The Redmond company released 6 security bulletins with according patch-sets for this November Black Tuesday. These patches close security holes mainly in Microsoft Office and in the Windows Kernel which allow for example for drive-by-downloads, privilege escalation and remote code injection and execution.

Affected are all Microsoft operating systems (including Server 2008 core installations) and nearly all Office versions – as well as the office viewers. Installing the updates fast is recommended as according to Microsofts threat matrix it is very likely that exploits for these vulnerabilities will appear very soon on the Internet.

Dirk Knop
Technical Editor

For the upcoming Patch Tuesday next week, Microsoft plans to release 6 security bulletins. 3 of them handle critical rated security issues, the other 3 are rated important.

Affected are Windows Operating Systems starting from Windows 2000 up to Windows Server 2008. The “important” fixes are for Microsoft Office (also for Mac) and the Office Viewers.

Prepare to install the patches as soon as possible as usually exploits for these security vulnerabilities are released very soon after Microsoft ships the patches.

Dirk Knop
Technical Editor

Just as announced last Friday, Microsoft ships updates for plenty of products and closes 34 security holes. Many of them are rated critical which means that attackers can infiltrate vulnerable systems remotely.

The patches affect the Windows operating systems starting from Windows 2000 up to the brand new Windows 7. The vulnerable software is a lengthy list too: Internet Explorer, Media Player, Office from XP up to 2007, .Net runtimes, SQL server, Visual Studio 2003 up to 2008, Visual FoxPro, Report Viewer, the antivirus solution Forefront and Silverlight 2.

As the patches deal with critical security vulnerabilities which in some cases are already abused (like the FTP hole in IIS) it is advised to install them ASAP.

Dirk Knop
Technical Editor

Microsoft today announced 13 Security Bulletins for the October Patchday. 8 of them are concerning critical rated security vulnerabilities. The total count of security holes which the company plans to close is 34, according to the Microsoft Security Response Center.

The affected software includes Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools, and SQL Server. Among the fixes that are gonna be provided is one for the SMBv2 vulnerability and one for the vulnerable FTP service IIS.

Administrators should prepare for those updates – most of them require a restart – and install them as soon as possible.

Dirk Knop
Technical Editor

Now that didn’t happen for a while: Microsoft updated one of the security bulletins from Tuesday. It deals with a security flaw in TCP/IP networking. The first version of the bulletin mentioned Windows 2000, Vista, Server 2003 and Server 2008 as affected. The updated version also mentions Windows XP as affected.

Consequently, all Windows XP users should run Windows Update again (as soon as the patch is available for XP, it currently isn’t) – though the impact of the error isn’t as critical as in Vista or Server 2008, where it allows for remote code execution. In Windows XP it is possible to cause a Denial of Service (DoS) condition with sending manipulated network packets to the unpatched computer.

Update: Microsoft updated the bulletin once more. Now it states “By default, Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2 do not have a listening service configured in the client firewall and are therefore not affected by this vulnerability.” So an update won’t be available any time soon – if at all, because in the default installation no service is listening on the network interface.

Dirk Knop
Technical Editor

As announced last Friday, Microsoft released 5 security bulletins – all dealing with critical flaws within the Windows operating systems. Affected are Windows XP to Windows Vista and Server 2008.

The security holes can be abused by hackers to compromise Windows installations remotely. Microsoft expects that exploits for these holes appear soon, so it is advised to install the patches as soon as possible!

Patches for the recently discovered SMB2 flaws within Vista and Windows 7 (only up to RC1 though) aren’t ready yet. Also missing are updates that fix the vulnerabilities in the FTP component of the Internet Information Services.

Dirk Knop
Technical Editor

Microsoft today announced 5 security bulletins for the September patchday next Tuesday. They are all dealing with security holes considered critical in the Windows operating systems and system components. Interestingly, even the Windows Server 2008 Core installation is affected. As usual, the Redmond company isn’t going into details in the advance notification.

Prepare for installing the updates as soon as possible.

Dirk Knop
Technical Editor