DP's Security Bits

Microsoft Security Bulletin Advance Notification for July 2008

Don — Thu, 03 Jul 2008 19:03:00 GMT

Issued: July 3, 2008

This is an advance notification of security bulletins that
Microsoft is intending to release on July 8, 2008.

The full version of the Microsoft Security Bulletin Advance
Notification for July 2008 can be found at
http://www.microsoft.com/technet/security/bulletin/ms08-jul.mspx.

This bulletin advance notification will be replaced with the
July bulletin summary on July 8, 2008. For more information
about the bulletin advance notification service, see
http://www.microsoft.com/technet/security/Bulletin/advance.mspx.

To receive automatic notifications whenever
Microsoft Security Bulletins are issued, subscribe to Microsoft
Technical Security Notifications on
http://www.microsoft.com/technet/security/bulletin/notify.mspx.

Microsoft will host a webcast to address customer questions on
these bulletins on Wednesday, July 9, 2008,
at 11:00 AM Pacific Time (US & Canada). Register for the July
Security Bulletin Webcast at
http://www.microsoft.com/technet/security/bulletin/summary.mspx.

Microsoft also provides information to help customers prioritize
monthly security updates with any non-security, high-priority
updates that are being released on the same day as the monthly
security updates. Please see the section, Other Information.

This advance notification provides the software subject as the
bulletin identifier, because the official Microsoft Security
Bulletin numbers are not issued until release. The bulletin summary
that replaces this advance notification will have the proper
Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the
bulletin identifier. The security bulletins for this month are as
follows, in order of severity:

Important Security Bulletins

SQL Bulletin

- Affected Software:
    - Microsoft SQL Server 2000 Desktop Engine (WMSDE) on
      Microsoft Windows 2000 Service Pack 4
    - Microsoft SQL Server 2000 Desktop Engine (WMSDE) on
      Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - Windows Internal Database (WYukon) Service Pack 2 on
      Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - Microsoft SQL Server 2000 Desktop Engine (WMSDE) on
      Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Windows Internal Database (WYukon) x64 Edition Service Pack 2
      on Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Windows Internal Database (WYukon) Service Pack 2
      on Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation affected)
    - Windows Internal Database (WYukon) x64 Edition Service Pack 2
      on Windows Server 2008 for x64-based Systems
      (Windows Server 2008 Server Core installation affected)
    - GDR update for SQL Server 7.0 Service Pack 4
    - QFE update for SQL Server 7.0 Service Pack 4
    - GDR update for SQL Server 2000 Service Pack 4
    - QFE update for SQL Server 2000 Service Pack 4
    - GDR update for SQL Server 2000
      Itanium-based Edition Service Pack 4
    - QFE update for SQL Server 2000
      Itanium-based Edition Service Pack 4
    - GDR update for SQL Server 2005 Service Pack 2
    - QFE update for SQL Server 2005 Service Pack 2
    - GDR update for SQL Server 2005 x64 Edition Service Pack 2
    - QFE update for SQL Server 2005 x64 Edition Service Pack 2
    - GDR update for SQL Server 2005 with SP2 for
      Itanium-based Systems
    - QFE update for SQL Server 2005 with SP2 for
      Itanium-based Systems
    - GDR update for Microsoft Data Engine (MSDE) 1.0 Service Pack 4
    - QFE update for Microsoft Data Engine (MSDE) 1.0 Service Pack 4
    - GDR update for Microsoft SQL Server 2000
      Desktop Engine (MSDE 2000) Service Pack 4
    - QFE update for Microsoft SQL Server 2000
      Desktop Engine (MSDE 2000) Service Pack 4
    - GDR update for Microsoft SQL Server 2005
      Express Edition Service Pack 2
    - QFE update for Microsoft SQL Server 2005
      Express Edition Service Pack 2
    - GDR update for Microsoft SQL Server 2005
      Express Edition with Advanced Services Service Pack 2
    - QFE update for Microsoft SQL Server 2005
      Express Edition with Advanced Services Service Pack 2

