 dpPremium,MVM
join:2000-12-08
Greensburg, PA
kudos:7 | MS Out-Of-Band Security Bulletin(s) for December 17, 2008 Microsoft Security Bulletin(s) for December 17, 2008
Published: December 9, 2008 | Updated: December 17, 2008
Note: There may be latency issues due to replication, if the page does not display keep refreshing
Today Microsoft released the following Security Bulletin(s).
Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.
Bulletin Summary:
»www.microsoft.com/technet/securi···dec.mspx
Critical (7)
Microsoft Security Bulletin MS08-071
Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
»www.microsoft.com/technet/securi···071.mspx
Microsoft Security Bulletin MS08-075
Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)
»www.microsoft.com/technet/securi···075.mspx
Microsoft Security Bulletin MS08-073
Cumulative Security Update for Internet Explorer (958215)
»www.microsoft.com/technet/securi···073.mspx
Microsoft Security Bulletin MS08-078
Security Update for Internet Explorer (960714)
»www.microsoft.com/technet/securi···078.mspx
Microsoft Security Bulletin MS08-070
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
»www.microsoft.com/technet/securi···070.mspx
Microsoft Security Bulletin MS08-072
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
»www.microsoft.com/technet/securi···072.mspx
Microsoft Security Bulletin MS08-074
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
»www.microsoft.com/technet/securi···074.mspx
Important (2)
Microsoft Security Bulletin MS08-077
Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
»www.microsoft.com/technet/securi···077.mspx
Microsoft Security Bulletin MS08-076
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
»www.microsoft.com/technet/securi···076.mspx
Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.
As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.
Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.
--
Microsoft MVP, 2004 - 2008 |
|
 lilhurricaneCrunchin' For CuresPremium,Mod
join:2003-01-11
Purple Zone
kudos:51 | Many thanks, Dp |
|
|
|
 MarkAWBarry WhitePremium
join:2001-08-27
Canada
kudos:16 | reply to dp
Thanks dp  .  |
|
Reviews:
 ·Zen Internet
| reply to dp
TechNet Webcast: Information About Microsoft December Out-of-Band Security Bulletin
Event ID: 1032399448
Language(s): English.
Product(s): Security.
Audience(s): IT Professional.
Duration: 60 Minutes
Start Date: Wednesday, December 17, 2008 1:00 PM Pacific Time (US & Canada)
Event Overview
On December 17, 2008, Microsoft will release an out-of-band security bulletin. Join us for a brief overview of the technical details of the security bulletin. The intent of this webcast is to address your concerns. Therefore, most of the webcast is devoted to attendees asking questions about the bulletin and getting answers from our security experts.
Presenters: Christopher Budd, Security Response Communications Lead, Microsoft Corporation, and Adrian Stone, Lead Security Program Manager, Microsoft Corporation
Register Online
Owing to the importance of this update 2 special webcast's will be broadcast so do please register if you wish to get involved. For December the 17th web cast you can register here
»msevents.microsoft.com/CUI/WebCa···yCode=US
And for Thursday the 18th webcast registration can be found here
Start Date: Thursday, December 18, 2008 11:00 AM Pacific Time (US & Canada)
»msevents.microsoft.com/CUI/WebCa···yCode=US
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security
|
|
| Many thanks dp for posting |
|
Reviews:
·Zen Internet
| reply to dp
Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB960714)
»www.microsoft.com/downloads/deta···yLang=en |
|
Jrb2Premium
join:2001-08-31
kudos:3
1 edit | reply to dp
Thanks dp and Nick |
|
PrntRhdPremium
join:2004-11-03
Fairfield, CA | reply to dp
Thanks DP, the MS patch loaded to my primary PC tonight. Required reboot. |
|
| reply to dp
The IE fix came across as "important" in my windows update. Thought it was supposed to be critical.
This was on two vista machines.
--
GuruGuy |
|
2 edits | reply to dp
quote:
Detection and Deployment Tools and Guidance
The Microsoft Baseline Security Analyzer (MBSA) allows administrators to scan local and remote systems for missing security updates
Microsoft Baseline Security Analyzer
The license terms of MBSA 2.0.1 do not expressly list Windows Vista as a supported operating system. However, you may install and use MBSA 2.0.1 according to the MBSA license terms to scan computers that are running a licensed version of Windows Vista.
Microsoft does not support installing MBSA 2.0.1 on computers that run Windows Vista. We recommend that you install MBSA 2.0.1 on a supported operating system. Then, scan Windows Vista-based computers remotely. MBSA 2.0.1 supports the following Windows operating systems:
be nice if your check you system using Vista.
 |
|
| reply to GuruGuy
I also got this patch as Important for my Vista Laptop. For Windows Server 2008 it was listed as Important on my test server. On my Windows Server 2003 and Windows XP systems it was listed as Critical. Microsoft is also sending its MS Partners an email about this out of bound patch. |
|
 HallPremium,MVM
join:2000-04-28
Dayton, OH
kudos:1 | reply to dp
How reliable is this quick-fix ? I'm always hesitant to apply these rushed patches myself, but I've been affected by this at home and many machines at work have been too. |
|
 shearerNorthern LightsPremium
join:2002-06-18
Asia | reply to dp
I have applied the fix on XP SP2, IE6.
Any proof-of-concept site I can visit to test if IE has been fully secured against this vulnerability?
thanks |
|
Reviews:
·Great Works Inte..
| reply to Hall
said by Hall:How reliable is this quick-fix ? I'm always hesitant to apply these rushed patches myself, but I've been affected by this at home and many machines at work have been too. I know the feeling, but with this one I figured the alternative was worse. I rolled the IE6 patch out to about ten XP SP2 or SP3 boxes and I haven't noticed any problems. |
|
