 dpPremium,MVM
join:2000-12-08
Greensburg, PA
kudos:7 | MS Security Bulletin Advance Notification for August 2010 Published: July 30, 2010
Microsoft Security Bulletin Advance Notification issued: July 30, 2010
Microsoft Security Bulletin to be issued: August 2, 2010
This is an advance notification of one out-of-band security bulletin that Microsoft is intending to release on August 2, 2010. The bulletin addresses a security vulnerability in all supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, that is currently being exploited in malware attacks.
»www.microsoft.com/technet/securi···aug.mspx
--
Microsoft® Security MVP, 2004 - 2010
DP's Security Bits |
|
| Wow, light month. Can't remember the last time they shipped only one update for patch Tuesday. |
|
|
|
rdhw
join:2002-09-21
Cambridge UK | August 2nd is not Patch Tuesday. This is a single out-of-band patch. |
|
 antdudeA Ninja AntPremium,VIP
join:2001-03-25
kudos:2
 ·RoadRunner Cable
| reply to lorennerol
said by lorennerol:Wow, light month. Can't remember the last time they shipped only one update for patch Tuesday. Out of bound means urgent patch.
I wonder what this will fix. I don't recall any major security hole recently. Do you guys?
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer |
|
| »blogs.technet.com/b/mmpc/archive···ity.aspx |
|
antdudeA Ninja AntPremium,VIP
join:2001-03-25
kudos:2 Reviews:
·RoadRunner Cable
| Wow, that's bad especially on the graph! |
|
 ABPremium
join:2006-04-04
Leesburg, VA
kudos:3
 ·Verizon Online DSL
| reply to dp
said by dp:The bulletin addresses a security vulnerability in all supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, that is currently being exploited in malware attacks. Cool! The vulnerability doesn't exist for unsupported versions!  |
|
Reviews:
·Zen Internet
| reply to dp
thanks don
Microsoft will host a webcast to address customer questions on
the out-of-band bulletin on August 2, 2010,
at 1:00 PM Pacific Time (US & Canada). Register for the
Security Bulletin Webcast at
»msevents.microsoft.com/CUI/WebCa···yCode=US
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security
|
|
| reply to antdude
said by antdude:said by lorennerol:Wow, light month. Can't remember the last time they shipped only one update for patch Tuesday. Out of bound means urgent patch. Thanks for the correction. My calendar has been out of whack all week. Kudos to MS for getting on this one quickly; it's particularly nasty. |
|
antdudeA Ninja AntPremium,VIP
join:2001-03-25
kudos:2 Reviews:
·RoadRunner Cable
| reply to AB
said by AB:said by dp:The bulletin addresses a security vulnerability in all supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, that is currently being exploited in malware attacks. Cool! The vulnerability doesn't exist for unsupported versions! LOL. Poor unsupported version users. They will have fun. 
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer |
|
| reply to dp
To think all the Government agents and retail companies running 2000 pro......... |
|
| said by Sindows 7:To think all the Government agents and retail companies running 2000 pro......... Time to upgrade. Who else provides ongoing support for 11 year-old versions of their OS? The Mac was on OS 8.x back then. |
|
 siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17
·Bell Sympatico
1 edit | reply to dp
Thanks, dp  , I will look for it. MS has messed up the emailings on the advance bulletins, I no longer get mine. edit for typo |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to dp
Ah. I don't have to wait until patch Tuesday to find out if Microsoft is going to play hardball with XP SP2 users installing the patch issued for SP3. Most of the patches for the past year, or more, for SP2 are listed as SP3 patches so it should pose no problems ...the patch itself (and if it did well that is my responsibility since I know it was not tested on SP2). The problem will be if Microsoft plays hardball and makes the installer refuse to install it on SP2 machines.
Since most (maybe all by now) AV vendors detect this generically, and so do many HIPS applications, I'm not sure why it merits out of band patch.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to siljaline
Microsoft has messed up with the Security Bulletins as I have not gotten them for a couple of months now...particularly missing revised/updated Bulletins. BUT I got this one! (Must be Microsoft wants to grind my nose in it since I still use Service Pack 2).  
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
1 edit | reply to Mele20
said by Mele20:Ah. I don't have to wait until patch Tuesday to find out if Microsoft is going to play hardball with XP SP2 users installing the patch issued for SP3. Most of the patches for the past year, or more, for SP2 are listed as SP3 patches so it should pose no problems ... We'll find out, won't we?. In their Security Advisory, they reference a CLSID of
{00021401-0000-0000-C000-000000000046}. Looking at that clsid in the registry, it appears to be pointing to shell32.dll. And checking the file version on shell32.dll, I see 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319).
So, if the fix is to replace shell32.dll, then there may be a problem in updating SP2. On the other hand, if shell32.dll calls some other dll to do the icon handling, that is no different across service packs, then maybe the fix will work on SP2. However, I'm guessing that we're going to see a new shell32.dll. We'll see.
-Edit: I am on SP3. That file version is from SP3 |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | Thanks. I didn't read the Advisory because I have been concerned about Microsoft making their installer aware of the service pack number and refusing to install on SP2 machines. I had not gotten to the point of thinking about Microsoft replacing a file which could cause a problem.
I have 3 patches for shell32.dll. The most recent was Feb 2007:
6.00.2900.3051 (xpsp_sp2_qfe.061219-0311) The original shell32.dll is .2180.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
| reply to dp
Must be the explorer/.lnk issue. |
|
Reviews:
·MTS
1 edit | said by Sindows 7:Must be the explorer/.lnk issue. It is...
»blogs.technet.com/b/msrc/archive···198.aspx |
|
| reply to dp
Even if you can't use the upcoming fix on unsupported OS's, you can still get 100% protection, FREE ! Plus HMP is a fine app anyway.
Quote
"Protection against LNK vulnerability (kb 2286198)
Are there any side effects?
Microsoft and a few security vendors have also released a temporary fix for the vulnerability. But the protection against this vulnerability offered by Hitman Pro is different and has no side effects. An overview:
*
How can I disable the protection against the LNK vulnerability?
Once Microsoft released a permanent solution to the problem, Hitman Pro will automatically disable the temporary protection. You can also disable the protection manually on the Settings panel in Hitman Pro. Just uncheck the appropriate checkbox:"
»www.surfright.nl/en/support/fix-2286198 |
|
