Hello! This is Tami Gallupe (MSRC Release Manager) and I want to let you know that we just posted our June 2008 Bulletins.  We released seven bulletins today, which includes three bulletins with severity rating of Critical three bulletins with severity rating of Important and one with the severity rating of Moderate.

 

Here is a summary of what we released:

 

MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)

-          Rating: Critical

-          Impact of Vulnerability: Remote Code Execution

 

MS08-031: Cumulative Security Update for Internet Explorer (950759)

-          Rating: Critical

-          Impact of Vulnerability: Remote Code Execution              

 

MS08-032:  Cumulative Security Update of ActiveX Kill Bits (950760)        

-          Rating: Moderate

-          Impact of Vulnerability: Remote Code Execution

 

MS08-033: Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)          

-          Rating: Critical

-          Impact of Vulnerability: Remote Code Execution

 

MS08-034: Vulnerability in WINS Could Allow Elevation of Privilege (948745)

-          Rating: Important

-          Impact of Vulnerability: Elevation of Privilege

 

MS08-035: Vulnerability in Active Directory Could Allow Denial of Service (953235)

-          Rating: Important

-          Impact of Vulnerability: Denial of Service

 

MS08-036: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)

-          Rating: Important

-          Impact of Vulnerability: Denial of Service             

 

We also re-released MS06-078 and MS07-068 with a detection only changes.

 

Delving "under the hood" this month, our Security Vulnerability Research & Defense blog this month discusses MS08-036, MS08-033, and MS08-030. You can read about these and more at http://blogs.technet.com/swi/.

 

While we're talking about updates and blogs, I’ll also mentioned that we’ve provided new Knowledge Base (KB) articles that document installation procedures for any possible future SQL Server security updates for Microsoft SQL Server 7, Microsoft SQL 2000 or Microsoft SQL Server 2005. In particular, there are steps that SQL Server 2000 and SQL Server 2005 administrators can take in advance that could help expedite deployment of any possible future security updates.  We encourage all SQL administrators to review all these (KB) articles and consider following the steps now to better prepare for any future SQL Server updates that may be released in the future. Additional information can be found by clicking the below links.

 

·         SQL Server 2000 and MSDE 2000 installers stop dependent services

·         SQL Server 2005 installers stop dependent services

·         SQL Server 2000 installers will not update disabled SQL Server instances

·         SQL Server 2005 installers do not update an instance of the SQL Server service that is in a disabled state

·         Supported method for applying updates to SQL Server 7.0

 

As usual, I also want to remind that our monthly webcast that starts tomorrow (Wednesday, June 10th) at 11:00 AM PST.  This is a favorite event as it gives us a chance to take questions and answer them live, on the air tomorrow. Click here to Register now for the June Security Bulletin Webcast.  We look forward to hearing from you tomorrow.

 

Cheers!

  Tami

 

*This posting is provided "AS IS" with no warranties, and confers no rights.*