antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
|  MS Security Bulletin Advanced Notification for 4/3/2007
Just got this in my e-mail a few minutes ago.
********************************************************************
Title: Microsoft Security Bulletin Advanced Notification
Issued: April 1, 2007
********************************************************************
Summary
=======
On Tuesday 3 April 2007 Microsoft is planning to release:
Security Updates
. One Microsoft Security Bulletin affecting Microsoft Windows.
The highest Maximum Severity rating for these is Critical. These
updates will require a restart. These updates will be detectable
using the Microsoft Baseline Security Analyzer.
Microsoft Windows Malicious Software Removal Tool
. Microsoft will not release an updated version of the Microsoft
Windows Malicious Software Removal Tool on Windows Update, Microsoft
Update, Windows Server Update Services and the Download Center on
Tuesday 3 April 2007.
Non-security High Priority updates on MU, WU, WSUS and SUS
. Microsoft will not release any NON-SECURITY High-Priority
Updates for Windows on Windows Update (WU) and Software Update
Services (SUS) on Tuesday 3 April 2007.
. Microsoft will not release any NON-SECURITY High-Priority
Updates on Microsoft Update (MU) and Windows Server Update Services
(WSUS) on Tuesday 3 April 2007.
Microsoft will host a webcast next week to address customer
questions on these bulletins. For more information on this webcast
please see below:
. TechNet Webcast: Information about Microsoft's Security
Bulletins (Level 100)
. Wednesday, 11 April 2007 11:00 AM (GMT-08:00) Pacific Time (US
& Canada)
»msevents.microsoft.com/CUI/WebCa···ventID=1
032327017&EventCategory=4&culture=en-US&CountryCode=US
At this time no additional information on these bulletins such as
details regarding severity or details regarding the vulnerability
will be made available until 3 April 2007.
********************************************************************
Support:
========
Technical support is available from Microsoft Product Support
Services at 1-866-PC SAFETY (1-866-727-2338). There is no
charge for support calls associated with security updates.
International customers can get support from their local Microsoft
subsidiaries. Phone numbers for international support can be found
at: »support.microsoft.com/common/int···nal.aspx
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:
»www.microsoft.com/technet/securi···ult.mspx
* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
»www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates via e-mail.
You can learn more about Microsoft's software distribution
policies here:
»www.microsoft.com/technet/securi···ist.mspx
...
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check often)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. |
|
ModemHead
hmmm... what does this do?
Premium
join:2006-01-22
Apex, NC | Thanks!
Related details at Technet |
|
daveinpoway
Premium
join:2006-07-03
Poway, CA | reply to antdude
Will Microsoft also be releasing some updates on April 10 (the "normal" patch Tuesday), or will the April 3 releases be all that will be released this month? |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
| said by daveinpoway  :Will Microsoft also be releasing some updates on April 10 (the "normal" patch Tuesday), or will the April 3 releases be all that will be released this month? From what I understand, tomorrow is an urgent patch for ANI cursors in Vista issue.
Remember, MS said they will release any urgent ones ASAP outside of monthly schedules.
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check often)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
 ·Vonage
 ·Optimum Online
| said by antdude :From what I understand, tomorrow is an urgent patch for ANI cursors in Vista issue. Just Vista? What about everyone else, like XP users?  |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
1 edit | said by La Luna :said by antdude :From what I understand, tomorrow is an urgent patch for ANI cursors in Vista issue. Just Vista? What about everyone else, like XP users? Maybe XP. Was the ANI cursor issue only for Vista or did it affect XP too? I don't remember the full details. 
Remember, I am just assuming from what I read and recall. So all this could be wrong. 
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check often)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Vonage
·Optimum Online
| reply to antdude
According to MS:
This advisory discusses the following software.
Related Software
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Vista
»www.microsoft.com/technet/securi···423.mspx
--
~~Don't wanna' fight in a holy war...World war III when are you coming for me? Been kicking up sparks, we set the flames free...the windows are locked now so what'll it be? A house on fire or a rising sea?...~~
|
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25 | Wow. Thanks "La Luna". I thought it was only Vista. Wow. I guess tomorrow will be a fun day for me. |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| ALL Operating Systems from Microsoft starting with W95 are affected by ANI exploit.
