Microsoft has revised their Security Advisory 954960 on Windows Server Update Services (WSUS) Blocked from Deploying Security Updates. July 9, 2008: Advisory updated to reflect availability of fix. More info at http://www.microsoft.com/technet/security/advisory/954960.mspx http://blogs.technet.com/msrc/archive/2008/07/09/update-microsoft-security-advisory-954960.aspx
ZoneLabs released an advisory today regarding the above security update by Microsoft and their ZoneAlarm products at http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html They will release a fix very soon as per their moderator: http://forum.zonelabs.org/zonelabs/board/message?board.id=access&message.id=34074 via Calendar of Updates discussion forums
The founder of a Colorado-based software company has been missing in Hawaii for more than a week.http://starbulletin.com/2008/07/09/news/story06.html via Sunbelt Blog
I set-up a survey over at Calendar of Updates forum regarding the boot-time of user’s computer. My laptop’s boot-time as per Windows diagnostic is 61 seconds but the 3rd party utility, Boottimer reports 47 seconds. Running Vista Ultimate SP1 See or participate in the survey at http://www.dozleng.com/updates/index.php?showtopic=18788
Download locations: http://www.java.com/en/download/index.jsp http://java.sun.com/javase/downloads/index.jsp Verify installation: http://www.java.com/en/download/installed.jsp?detect=jre&try=1 Release note at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html Their blog got entries for security alerts again http://blogs.sun.com/security/ and solution is to update to this new version.
Patch available for RoboHelp Server Cross-Site Scripting issue Release date: July 8, 2008Vulnerability identifier: APSB08-16CVE number: CVE-2008-2991Platform: WindowsAffected software versions:RoboHelp Server 6RoboHelp Server 7 A specially crafted URL could be used to create a cross-site scripting attack against RoboHelp Server 6 and RoboHelp Server 7. An attacker would need to have access to the RoboHelp Help Errors log, or convince someone with access to the RoboHelp Help Errors log to click on a malicious URL, in order to execute the attack. RoboHelp 6 and RoboHelp 7 (non-Server releases) are not vulnerable to this issue. SolutionAdobe strongly recommends users update their … Continue reading Adobe Security Bulletin: APSB08-16
Microsoft Security Advisory (953635)Vulnerability in Microsoft Word Could Allow Remote Code Execution Microsoft is investigating new public reports of a possible vulnerability in Microsoft Office Word 2002 Service Pack 3. Our initial investigation indicates that customers who use all other supported versions of Microsoft Office Word, Microsoft Office Word Viewer, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, and Microsoft Office for Mac are not affected. More info and work-around at http://www.microsoft.com/technet/security/advisory/953635.mspx
As part of Microsoft’s routine, monthly security update cycle, they released 4 new security bulletins: MS08-037 – Vulnerabilities in DNS Could Allow Spoofing (953230) MS08-038 – Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582) MS08-039 – Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) MS08-040 – Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) You can view this month’s Security Bulletins Summary at their website. Visit also the MSCRC blog for further notes or details on the said security bulletins. For information about non-security releases on Windows Update and … Continue reading Microsoft Security Bulletins for July 2008
I’ve been reading PDF files this past few days and then today, I got this: It’s Adobe Product Improvement Program and it is explained in http://www.adobe.com/misc/apipfaq.htmlIt’s like Microsoft Customer Experience Improvement Program that is in Vista, Live Messenger etc.
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution Microsoft is investigating active, targeted attacks leveraging a potential vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. The ActiveX control for the Snapshot Viewer for Microsoft Access enables you to view an Access report snapshot … Continue reading Microsoft Security Advisory (955179)