NICK ADSL UK
Premium,MVM
join:2004-02-22
4 edits | Microsoft Security Bulletin(s) for October 14 2008 Microsoft Security Bulletin(s) for October 14 2008
Note: There may be latency issues due to replication, if the page does not display keep refreshing
Today Microsoft released the following Security Bulletin(s).
Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.
Bulletin Summary:
»www.microsoft.com/technet/securi···oct.mspx
Critical (4 )
Microsoft Security Bulletin MS08-060
Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
»go.microsoft.com/fwlink/?LinkId=128125
Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)
»www.microsoft.com/technet/securi···058.mspx
Microsoft Security Bulletin MS08-059
Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
»go.microsoft.com/fwlink/?LinkId=125712
Microsoft Security Bulletin MS08-057
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
»go.microsoft.com/fwlink/?LinkID=124653
Important (6)
Microsoft Security Bulletin MS08-066
Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
»go.microsoft.com/fwlink/?LinkId=125709
Microsoft Security Bulletin MS08-061
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
»www.microsoft.com/technet/securi···061.mspx
Microsoft Security Bulletin MS08-062
Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
»www.microsoft.com/technet/securi···062.mspx
Microsoft Security Bulletin MS08-063
Vulnerability in SMB Could Allow Remote Code Execution (957095)
»go.microsoft.com/fwlink/?LinkID=127994
Microsoft Security Bulletin MS08-064
Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
»www.microsoft.com/technet/securi···064.mspx
Microsoft Security Bulletin MS08-065
Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)
»www.microsoft.com/technet/securi···065.mspx
Moderate (1)
Microsoft Security Bulletin MS08-056
Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
»go.microsoft.com/fwlink/?LinkId=128145
Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.
As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.
Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security
| |
|
 |
 |
NICK ADSL UK
Premium,MVM
join:2004-02-22
| Re: Microsoft Security Bulletin(s) for October 14 2008 Your very welcome 
TechNet Webcast: Information About Microsoft October Security Bulletins (Level 200)
Event ID: 1032374639
Language(s): English.
Product(s): Security.
Audience(s): IT Professional.
Duration: 60 Minutes
Start Date: Wednesday, October 15, 2008 11:00 AM Pacific Time (US & Canada)
Event Overview
On October 14, 2008, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the October security bulletins. The intent of this webcast is to address your concerns. Therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from our security experts.
Presenters: Christopher Budd, Security Response Communications Lead, Microsoft Corporation and Adrian Stone, Lead Security Program Manager, Microsoft Corporation
Register now for the October security bulletin webcast.
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security
| |
|
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA | Thanks Nick!  | |
|
DrDemento
join:2005-07-25
Brick, NJ | 7 updates here for XP Pro and XP Home machines-all installed and no problems so far.Thanks Nick | |
|
Babar
Premium
join:2001-05-09
Washington | Thanks, Nick!
| |
|
MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH | Thank you for sure. | |
|
|
|
Thane_Bitter
join:2005-01-20
London, ON | Thank you Nick, forgot all about 'fix Tuesday'.
--
...A bitter ray of sunshine | |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ | Will go back and try later. Everybody and their mother's uncle are trying at this point so patience is now going to be my virtue. Thanks, Nick. I'll ride it out for a bit and try again later. | |
|
Pole883
Premium
join:2004-01-27
Schenectady, NY |
Thanks NICK!! | |
|
|
redwolfe_98
join:2001-06-11
 ·RoadRunner Cable
2 edits | edit: i should have said.. "with the latest cumulative update for IE 6, according to "secuniai", the formerly outstanding vulnerabilities in IE 6, that i was concerned about, have been patched".. | |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| This has turned into a nightmare. IE6 is borked. So is Firefox. I installed all six one by one after downloading to disk. I had to reboot after EVERY ONE of them...six reboots. Never had to do that before. These were all MAJOR otherwise no reboots every after one of them. After three, I surfed for a while and things seemed alright. I had not yet installed the Cumulative IE one. I left it for last.