It has been confirmed by members of the GRC Security NG that W95, 98/98SE, and ME are affected by this critical vulnerability. Unfortunately, there will be NO patch for them. Also, unfortunately, the patch issued by ZERT which originally stated that it patched Windows 98/98SE DOES NOT PATCH any system below 2000.
Considering the number of 98 users world wide, I think this is one instance where a patch should be issued. Most people still using 98 or ME are doing so because the machines are too old to allow upgrades of the OS without substantial hardware upgrades which make no sense on machines this old. Still these old machines generally have a lot less hardware issues than new machines (at least if they are Dells) and are adequate for email and websurfing. Many of those using these old OSes use IE only and use Outlook Express. Maybe they can move to web mail with out much difficulty but moving to another browser is something most probably won't do.
A vulnerability this serious should be patched...not other less serious things...but this should be patched IMO. While these old machines may be of no interest to criminals for purposes of netbots, people doing banking and shopping online on these old machines with old OSes would be of interest to criminals.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"
»www.msfirefox.com/ |
|
SpannerITWks
Premium
join:2005-04-22
| reply to antdude
I wonder why my system isn't vulnerable, if 98 is " supposed " to be ?
»Microsoft Security Advisory (935423) Vulnerability in Window
Not that i'm complaining, and AntiVir has it covered too as you can see !
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA | reply to antdude
Thanks antdude!  |
|
Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
·Shaw
| reply to antdude
Note to everyone there will be a patch for MS07-017 April 3rd (only the third out-of-cycle patch from Microsoft in more than two years) as Microsoft is aware of the existence of a public attack utilizing the vulnerability. Since testing has been completed earlier than anticipated (ie someone lite a fire under their butts and locked the doors so no one could go home til this was completed ), Microsoft has released the update ahead of schedule to help protect customers.
I believe this is for all affected systems.
Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| said by Link Logger :I believe this is for all affected systems. Blake ALL Microsoft OSes from 95 on are affected. Only those from 2000 on will be patched.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"
»www.msfirefox.com/ |
|
Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
·Shaw
| reply to antdude
If your still driving Windows 9x then I think it goes without saying, your on your own.
Windows ME - Mainstream support ended 31/12/2003, Extended support ended 31/12/2003.
Windows 98SE - Mainstream support ended 30/06/2002, Extended support ended 11/07/2006
Windows 95 - Mainstream support ended 31/12/2000, Extended support ended 31/12/2001
So I think given these puppies have been support dead for some time, they just don't matter anymore in terms of announcing for what versions of Windows things will be fixed for.
I still have a couple of systems running Windows 9x on them as they were totally security void and hence its far easier doing some things on them then configuring a XP box for example. I even have a Windows ME virtual machine that I sometimes load up for testing.
Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to antdude
Hot on the heels of the new ANI exploit is a new Warezov sample.
No variations were seen from the email samples received and they all look like this:
»www.f-secure.com/weblog/archives···00001160
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
Mele20
Premium
join:2001-06-05
Hilo, HI | reply to SpannerITWks
Spanner, How do you know your 98 is not vulnerable? |
|
Woody79_00
join:2004-07-08
| My McAfee has it covered with the latest updates |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
| reply to antdude
FYI.
"Budd added that Microsoft is not canceling its monthly security release scheduled for April 10, which the company will provide advance notification for on Thursday." --»www.betanews.com/article/Micorso···75626872
More updates on the 10th.
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check often)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. |
|
SpannerITWks
Premium
join:2005-04-22 | reply to Mele20
Mele20
Click on the handy link i included and you'll see my screenie !
Spanner |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| Couldn't you just answer the question?
Your link sends me to another thread that has 3 pages. I have no idea where in that thread you put a screeshot.
Plus, I don't look at screenshots that are off site and you have a bad habit of doing that.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"
»www.msfirefox.com/ |
|
