Description: This security update resolves a privately reported vulnerability in Outlook Express, Windows Mail, and Windows Live Mail. The vulnerability could allow remote code execution if a user visits a malicious e-mail server. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by correctly validating e-mail server responses. Continue reading “KB978542”
Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font in client applications that can render EOT fonts, such as Microsoft Internet Explorer, Microsoft Office PowerPoint, or Microsoft Office Word. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by correcting the way that the Embedded OpenType Font Engine decompresses specially crafted files and content containing embedded fonts. Continue reading “KB972270”
Microsoft is investigating new public reports of a possible vulnerability in Microsoft Server Message Block (SMB) implementation. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Microsoft is concerned that this new report of a vulnerability was not responsibly disclosed, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone’s best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.
Microsoft today released four security updates for Vista, three of them ‘Critical’, and one ‘Important’. Here are the updates that were released:
As described late last week, Microsoft today released the security updates for the month of October. Vista and it’s built-in components received 5 updates, all listed as ‘Important’. Another update was released that contained ‘Kill Bits’ to deactivate problem Active X controls. Continue reading “Vista Gets 5 Security Updates, and a Sprinkle of Kill Bits”
Though the Security Bulletin Advance Notification for August 2008 said Vista would be getting five updates, four were delivered. Missing from the list was a critical update for Windows Media Player. Also released were 7 other updates, mostly for Microsoft Office, revisions for four existing security bulletins, and two security advisories. Here’s what was released for Vista: Continue reading “Microsoft Delivers 4 Security Updates to Vista”
Vista hasn’t escaped the need for security updates in the month of June. All together, five updates affect Windows Vista; three critical, and two moderate. All updates affect both 32 and 64-bit systems, and it doesn’t matter if you have SP1 installed or not. Continue reading “Vista to Get 5 Security Updates on Tuesday”
Vista escapes any security updates this month. You may see some arrive, but they are all for non-OS software like Defender or Office. Continue reading “Microsoft Security Bulletin Advance Notification for May 2008”
As foretold last week, Microsoft today released five security updates for Windows Vista. If you have SP1 installed already, only four will be required. Here’s the updates coming down the pipes, with links to direct downloads: Continue reading “5 Security Updates Hit Vista Today”
Microsoft’s Security Bulletin Advance Notification for April 2008 was just released, and Vista did not escape as it did last month. Vista is due to receive updates for five security related issues, with three of them rated ‘Critical’, and another two rated ‘Important’. Of the critical updates, two are for Vista itself, while the other is for Internet Explorer, with all three of them allowing ‘Remote Code Execution’. The two important updates are related to Vista itself, with one dealing with ‘Spoofing’, and the other ‘Elevation of Privilege’. We’ll know more specifics on Tuesday when further details are released. Continue reading “Vista Getting Critical Updates on April 8th”