    - Impact: Elevation of Privilege
    - Version Number: 1.0

Windows Bulletin 1

- Affected Software:
    - Windows Vista and
      Windows Vista Service Pack 1
    - Windows Vista x64 Edition and
      Windows Vista x64 Edition Service Pack 1
    - Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation affected)
    - Windows Server 2008 for x64-based Systems
      (Windows Server 2008 Server Core installation affected)
    - Windows Server 2008 for Itanium-based Systems

    - Impact: Remote Code Execution
    - Version Number: 1.0

Windows Bulletin 2

- Affected Software:
    - Client update for Microsoft Windows 2000 Service Pack 4
    - Server update for Microsoft Windows 2000 Service Pack 4
    - Client update for Windows XP Service Pack 2 and
      Windows XP Service Pack 3
    - Client update for Windows XP Professional x64 Edition and
      Windows XP Professional x64 Edition Service Pack 2
    - Client update for Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - Server update for Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - Client update for Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Server update for Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Client update for Windows Server 2003 with SP1 for
      Itanium-based Systems and
      Windows Server 2003 with SP2 for Itanium-based Systems
    - Server update for Windows Server 2003 with SP1 for
      Itanium-based Systems and
      Windows Server 2003 with SP2 for Itanium-based Systems
    - Server update for Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation affected)
    - Server update for Windows Server 2008 for x64-based Systems
      (Windows Server 2008 Server Core installation affected)

    - Impact: Spoofing
    - Version Number: 1.0

Exchange Server Bulletin

- Affected Software:
    - Microsoft Exchange Server 2003 Service Pack 2
    - Microsoft Exchange Server 2007
    - Microsoft Exchange Server 2007 Service Pack 1

    - Impact: Elevation of Privilege
    - Version Number: 1.0

Other Information

Microsoft Windows Malicious Software Removal Tool:

Microsoft will release an updated version of the Microsoft Windows
Malicious Software Removal Tool on Windows Update, Microsoft Update,
Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS:

For information about non-security releases on Windows Update and
Microsoft
update, please see:
* http://support.microsoft.com/kb/894199: Microsoft Knowledge Base
Article 894199, Description of Software Update Services and
Windows Server Update Services changes in content for 2008.
Includes all Windows content.
* http://technet.microsoft.com/en-us/wsus/bb466214.aspx: New,
Revised, and Released Updates for Microsoft Products Other Than
Microsoft Windows

Microsoft Security Advisory Notification - July 2, 2008

Don — Thu, 03 Jul 2008 04:55:00 GMT

Issued: July 2, 2008

Security Advisories Updated or Released Today

* Microsoft Security Advisory (953818)
- Title: Blended Threat from Combined Attack Using
Apple's Safari on the Windows Platform
- http://www.microsoft.com/technet/security/advisory/953818.mspx
- Revision Note: July 2, 2008: Updated the Suggested Actions.

Firefox 2.0.0.15 Released

Don — Wed, 02 Jul 2008 10:57:00 GMT

Known Vulnerabilities Fixed in Firefox 2.0.0.15:

MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-32 Remote site run as local file via Windows URL shortcut
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-30 File location URL in directory listings not escaped properly
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-23 Signed JAR tampering
MFSA 2008-22 XSS through JavaScript same-origin violation
MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)

http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15

Apple closes holes in Mac OS X, Safari

Don — Wed, 02 Jul 2008 09:51:00 GMT

Apple plugged 25 security holes in components of its Mac OS X operating system on Monday, closing remote execution vulnerabilities in its Safari Web browser and the Ruby Web programming language.

The software patch -- the fourth this year for Apple's Mac OS X -- also fixed flaws in the open-source Apache Tomcat Java server, Apple's VPN client, the operating system's screen lock, and the handling of potentially unsafe types of content. While the open-source Apache Tomcat server racked up the most vulnerabilities, the most severe issues affect the Ruby Web programming language, WebKit library for Safari, and Mac OS X core library functions.

http://www.securityfocus.com/brief/767

Microsoft Security Advisory Notification - June 30, 2008

Don — Mon, 30 Jun 2008 22:01:00 GMT

Issued: June 30, 2008

Security Advisories Updated or Released Today

* Microsoft Security Advisory (954960)
- Title: Microsoft Windows Server Update Services
(WSUS) Blocked from Deploying Security Updates
- http://www.microsoft.com/technet/security/advisory/954960.mspx
- Revision Note: Advsiory published.

