June, 2008

  • MS08-030 Re-released for Windows XP SP2 and SP3

    Hello, this is Christopher Budd. I wanted to let folks know that we’ve just re-released MS08-030 . This is to let you know there’s a new version of this security update available for Windows XP SP2 and SP3 customers and to encourage them to deploy these new updates. There are no new updates for the other versions of Windows discussed in the bulletin. After we released MS08-030 we learned that the security updates for Windows XP SP2 and SP3 might not have been fully protecting against...
  • SQL Injection Attacks Exploiting Unverified User Data Input

    Hey Andrew Cushman here. Today I ’ m pleased to announce the coordinated release of three security tools in Security Advisory 954462 to help customers deal with SQL injection attacks: · UrlScan version 3.0 Beta, a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, the UrlScan helps prevent potentially harmful requests. · Microsoft Source Code Analyzer for SQL Injection Community Technology...
  • Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates

    Hi. Bill here. I want to let you know that we have just posted Microsoft Security Advisory 954960 , which contains information regarding deployment Issues with Microsoft Windows Server Update Services (WSUS) version 3.0 and 3.0 Service Pack 1. Under specific conditions, the issue does not let clients detect any updates from a WSUS server on systems with Microsoft Office 2003 installed. While the notification of this issue went out as a Security Advisory, this issue is not a security vulnerability...
  • June 2008 Advance Notification

    Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, June 10, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change. As part of our regularly scheduled bulletin release, we’re currently planning to release: · Three Microsoft Security...
  • Security Advisory 954474: Deployment Issue affecting System Center Configuration Manager 2007servers with SMS 2003 clients

    Hello, This is Christopher Budd. I’m back here on the MSRC weblog after spending some time learning the Privacy side of our business (and getting my CIPP certification ). I’m here to let you know that we’ve just posted Microsoft Security Advisory 954474 . This advisory is to let customers know that we’re aware of an issue that is affecting the deployment of the June 2008 security updates . This issue only affects customers using System Center Configuration Manager (ConfigMgr) 2007 ; none...
  • June 2008 Monthly Release

    Hello! This is Tami Gallupe (MSRC Release Manager) and I want to let you know that we just posted our June 2008 Bulletins . We released seven bulletins today, which includes three bulletins with severity rating of Critical three bulletins with severity rating of Important and one with the severity rating of Moderate . Here is a summary of what we released: MS08-030 : Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) - Rating: Critical - Impact of Vulnerability...
  • Microsoft Security Advisory 954474 Updated

    Hello, This is Christopher Budd again. I wanted to let you know we’ve just updated Microsoft Security Advisory 954474 to let you know we’ve released an update that affected customers can apply to their System Center Configuration Manager (ConfigMgr) 2007 servers to resolve the issue we discussed in our posting on Friday June 13 . There are more details in the advisory, but we recommend any ConfigMgr 2007 customers with System Management Server (SMS) 2003 clients go ahead and review the KB and...
  • News from FIRST 2008: Driving Security Response Excellence and Innovation

    Hi, Andrew here, Often, when you see me blogging, I’m talking about the important work we do with the researcher community. However, in addition to work with researchers, we’re always looking for ways to foster work with others in the industry and share best practices. As I sit here today at the annual FIRST Conference and think about the future of security response, I’m excited to tell you about ICASI (Industry Consortium for the Advancement of Security on the Internet), a new non-profit...