So, I did the last three and IE could not surf. It got to dslreports and then could not navigate here. Task Manager showed it rapidly rising in the large amount of RAM it was using. So, I did a System Restore to the point just before I installed the IE Cumulative update. Good, I can surf again on IE. So, I minimize it and open Fx. Geez...why is my computer so sluggish? Fx loads nine tabs. I open Task Manager and IE, which is minimized, is using almost 200,000k RAM and that is rising rapidly. Fx is using 465,000k, RAM.
So, it wasn't the IE cumulative update that is the problem. What a MESS. IE and Fx were both fine before I installed these patches. I should have known with each one requiring a reboot that there could be serious issues.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason | |
|
| daveinpoway
Premium
join:2006-07-03
Poway, CA
| Re: Microsoft Security Bulletin(s) for October 14 2008 When I installed the 7 updates to XP Pro, SP3, I told the Microsoft updater to do the job. It downloaded and installed them all, and then told me I needed to reboot only once (after everything was installed). I am using IE7, and it seems OK after the updates. | |
|
| | Mele20
Premium
join:2001-06-05
Hilo, HI
1 edit | Re: Microsoft Security Bulletin(s) for October 14 2008 IE seems ok now. I closed Fx and restarted IE and it is not using excessive RAM now. But I found two web sites where I cannot type anything. I don't use IE much so I don't know if that problem was there before these updates or not. I am using IE6 here and typing this on IE so it may be coincidence that I found two sites just now where I can't type on IE.
I'm going to watch it...it is gradually using more RAM...started out low and now at 85000k for IE6? For a non-tabbed browser that seems a bit much but I don't generally watch IE RAM usage when I use it, which is not often, so maybe this is normal.
I was wondering if Microsoft is trying to discourage people from getting the patches from MS Download site instead of via WU/MU or automatic updates. A good way to discourage would be to say that every patch needs a reboot. I could have delayed the reboots until I installed all the patches but I don't think that is a good idea when the installer says a reboot is needed I don't think it should be delayed.
Fx needs to be retired. But it was not using anything like this huge amount of RAM with just a few tabs open until now after these patches. I opened it with one tab only and it is using 490000k so I have to say goodbye to 1.5 I guess and install Fx3. It's probably my profile, which is very old, causing the problem, but I need to give up Fx 1.5 anyway so no point in creating a new profile which might fix the RAM issue. I started Fx in Safe Mode and it is ok there so its either an extension or a very tired Profile causing the excessive memory usage and I think one of the patches affected it too since it was not using near that much memory earlier today.
I have to call Microsoft back about my IE8 problems on Vista so I guess I will also call about IE6 and KB956390.
Yep, after System Restore, IE is fine as when I minimize it memory usage drops way down and only very gradually grows when I start using it again.
EDIT: I solved the Fx excessive RAM usage problem. It had every extension I have ever tried turned on! TWO Phorm extensions were turned on!!! Plus, Firekeeper was on! Just one of those could have caused the problems and there were THREE running. Poor thing. No wonder it was having so many problems. I can't believe it. It didn't occur to me to check the extensions. I've never had them turn on by themselves like that before. 
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason | |
|
| | | 
Unknown_Poster
@verizon.net
| Re: Microsoft Security Bulletin(s) for October 14 2008 said by Mele20  :I was wondering if Microsoft is trying to discourage people from getting the patches from MS Download site instead of via WU/MU or automatic updates. A good way to discourage would be to say that every patch needs a reboot. Stop wondering.
There are many more effective ways to accomplish that goal if Microsoft Corp. were interested.
One patch, one reboot.
The way things should be, and the way they've been since the annals of time began.
If you don't want to reboot after each one, select 'Don't restart now' in the options box, then reboot once after all patches are installed.
How tough can that be?
Several of these patches require special circumstances-- local log-on privileges, Internet file & printer sharing enabled, and what-not.