Onslaught of fake Microsoft patch spam

Don — Mon, 30 Jun 2008 21:13:00 GMT

Websense® Security Labs™ ThreatSeeker™ Network has discovered a substantial number of spam messages utilizing a reliable social engineering trick that lures users to download a Microsoft critical security update.

Details ...

Malware morphs to greater numbers

Don — Wed, 25 Jun 2008 20:37:00 GMT

The number of signatures required to detect malicious code skyrocketed in the first half of 2008, increasing by 80 percent since the end of 2007, according to data released by antivirus firm F-Secure on Tuesday.

The data -- part of the F-Secure's IT Security Threat Summary -- showed that the company currently requires nearly 900,000 different signatures, also referred to as "definitions" or "detections," in its product to catch current threats, up from 500,000 signatures at the end of 2007.

http://www.securityfocus.com/brief/763

Microsoft Security Advisory Notification - June 24, 2008

Don — Wed, 25 Jun 2008 17:03:00 GMT

Issued: June 24, 2008

Security Advisories Updated or Released Today

* Microsoft Security Advisory (954462)
- Title: Rise in SQL Injection Attacks Exploiting
Unverified User Data Input
- http://www.microsoft.com/technet/security/advisory/954462.mspx
- Revision Note: Advisory published.

Microsoft Security Bulletin Revisions - June 24, 2008

Don — Tue, 24 Jun 2008 21:53:00 GMT

Issued: June 24, 2008

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS07-042 - Critical

Bulletin Information:

* MS07-042 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx
- Reason for Revision: V4.0 (June 24, 2008): Bulletin updated:
    Added Windows XP Service Pack 3, Windows Vista Service Pack
    1, Windows Vista x64 Edition Service Pack 1, Windows Server
    2008 for 32-bit Systems, Windows Server 2008 for x64-based
    Systems, and Windows Server 2008 for Itanium-based Systems as
    affected software. This is a detection update only. There
    were no changes to the binaries.
- Originally posted: August 14, 2007
- Updated: June 24, 2008
- Bulletin Severity Rating: Critical
- Version: 4.0

Microsoft Security Advisory Notification - June 20, 2008

Don — Sat, 21 Jun 2008 16:33:00 GMT

Issued: June 20, 2008

Security Advisories Updated or Released Today

* Microsoft Security Advisory (953818)
- Title: Blended Threat from Combined Attack Using
Apple's Safari on the Windows Platform
- http://www.microsoft.com/technet/security/advisory/953818.mspx
- Revision Note: June 20, 2008: Advisory updated to provide
link to related Apple security advisory.

New Phishing/Storm Worm Variant Spreading

Don — Fri, 20 Jun 2008 10:32:00 GMT

US-CERT has received reports of new phishing activity, some of which has been linked to Storm Worm. The latest activity is centered around messages related to the recent earthquake in China and the upcoming Olympic Games. This Trojan is spread via an unsolicited email message that contains a link to a malicious website. This website contains a video that, when opened, may run the executable file "beijing.exe" to infect the user's system with malicious code.

Reports, including a posting by Symantec, indicate that the following subject lines are being used. Please note that subject lines can change at any time.

The most powerful quake hits China

Countless victims of earthquake in China

Death toll in China is growing

Recent earthquake in china took a heavy toll

Recent china earthquake kills million

China is paralyzed by new earthquake

Death toll in China exceeds 1000000

A new powerful disaster in China

A new deadly catastrophe in China

2008 Olympic Games are under the threat

China's most deadly earthquake

US-CERT encourages users and administrators to take the following preventative measures to mitgate the security risks:

Install anti-virus software, and keep its virus signature files up-to-date.

