Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251

Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251
ANN: Out-of-band Security Update to be released 23 Oct-08
ANN: Out-of-band Security Update to be released 23 Oct-08

ANN: Out-of-band Security Update to be released 23 Oct-08
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
ANN: Out-of-band Security Update to be released 23 Oct-08 PA Bear [MS MVP] 10-23-2008
Posted by PA Bear [MS MVP] on October 23, 2008, 2:06 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Microsoft Security Bulletin Advance Notification for October 2008
http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx

<QP>
This is an advance notification of an out-of-band security bulletin that
Microsoft is intending to release on Thursday, 23 October 2008.

Critical Security Bulletin (1)
============================================================

Windows Bulletin

- Affected Software:

- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2 and Windows XP Service Pack 3
- Windows XP Professional x64 Edition and Windows XP Professional x64
Edition Service Pack 2
- Windows Server 2003 Service Pack 1 and Windows Server 2003 Service
Pack 2
- Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems and Windows
Server 2003 with SP2 for Itanium based Systems
- Windows Vista and Windows Vista Service Pack 1
- Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
- Windows Server 2008 for 32-bit Systems (Windows Server 2008 Server
Core installation affected)
- Windows Server 2008 for x64-based Systems (Windows Server 2008 Server
Core installation affected)
- Windows Server 2008 for Itanium-based Systems

- Impact: Remote Code Execution
- Restart Requirement: The update requires a restart
- Version Number: 1.0

© 2008 Microsoft Corporation
</QP>

Microsoft will host a webcast to address customer questions on this
out-of-band security bulletin on October 23, 2008, at 1:00 PM Pacific Time
(US & Canada). Register for this out-of-band Security Bulletin Webcast at
the link above.

[Crossposted to Security, Security Home Users, and Windows Update
newsgroups; Followup To set for Security newsgroup]
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


Posted by MowGreen [MVP] on October 23, 2008, 11:15 am
If you were  Registered and logged in, you could reply and use other advanced thread options
In addition, the below shows the severity rating of this out-of-band
update. For those systems that it's deemed Critical for, be
***strongly advised*** that it should be installed AS SOON AS POSSIBLE.

It's predicted that there will be *** active exploitation of the
vulnerability addressed by this update soon **** or it already ***is***
being actively exploited.
Further details about any exploitation will be posted after the online
webcast scheduled for 10 AM today.

Windows Operating System and Components


Microsoft Windows 2000
Bulletin Identifier
Windows

Aggregate Severity Rating
Critical

Microsoft Windows 2000 Service Pack 4
Microsoft Windows 2000 Service Pack 4
(Critical)

Windows XP
Bulletin Identifier
Windows

Aggregate Severity Rating
Critical

Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Service Pack 2 and Windows XP Service Pack 3
(Critical)

Windows XP Professional x64 Edition and Windows XP Professional x64
Edition Service Pack 2
Windows XP Professional x64 Edition and Windows XP Professional x64
Edition Service Pack 2
(Critical)

Windows Server 2003
Bulletin Identifier
Windows

Aggregate Severity Rating
Critical

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
(Critical)

Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
Service Pack 2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
Service Pack 2
(Critical)

Windows Server 2003 with SP1 for Itanium-based Systems and Windows
Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems and Windows
Server 2003 with SP2 for Itanium-based Systems
(Critical)

Windows Vista
Bulletin Identifier
Windows

Aggregate Severity Rating
Important

Windows Vista and Windows Vista Service Pack 1
Windows Vista and Windows Vista Service Pack 1
(Important)

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
(Important)

Windows Server 2008
Bulletin Identifier
Windows

Aggregate Severity Rating
Important

Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems*
(Important)

Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems*
(Important)

Windows Server 2008 for Itanium-based Systems
Windows Server 2008 for Itanium-based Systems
(Important)

IF anyone has an issue either installing this update, the update is
reoffered, or there are issues after installing it, please contact MS
for *** no-charge *** technical support:

> Support
> • Customers in the U.S. and Canada can receive technical support from
Microsoft Product Support
> Services at 1-866-PCSAFETY. There is no charge for support calls that are
associated with security
> updates.
> • International customers can receive support from their local Microsoft
subsidiaries. There is no
> charge for support that is associated with security updates. For more
information about how to
> contact Microsoft for support issues, visit the International Support Web site.
> http://go.microsoft.com/fwlink/?LinkId=21155



MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============




PA Bear [MS MVP] wrote:

> Microsoft Security Bulletin Advance Notification for October 2008
> http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx
>
> <QP>
> This is an advance notification of an out-of-band security bulletin that
> Microsoft is intending to release on Thursday, 23 October 2008.
>
> Critical Security Bulletin (1)
> ============================================================
>
> Windows Bulletin
>
> - Affected Software:
>
> - Microsoft Windows 2000 Service Pack 4
> - Windows XP Service Pack 2 and Windows XP Service Pack 3
> - Windows XP Professional x64 Edition and Windows XP Professional x64
> Edition Service Pack 2
> - Windows Server 2003 Service Pack 1 and Windows Server 2003 Service
> Pack 2
> - Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
> Service Pack 2
> - Windows Server 2003 with SP1 for Itanium-based Systems and Windows
> Server 2003 with SP2 for Itanium based Systems
> - Windows Vista and Windows Vista Service Pack 1
> - Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
> - Windows Server 2008 for 32-bit Systems (Windows Server 2008 Server
> Core installation affected)
> - Windows Server 2008 for x64-based Systems (Windows Server 2008
> Server Core installation affected)
> - Windows Server 2008 for Itanium-based Systems
>
> - Impact: Remote Code Execution
> - Restart Requirement: The update requires a restart
> - Version Number: 1.0
>
> © 2008 Microsoft Corporation
> </QP>
>
> Microsoft will host a webcast to address customer questions on this
> out-of-band security bulletin on October 23, 2008, at 1:00 PM Pacific
> Time (US & Canada). Register for this out-of-band Security Bulletin
> Webcast at the link above.
>
> [Crossposted to Security, Security Home Users, and Windows Update
> newsgroups; Followup To set for Security newsgroup]

Posted by =?Utf-8?B?UGhpbCBMZXdpcyAtIENo on October 23, 2008, 1:44 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
We've just rolled the Patches into our lab to bwegin testing and right off
the bat we have questions regarding applicability.
Almost our target systems have IE7 installed and we are getting
notifications that the patch does not apply "the patch does not apply to the
version of Internet Explorer that is installed" On two Windows Svr 2003 R2
x64 SP2 systems with IE7 installed we get the error "Setup has detected that
the Service Pack Version is newer than the update you are applying. You do
not need to apply this update"

Am I correct in concluding this patch does not apply to systems running IE7?

Phil Lewis

Posted by MowGreen [MVP] on October 24, 2008, 7:10 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
NO, it applies to the OS, irrespective of the browser installed.
Strongly suggest you contact MS to report this issue and for assistance
in getting this *** Critical *** update installed ASAP.
From the Sec Bulletin:
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

> Support
> • Customers in the U.S. and Canada can receive technical support from
Microsoft Product Support
> Services at 1-866-PCSAFETY. There is no charge for support calls that are
associated with security
> updates.
> • International customers can receive support from their local Microsoft
subsidiaries. There is no
> charge for support that is associated with security updates. For more
information about how to
> contact Microsoft for support issues, visit the International Support Web site.
> http://go.microsoft.com/fwlink/?LinkId=21155


MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============



Phil Lewis - Checkfree wrote:

> We've just rolled the Patches into our lab to bwegin testing and right off
> the bat we have questions regarding applicability.
> Almost our target systems have IE7 installed and we are getting
> notifications that the patch does not apply "the patch does not apply to the
> version of Internet Explorer that is installed" On two Windows Svr 2003 R2
> x64 SP2 systems with IE7 installed we get the error "Setup has detected that
> the Service Pack Version is newer than the update you are applying. You do
> not need to apply this update"
>
> Am I correct in concluding this patch does not apply to systems running IE7?
>
> Phil Lewis

Posted by PA Bear [MS MVP] on October 24, 2008, 7:53 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
[How did I miss this one?]

MS08-067 is not dependent on the version of IE installed per se.

Then again, you're running Win2008 SP2 Beta which (AFAIK) is not yet a
"supported edition" of Win2008 and I have no idea what download of MS08-067
you're attempting to install.

Also see the listing (and footnotes) for Win2008 in the section Affected
Software and Download Locations | Windows Operating System and Components of
http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx

That being said, there is a version of MS08-067 for Windows 7 Pre-Beta so
there might be one for Win2008 SP2 Beta. Contact MS via your usual support
channels ASAP, Phil.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


Phil Lewis - Checkfree wrote:
> We've just rolled the Patches into our lab to bwegin testing and right off
> the bat we have questions regarding applicability.
> Almost our target systems have IE7 installed and we are getting
> notifications that the patch does not apply "the patch does not apply to
> the
> version of Internet Explorer that is installed" On two Windows Svr 2003 R2
> x64 SP2 systems with IE7 installed we get the error "Setup has detected
> that
> the Service Pack Version is newer than the update you are applying. You do
> not need to apply this update"
>
> Am I correct in concluding this patch does not apply to systems running
> IE7?
>
> Phil Lewis


Similar ThreadsPosted
Java Runtime Environment (JRE) 5.0 Update 10 Released December 8, 2006, 6:21 pm
Security Bulletins Released Today August 9, 2005, 1:44 pm
Security Bulletins Released Today October 11, 2005, 1:49 pm
XP security exploit causes BSOD - when will patch be released? July 7, 2005, 1:37 pm
MS05-25 Security Update June 16, 2005, 6:15 pm
Im missing a security update, how can I get it? November 16, 2005, 6:27 pm
Automatic Security Update March 19, 2006, 9:07 am
Security update KB91759 August 6, 2006, 10:46 am
Security Update for Windows XP (KB912919) January 5, 2006, 8:45 pm
Security Update for Windows XP (KB913446) February 14, 2006, 8:13 pm

The site map in XML format XML site map

Contact Us | Privacy Policy