I don't need those, given my situation and machine configuration.
When I don't need particular patches, they don't get installed. Cuts down on correlated issues.
Installed Silverlight lately, btw? Microsoft Corp. seems to believe that you, I, and we should. | |
|
| | | | Mele20
Premium
join:2001-06-05
Hilo, HI
1 edit | Re: Microsoft Security Bulletin(s) for October 14 2008 This was IE Cumulative Update that is causing the problem. That one is needed. It is not the first time that an IE cumlative update has caused me a problem. Yes, some of the others were rather obscure and I don't install all updates but I did these. I read each Technet bulletin and KB article and I felt I needed them.
As for waiting to reboot, I do not believe that is sound thinking. Microsoft either is trying to discourage folks from updating via MS Download site or each of those really did need a reboot after each install. It is one or the other. I've been doing patches this way for many years. I have not visited WU since ver 4 around 2004 I guess. This is the first time I have done the monthly patches and had every one of the require a reboot. There is something distinctly odd about these patches this month.
Silverlight I had problems with on a virtual machine running XP Pro. A mess there. But on Vista Ultimate on a virtual machine it installed just fine and I really like it. It uses a LOT of RAM though and on videos with audio there is no synchronization of sound and video. I was looking at the Hard Rock Cafe memorabilia and zooming in on a tiny detail on some rock singer's gorgeous shirt...it was neat but wow, it was using 100% CPU on that virtual machine. I have not installed it on my host machine.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason | |
|
| | | | | Libra
Premium
join:2003-08-06
USA
| Re: Microsoft Security Bulletin(s) for October 14 2008 Hi Mele,
I hope you're doing well.
I just came across an Application Compatibility Blog which indicates there are serious compatibility problems with MS08-085 and Java. It's here:
»aokcompat.blogspot.com/2008/10/m···008.html
I updated the computer first and afterwards installed the new Java 6_Update 10 without any problems so far.
Sincerely, Libra | |
|
| 
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
| said by daveinpoway :When I installed the 7 updates to XP Pro, SP3, I told the Microsoft updater to do the job. It downloaded and installed them all, and then told me I needed to reboot only once (after everything was installed). I am using IE7, and it seems OK after the updates. Same here.
I had 9 updates (7 for XP Pro SP3, and 2 for Office).
I have auto updates turned off, but I use the Microsoft update site manually.
I wasn't required to reboot until all 9 updates were downloaded and installed.
One reboot, and everything is fine here.
Sorry Mele....just don't know what to tell you, or why you are having problems with these patches.
--
I had a life once.....now I have a Computer and a Modem. | |
|
Grail Knight
Who Dares Wins
Premium
join:2003-05-31 | Thanks Nick.
All is well after 1 reboot. | |
|
NICK ADSL UK
Premium,MVM
join:2004-02-22
| October 2008 Security Release ISO Image
Brief Description
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on October 14th, 2008.
Overview
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on October 14th, 2008. The image does not contain security updates for other Microsoft products. This DVD5 ISO image is intended for administrators that need to download multiple individual language versions of each security update and that do not use an automated solution such as Windows Server Update Services (WSUS). You can use this ISO image to download multiple updates in all languages at the same time.
Important: Be sure to check the individual security bulletins at »www.microsoft.com/technet/security prior to deployment of these updates to ensure that the files have not been updated at a later date.
»www.microsoft.com/downloads/deta···yLang=en
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security
| |
|
Libra
Premium
join:2003-08-06
USA | Thank you, Nick.
On XPHomesp2 I installed seven updates (including the Malicious software removal tool) and all seems well.
Sincerely, Libra | |
|
|
Curley
join:2002-04-10
Michigan | Thank you Nick, installed ok with no problems. | |
|
|
NICK ADSL UK
Premium,MVM
join:2004-02-22 | Re: Microsoft Security Bulletin(s) for October 14 2008 Your all very welcome | |
|
|
|
|
·
·