Do not follow unsolicited web links received in email messages.

Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.

Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

US-CERT reminds users to beware of future phishing attacks that may target natural disasters and the Olympic Games.

http://www.us-cert.gov/current/index.html#new_storm_worm_variant_spreads2

Opera adds security, Firefox coming

Don — Sat, 14 Jun 2008 12:57:00 GMT

Security-conscious users will have a choice to make in the next week.

Software maker Opera released the latest version of its browser, Opera 9.5, on Thursday, and rival Mozilla announced it would release a major update of its Firefox browser on June 17. Both browsers add a number of security-focused features, chief among them technology designed to block the downloading and execution of malicious code. Microsoft's next major version of its browser, Internet Explorer 8, is currently in beta and will also include anti-malware features.

http://www.securityfocus.com/brief/755

Microsoft Security Advisory Notification - June 13, 2008

Don — Sat, 14 Jun 2008 08:07:00 GMT

Issued: June 13, 2008

Security Advisories Updated or Released Today

* Microsoft Security Advisory (954474)
- Title: System Center Configuration Manager 2007
Blocked from Deploying Security Updates
- http://www.microsoft.com/technet/security/advisory/954474.mspx
- Revision Note: Advisory published

Microsoft Security Bulletin Re-Releases - June 10, 2008

Don — Tue, 10 Jun 2008 21:24:00 GMT

Issued: June 10, 2008

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS07-068 - Critical
* MS06-078 - Critical

Bulletin Information:

* MS07-068 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms07-068.mspx
- Reason for Revision: V2.0 (June 10, 2008): Bulletin updated to
    add Windows Media Format Runtime 9, Windows Media Format
    Runtime 9.5, and Windows Media Format Runtime 11 as affected
    components for Windows XP Service Pack 3. This is a detection
    change only. There were no changes to the binaries.
- Originally posted: December 11, 2007
- Updated: June 10, 2008
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS06-078 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx
- Reason for Revision: V5.0 (June 10, 2008): Bulletin updated to
    add Microsoft Windows XP Service Pack 3 to the Affected
    Software section for Microsoft Windows Media Format 7.1
    through 9.5 Series Runtime and to the Affected Software
    section for Microsoft Windows Media Player 6.4. This is a
    detection change only. There were no changes to the binaries.
- Originally posted: December 12, 2006
- Updated: June 10, 2008
- Bulletin Severity Rating: Critical
- Version: 5.0

Microsoft Security Bulletin(s) for June 10, 2008

Don — Tue, 10 Jun 2008 17:48:00 GMT

Note: There may be latency issues due to replication, if the page does not display keep refreshing
June 10, 2008

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

June Bulletin Summary

Critical (3)

MS08-030 - Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
MS08-031 - Cumulative Security Update for Internet Explorer (950759)
MS08-033 - Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)

Important (3)

MS08-034 - Vulnerability in WINS Could Allow Elevation of Privilege (948745)
MS08-035 - Vulnerability in Active Directory Could Allow Denial of Service (953235)
MS08-036 - Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)

Moderate (1)

MS08-032 - Cumulative Security Update of ActiveX Kill Bits (950760)

This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.

Microsoft Security Advisory Notification - June 6, 2008

Don — Sat, 07 Jun 2008 07:18:00 GMT

Microsoft Security Advisory Notification

Issued: June 6, 2008

Security Advisories Updated or Released Today

* Microsoft Security Advisory (953818)

- Title: Blended Threat from Combined Attack Using
Apple's Safari on the Windows Platform
- http://www.microsoft.com/technet/security/advisory/953818.mspx
- Revision Note: June 6, 2008: Modified the steps in the
workaround and added acknowledgment.

Opera sings anti-malware tune

Don — Fri, 06 Jun 2008 18:06:00 GMT

Software maker Opera announced on Friday that its browser of the same name will incorporate anti-malware features starting with the next version.

