...

...I download the software update and at the end when Windows is in the process of installing it says "...fail!" instead of "...done!" Which makes Automatic Updates always telling me that I need to update.

So I am trying to apply a patch for a problem that I don't have, so why is this update being listed? Isn't Windows Update scan before hand suppose to list the updates you need?

Called Microsoft Support, they asked me to download a problem called Dial-a-fix that did not resolve the issue.

**Just off the phone Microsoft Support and the problem is resolve. I had to download Windows Media Encoder 9 Series and then install the patch.

I ask the person on the phone if Microsoft was getting a lot of phone calls concerning this issue? He said yes, and that after people ran the Dial-a-fix program the issue was fixed.]]> http://www.dslreports.com/forum/remark,21085554 Tue, 09 Sep 2008 23:06:17 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21085270 Grail Knight :

quote:
Is anyone having trouble with this patch?

What kind of problem?
--
"Lego Succurro Lima"]]> http://www.dslreports.com/forum/remark,21085270 Tue, 09 Sep 2008 22:08:00 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21085248 anon : Is anyone having trouble with this patch?

Microsoft Security Bulletin MS08-053
Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)]]> http://www.dslreports.com/forum/remark,21085248 Tue, 09 Sep 2008 22:05:12 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21085051 Jrb2 : Thanks Don and Nick !

(did not have the time to upgrade as of yet)]]> http://www.dslreports.com/forum/remark,21085051 Tue, 09 Sep 2008 21:28:19 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21084407 NICK ADSL UK : Malicious Software Removal Tool
Published: January 11, 2005 | Updated: September 9, 2008
New Additions
We have added detection and cleaning capabilities for the following malicious software:

• Slenfbot

»go.microsoft.com/fwlink/?linkid=···Slenfbot
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security

]]> http://www.dslreports.com/forum/remark,21084407 Tue, 09 Sep 2008 19:33:30 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21084200 danny9 : Got them dp.
Thanks. :)
--
VoicePulse 07/29/04]]> http://www.dslreports.com/forum/remark,21084200 Tue, 09 Sep 2008 18:56:12 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21084151 Alwill : Thank you D :)]]> http://www.dslreports.com/forum/remark,21084151 Tue, 09 Sep 2008 18:45:56 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21083971 La Luna : Thanks dp

, all updated! :)]]> http://www.dslreports.com/forum/remark,21083971 Tue, 09 Sep 2008 18:08:36 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21083963 Its a Secret : 7 with zero problems on both rigs. Gracia, senor!]]> http://www.dslreports.com/forum/remark,21083963 Tue, 09 Sep 2008 18:06:52 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21083745 Cudni : Thanks for update

Cudni]]> http://www.dslreports.com/forum/remark,21083745 Tue, 09 Sep 2008 17:27:03 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21083404 MarkAW : Thanks dp

ended up getting 4 updates.

]]> http://www.dslreports.com/forum/remark,21083404 Tue, 09 Sep 2008 16:23:13 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21082953 dadkins : Thanks Don!

8 total updates here on the Vista Home Premium SP1 laptop.

EDIT: 3 on XP MCE 2005 laptop.
--
Think outside the Fox... Opera

]]> http://www.dslreports.com/forum/remark,21082953 Tue, 09 Sep 2008 15:10:19 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21082304 NICK ADSL UK : Many thanks don :)

TechNet Webcast: Information About Microsoft September Security Bulletins (Level 200)
Event ID: 1032374633

Language(s): English.
Product(s): Security.
Audience(s): IT Professional.

Duration: 60 Minutes
Start Date: Wednesday, September 10, 2008 11:00 AM Pacific Time (US & Canada)

Event Overview

On September 9, 2008, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the September security bulletins. The intent of this webcast is to address your concerns. Therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from our security experts.

Presenters: Bill Sisk, Security Response Communications Manager, Microsoft Corporation and Adrian Stone, Lead Security Program Manager, Microsoft Corporation

Register now for the September security bulletin webcast.
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security

]]> http://www.dslreports.com/forum/remark,21082304 Tue, 09 Sep 2008 13:24:46 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21082258 DrDemento : Thanks. Got 3 updates on two XP Pro computers and 2 on my laptop running XP Home.]]> http://www.dslreports.com/forum/remark,21082258 Tue, 09 Sep 2008 13:17:28 EDT Re: Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21082220 TKJunkMail : Applied 11 fixes to 2 Vista SP1 systems without problems:
[att=1]

]]> http://www.dslreports.com/forum/remark,21082220 Tue, 09 Sep 2008 13:11:50 EDT Microsoft Security Bulletin(s) for September 9, 2008 http://www.dslreports.com/forum/remark,21082118 dp : Microsoft Security Bulletin(s) for September 9, 2008

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»www.microsoft.com/technet/securi···sep.mspx

Critical (4)

Microsoft Security Bulletin MS08-054
Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
»www.microsoft.com/technet/securi···054.mspx

Microsoft Security Bulletin MS08-052
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
»www.microsoft.com/technet/securi···052.mspx

Microsoft Security Bulletin MS08-053
Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
»www.microsoft.com/technet/securi···053.mspx

Microsoft Security Bulletin MS08-055
Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)
»www.microsoft.com/technet/securi···055.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.
--
Microsoft MVP Consumer Security, 2004-2008]]> http://www.dslreports.com/forum/remark,21082118 Tue, 09 Sep 2008 12:54:23 EDT