FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx
January 8, 2008
"This bulletin summary lists security bulletins released for January 2008...

Critical (1)

Microsoft Security Bulletin MS08-001
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
- http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...

Important (1)

Microsoft Security Bulletin MS08-002
Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)
- http://www.microsoft.com/technet/security/bulletin/ms08-002.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Local Elevation of Privilege...

Other...

Microsoft Windows Malicious Software Removal Tool
Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS
• Microsoft has released -five- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft has released -two- non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.

Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."
---------------------

ISC Analysis
- http://isc.sans.org/diary.html?storyid=3819
Last Updated: 2008-01-08 18:25:59 UTC

Security Bulletins MS07-064 & MS07-057 revisions, MS07-042 re-released

The following bulletins have undergone a -minor- revision increment.

* MS07-064 - Critical
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
- http://www.microsoft.com/technet/security/bulletin/ms07-064.mspx
- Reason for Revision: Bulletin updated to remove known issues notation. This update does not have any known issues.
- Originally posted: December 11, 2007
- Updated: January 9, 2008
- Bulletin Severity Rating: Critical
- Version: 1.3

* MS07-057 - Critical
Cumulative security update for Internet Explorer
- http://www.microsoft.com/technet/security/bulletin/ms07-057.mspx
- Reason for Revision: Revised to add a known issue.
(Known issues since original release of the bulletin:
• KB904710*: WinINet ignores the policies that you set when you create a custom administrative template file in Windows XP with Service Pack 2 - * http://support.microsoft.com/kb/904710 )
- Originally posted: October 9, 2007
- Updated: January 9, 2008
- Bulletin Severity Rating: Critical
- Version: 1.2

The following bulletins have undergone a -major- revision increment.

* MS07-042 - Critical
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
- http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx
- Reason for Revision: Bulletin updated: Added Microsoft Word Viewer 2003 as an affected product. Also added an Update FAQ clarifying the kill bit for Microsoft XML Parser 2.6 and its applicability to this security update.
- Originally posted: August 14, 2007
- Updated: January 9, 2008
- Bulletin Severity Rating: Critical
- Version: 3.0

.

FYI... ThreatCon Level is 2

- http://www.symantec.com/avcenter/threatcon/learnabout.html
"The ThreatCon is currently at Level 2 in response to the disclosure of a critical remote vulnerability affecting the default configurations of Windows XP and Windows Vista. Nondefault configurations of Windows 2003 are also affected... The MS08-001 bulletin also addresses a remote kernel-based denial-of-service issue affecting nondefault configurations of Windows 2000, XP, and 2003. IBM Internet Security Systems, the team that discovered these kernel-based flaws, has recently released an official advisory* suggesting that the ICMP-based flaw, which Microsoft has considered a low-severity, denial-of-service issue, may in fact be exploitable to execute code. However, we have not confirmed this. Windows 2000 users who are not affected by the critical vulnerability may want to reevaluate their stance on patching the lower-severity issue in light of this new information. Multiple (3) Microsoft Windows TCP/IP Remote Code Execution and DoS Vulnerabilities
( * http://iss.net/threats/282.html ) The MS08-002 bulletin was also released to address a local privilege-escalation vulnerability affecting LSASS. Users are advised to review the Microsoft Security Bulletins and to apply the patches as soon as possible..."

* "...An attacker does not need to invoke any kind of user interaction to exploit this vulnerability. The lack of user interaction, widespread availability of the protocols, and the possibility of complete compromise of targeted systems means that administrators should treat this vulnerability as highly critical. The lack of user interaction makes this exploit a probable target for botnets, such as the Storm Worm. Administrators should monitor the signatures listed in the ISS Coverage section for any attempted worm or botnet activity. Administrators should also keep in mind that multicast traffic is usually received by multiple destinations, so a single stream of attack traffic would likely affect more than one target..."

FYI...

Microsoft Security Bulletin MS08-001 – Critical
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
- http://www.microsoft.com/technet/security/Bulletin/MS08-001.mspx
• V2.0 (January 23, 2008): Bulletin updated to add Windows Small Business Server 2003 Service Pack 2 as an affected product. Also added an FAQ to clarify that current Microsoft detection and deployment tools already correctly offer the update to Windows Small Business Server 2003 Service Pack 2 customers.

FYI... Microsoft Security Bulletin Re-Releases and Revisions

Microsoft Security Bulletin MS07-057 - Critical
Cumulative Security Update for Internet Explorer (939653)
- http://www.microsoft.com/technet/security/bulletin/ms07-057.mspx
• V1.0 (October 9, 2007): Bulletin published.
• V1.1 (October 10, 2007): Bulletin revised to correct the "What does the update do?" section for CVE-2007-3893.
• V1.2 (January 09, 2008): Bulletin revised to add a known issue.
• V1.3 (January 23, 2008): Bulletin revised to address rendering issues.

Microsoft Security Bulletin MS07-064 – Critical
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
- http://www.microsoft.com/technet/security/bulletin/ms07-064.mspx
• V1.0 (December 11, 2007): Bulletin published.
• V1.1 (December 12, 2007): Bulletin updated to reflect that DirectX that ships on Windows 2000 is not supported by SMS 2.0 unless the Extended Security Update Inventory Tool (ESUIT) is used.
• V1.2 (December 19, 2007): Bulletin updated to reflect a change to the Removal Information text in the Windows Vista Reference Table portion of the Security Update Information section. Also removed the web-based mitigation from vulnerability CVE-2007-3901.
• V1.3 (January 9, 2008): Bulletin updated to remove known issues notation. This update does not have any known issues.
• V2.0 (January 23, 2008): Bulletin updated to reflect that the update for DirectX 9.0 also applies to DirectX 9.0b and DirectX 9.0c.

Microsoft Security Bulletin MS07-068 - Critical
Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)
- http://www.microsoft.com/technet/security/bulletin/ms07-068.mspx
• V1.0 (December 11, 2007): Bulletin published...
• V1.2 (January 23, 2008): Bulletin updated to add an FAQ regarding installing the updates for Windows Media Format Runtime 9.5 on Windows XP Professional x64 Edition.

Microsoft Security Bulletin MS08-001 – Critical
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
- http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx
• V1.0 (January 8, 2008): Bulletin published.
• V2.0 (January 23, 2008): Bulletin updated to add Windows Small Business Server 2003 Service Pack 2 as an affected product. Also added an FAQ to clarify that current Microsoft detection and deployment tools already correctly offer the update to Windows Small Business Server 2003 Service Pack 2 customers.

.

FYI...

Microsoft Security Bulletin MS08-001 – Critical
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
- http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx
• V3.0 (January 25 2008): This bulletin was revised to clarify the impact of Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability (CVE-2007-0069*) on supported editions of Windows Small Business Server 2003 and Windows Home Server. Also included is an explanation and clarification that current Microsoft detection and deployment tools already correctly offer the update to systems running Windows Small Business Server 2003 and Windows Home Server.
* http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0069