The feature -- to be added in the next version of the browser, Opera 9.5 -- will prevent users from downloading programs from Web pages that purposefully or inadvertently attempt to infected visitors with malicious code. The browser's ability to block known malicious links puts the soon-to-be-released browser on par with its competitors' software -- Microsoft's Internet Explorer 8 and Mozilla's Firefox 3 -- both which have anti-malware features.

http://www.securityfocus.com/brief/750

Hong Kong hosts most risky sites, says McAfee

Don — Thu, 05 Jun 2008 19:31:00 GMT

The Chinese territory of Hong Kong and the People's Republic of China are home to the largest fraction of malicious Web sites, according to a report published by antivirus company McAfee on Wednesday.

In its report, Mapping the Mal Web Revisited, the company found that the top-level domains with the largest proportion of malicious sites belonged to Hong Kong (.hk) and China (.cn) with the Philippines (.ph) and Romania (.ro) tied for fourth. The company surveyed nearly 10 million heavily-trafficked Web sites around the world and found that 19.2 percent of all Web sites ending in the .hk posed a danger to visitors. Approximately 11 percent of Web sites in mainland China's top-level domain were rated as risky by SiteAdvisor.

http://www.securityfocus.com/brief/749

MS Security Bulletin Advance Notification - Jun 5, 2008

Don — Thu, 05 Jun 2008 17:41:00 GMT

Microsoft Security Bulletin Advance Notification for June 2008
Issued: June 5, 2008

This is an advance notification of security bulletins that
Microsoft is intending to release on June 10, 2008.

The full version of the Microsoft Security Bulletin Advance
Notification for June 2008 can be found at
http://www.microsoft.com/technet/security/bulletin/ms08-jun.mspx.

This bulletin advance notification will be replaced with the
June bulletin summary on June 10, 2008. For more information
about the bulletin advance notification service, see
http://www.microsoft.com/technet/security/Bulletin/advance.mspx.

Microsoft will host a webcast to address customer questions on
these bulletins on Wednesday, June 11, 2008,
at 11:00 AM Pacific Time (US & Canada). Register for the June
Security Bulletin Webcast at
http://www.microsoft.com/technet/security/bulletin/summary.mspx.

Microsoft also provides information to help customers prioritize
monthly security updates with any non-security, high-priority
updates that are being released on the same day as the monthly
security updates. Please see the section, Other Information.

This advance notification provides the software subject as the
bulletin identifier, because the official Microsoft Security
Bulletin numbers are not issued until release. The bulletin summary
that replaces this advance notification will have the proper
Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the
bulletin identifier. The security bulletins for this month are as
follows, in order of severity:

Critical Security Bulletins

Bluetooth Bulletin

- Affected Software:
    - Windows XP Service Pack 2 and Windows XP Service Pack 3
    - Windows XP Professional x64 Edition and Windows XP
      Professional x64 Edition Service Pack 2
    - Windows Vista and Windows Vista Service Pack 1
    - Windows Vista x64 Edition and Windows Vista x64 Edition
      Service Pack 1

    - Impact: Remote Code Execution
    - Version Number: 1.0

Internet Explorer Bulletin

- Affected Software:
    - Internet Explorer 5.01 Service Pack 4 on Microsoft Windows
      2000 Service Pack 4
    - Internet Explorer 6 Service Pack 1 when installed on Microsoft
      Windows 2000 Service Pack 4
    - Internet Explorer 6 for Windows XP Service Pack 2 and Windows
      XP Service Pack 3
    - Internet Explorer 6 for Windows XP Professional x64 Edition
      and Windows XP Professional x64 Edition Service Pack 2
    - Internet Explorer 6 for Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - Internet Explorer 6 for Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Internet Explorer 6 for Windows Server 2003 with SP1 for
      Itanium-based Systems and Windows Server 2003 with SP2 for
      Itanium-based Systems
    - Internet Explorer 7 for Windows XP Service Pack 2 and Windows
      XP Service Pack 3
    - Internet Explorer 7 for Windows XP Professional x64 Edition
      and Windows XP Professional x64 Edition Service Pack 2
    - Internet Explorer 7 for Windows Server 2003 Service Pack 1 and
       Windows Server 2003 Service Pack 2
    - Internet Explorer 7 for Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Internet Explorer 7 for Windows Server 2003 with SP1 for
      Itanium-based Systems and Windows Server 2003 with SP2 for
      Itanium-based Systems
    - Internet Explorer 7 in Windows Vista and Windows Vista Service
      Pack 1
    - Internet Explorer 7 in Windows Vista x64 Edition and Windows
      Vista x64 Edition Service Pack 1
    - Internet Explorer 7 in Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation affected)
    - Internet Explorer 7 in Windows Server 2008 for x64-based
      Systems (Windows Server 2008 Server Core installation affected)
    - Internet Explorer 7 in Windows Server 2008 for Itanium-based
      Systems

