Next Tuesday expect one critical update for the Media Player in Vista. Keep reading →

Though the Security Bulletin Advance Notification for August 2008 said Vista would be getting five updates, four were delivered. Missing from the list was a critical update for Windows Media Player. Also released were 7 other updates, mostly for Microsoft Office, revisions for four existing security bulletins, and two security advisories. Here’s what was released for Vista: Keep reading →

Description: This security update resolves a privately reported vulnerability in Outlook Express and Windows Mail. The vulnerability could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update addresses the vulnerability by changing the MHTML protocol handler in Windows so that it securely handles MHTML URLs in redirection scenarios. Keep reading →

Ed examines the claim that Windows security has been bypassed and there is nothing that Microsoft can do about it. His verdict? The sky is not falling… Keep reading →

Microsoft posted the Security Bulletin Advance Notification for August 2008 today. In all, seven security updates are being released that affect the Windows Operating System, with five of them affecting Windows Vista. Three are ‘Important’, the other two ‘Critical’. Expect updates for the following issues on Tuesday, August 12th: Keep reading →

XP has required almost twice as many updates as Vista since Vista’s release, with Vista averaging only 1.5 per month. Keep reading →

Description: This security update resolves a publicly reported vulnerability in Windows Explorer that could allow remote code execution when a specially crafted saved-search file is opened and saved. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses these vulnerabilities by modifying the way that Windows Explorer parses saved searches. Keep reading →

As previously announced, Vista got 5 security updates yesterday. Three of them were ‘Critical’, while the other two were ‘Moderate’. In addition to those security updates, two non-security updates were released. One was for Media Center, the other for CEIP (Windows Vista Customer Experience Improvement Program). Keep reading →

Description: This security update resolves two privately reported vulnerabilities in the Pragmatic General Multicast (PGM) protocol that could allow a denial of service if malformed PGM packets are received by an affected system. An attacker who successfully exploited this vulnerability could cause a user’s system to become non-responsive and to require a restart to restore functionality. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests. The security update addresses these vulnerabilities by modifying the way PGM parses malformed packets. Keep reading →

Description: This security update resolves two privately reported vulnerabilities in Microsoft DirectX that could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by modifying the way that DirectX handles MJPEG and SAMI format files. Keep reading →