KB978542

UpdatesDescription: This security update resolves a privately reported vulnerability in Outlook Express, Windows Mail, and Windows Live Mail. The vulnerability could allow remote code execution if a user visits a malicious e-mail server. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by correctly validating e-mail server responses. Continue reading “KB978542”

KB972270

UpdatesDescription: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font in client applications that can render EOT fonts, such as Microsoft Internet Explorer, Microsoft Office PowerPoint, or Microsoft Office Word. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by correcting the way that the Embedded OpenType Font Engine decompresses specially crafted files and content containing embedded fonts. Continue reading “KB972270”

KB975497

Microsoft is investigating new public reports of a possible vulnerability in Microsoft Server Message Block (SMB) implementation. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Microsoft is concerned that this new report of a vulnerability was not responsibly disclosed, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone’s best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.

December Brings 4 Updates for Vista

Security AdvisoryMicrosoft today released four security updates for Vista, three of them ‘Critical’, and one ‘Important’. Here are the updates that were released:

  • KB956802: Vulnerabilities in GDI Could Allow Remote Code Execution
  • KB959349: Vulnerabilities in Windows Search Could Allow Remote Code Execution
  • KB958215: Cumulative Security Update for Internet Explorer
  • KB959807: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution

Microsoft Delivers 4 Security Updates to Vista

Security AdvisoryThough the Security Bulletin Advance Notification for August 2008 said Vista would be getting five updates, four were delivered. Missing from the list was a critical update for Windows Media Player. Also released were 7 other updates, mostly for Microsoft Office, revisions for four existing security bulletins, and two security advisories. Here’s what was released for Vista: Continue reading “Microsoft Delivers 4 Security Updates to Vista”

Vista Getting Critical Updates on April 8th

Security AdvisoryMicrosoft’s Security Bulletin Advance Notification for April 2008 was just released, and Vista did not escape as it did last month. Vista is due to receive updates for five security related issues, with three of them rated ‘Critical’, and another two rated ‘Important’. Of the critical updates, two are for Vista itself, while the other is for Internet Explorer, with all three of them allowing ‘Remote Code Execution’. The two important updates are related to Vista itself, with one dealing with ‘Spoofing’, and the other ‘Elevation of Privilege’. We’ll know more specifics on Tuesday when further details are released. Continue reading “Vista Getting Critical Updates on April 8th”