    - Impact: Remote Code Execution
    - Version Number: 1.0

DirectX Bulletin

- Affected Software:
    - DirectX 7.0 on Microsoft Windows 2000 Service Pack 4
    - DirectX 8.1 on Microsoft Windows 2000 Service Pack 4
    - DirectX 9.0, DirectX 9.0b, and DirectX 9.0c on Microsoft
      Windows 2000 Service Pack 4
    - DirectX 9.0, DirectX 9.0b, and DirectX 9.0c on Windows XP
      Service Pack 2 and Windows XP Service Pack 3
    - DirectX 9.0, DirectX 9.0b, and DirectX 9.0c on Windows XP
      Professional x64 Edition and Windows XP Professional x64
      Edition Service Pack 2
    - DirectX 9.0, DirectX 9.0b, and DirectX 9.0c on Windows Server
      2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    - DirectX 9.0, DirectX 9.0b, and DirectX 9.0c on Windows Server
      2003 x64 Edition and Windows Server 2003 x64 Edition Service
      Pack 2
    - DirectX 9.0, DirectX 9.0b, and DirectX 9.0c on Windows Server
      2003 with SP1 for Itanium-based Systems and Windows Server
      2003 with SP2 for Itanium-based Systems
    - DirectX 10.0 on Windows Vista and Windows Vista Service Pack 1
    - DirectX 10.0 on Windows Vista x64 Edition and Windows Vista
      x64 Edition Service Pack 1
    - DirectX 10.0 on Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation not affected)
    - DirectX 10.0 on Windows Server 2008 for x64-based Systems
      (Windows Server 2008 Server Core installation not affected)
    - DirectX 10.0 on Windows Server 2008 for Itanium-based Systems

    - Impact: Remote Code Execution
    - Version Number: 1.0

Important Security Bulletins

WINS Bulletin

- Affected Software:
    - Microsoft Windows 2000 Server Service Pack 4
    - Windows Server 2003 Service Pack 1 and Windows Server 2003
      Service Pack 2
    - Windows Server 2003 x64 Edition and Windows Server 2003 x64
      Edition Service Pack 2
    - Windows Server 2003 with SP1 for Itanium-based Systems and
      Windows Server 2003 with SP2 for Itanium-based Systems

    - Impact: Elevation of Privilege
    - Version Number: 1.0

Active Directory Bulletin

- Affected Software:
    - Active Directory on Microsoft Windows 2000 Server Service Pack
      4
    - ADAM when installed on Windows XP Service Pack 2 and Windows
      XP Service Pack 3
    - ADAM when installed on Windows XP Professional x64 Edition
      and Windows XP Professional x64 Edition Service Pack 2
    - Active Directory on Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - ADAM when installed on Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - Active Directory on Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - ADAM when installed on Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Active Directory on Windows Server 2003 with SP1 for Itanium-
      based Systems and Windows Server 2003 with SP2 for Itanium-
      based Systems
    - Active Directory on Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation affected)
    - AD LDS on Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation affected)
    - Active Directory on Windows Server 2008 for x64-based Systems
      (Windows Server 2008 Server Core installation affected)
    - AD LDS on Windows Server 2008 for x64-based Systems
      (Windows Server 2008 Server Core installation affected)

    - Impact: Denial of Service
    - Version Number: 1.0

PGM Bulletin

- Affected Software:
    - Windows XP Service Pack 2 and Windows XP Service Pack 3
    - Windows XP Professional x64 Edition and Windows XP
      Professional x64 Edition Service Pack 2
    - Windows Server 2003 Service Pack 1 and Windows Server 2003
      Service Pack 2
    - Windows Server 2003 x64 Edition and Windows Server 2003 x64
      Edition Service Pack 2
    - Windows Server 2003 with SP1 for Itanium-based Systems and
      Windows Server 2003 with SP2 for Itanium-based Systems
    - Windows Vista and Windows Vista Service Pack 1
    - Windows Vista x64 Edition and Windows Vista x64 Edition
      Service Pack 1
    - Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation not affected)
    - Windows Server 2008 for x64-based Systems
      (Windows Server 2008 Server Core installation not affected)
    - Windows Server 2008 for Itanium-based Systems

    - Impact: Denial of Service
    - Version Number: 1.0

Moderate Security Bulletins

Kill Bit Bulletin

- Affected Software:
    - Microsoft Windows 2000 Service Pack 4
    - Windows XP Service Pack 2 and Windows XP Service Pack 3
    - Windows XP Professional x64 Edition and Windows XP
      Professional x64 Edition Service Pack 2
    - Windows Server 2003 Service Pack 1 and Windows Server 2003
      Service Pack 2
    - Windows Server 2003 x64 Edition and Windows Server 2003 x64
      Edition Service Pack 2
    - Windows Server 2003 with SP1 for Itanium-based Systems and
      Windows Server 2003 with SP2 for Itanium-based Systems
    - Windows Vista and Windows Vista Service Pack 1
    - Windows Vista x64 Edition and Windows Vista x64 Edition
      Service Pack 1
    - Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation affected)
    - Windows Server 2008 for x64-based Systems
      (Windows Server 2008 Server Core installation affected)
    - Windows Server 2008 for Itanium-based Systems

    - Impact: Remote Code Execution
    - Version Number: 1.0

Other Information

Microsoft Windows Malicious Software Removal Tool:

Microsoft will release an updated version of the Microsoft Windows
Malicious Software Removal Tool on Windows Update, Microsoft Update,
Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS:

For information about non-security releases on Windows Update and
Microsoft
update, please see:
* http://support.microsoft.com/kb/894199: Microsoft Knowledge Base
Article 894199, Description of Software Update Services and
Windows Server Update Services changes in content for 2008.
Includes all Windows content.
* http://technet.microsoft.com/en-us/wsus/bb466214.aspx: New,
Revised, and Released Updates for Microsoft Products Other Than
Microsoft Windows

Microsoft Security Bulletin Minor Revisions - June 4, 2008

Don — Thu, 05 Jun 2008 06:47:00 GMT

Title: Microsoft Security Bulletin Minor Revisions
Issued: June 4, 2008

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS08-028 - Critical
* MS08-027 - Critical
* MS08-015 - Critical
* MS08-014 - Critical

Bulletin Information:

* MS08-028 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms08-028.mspx
- Reason for Revision: V1.2 (June 4, 2008): Added a link to
    Microsoft Knowledge Base Article 950749 under Known Issues in
    the Executive Summary.
- Originally posted: May 13, 2008
- Updated: June 4, 2008
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS08-027 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms08-027.mspx
- Reason for Revision: V1.1 June 4, 2008: Added a link to Microsoft
    Knowledge Base Article 951208 under Known Issues in the
    Executive Summary.
- Originally posted: May 13, 2008
- Updated: June 4, 2008
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS08-015 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms08-015.mspx
- Reason for Revision: V1.5 (June 4, 2008): Bulletin updated: Added
    entry to Update FAQ to explain why the update may be offered
    even when Affected Software isn't present on the system.
- Originally posted: March 11, 2008
- Updated: June 4, 2008
- Bulletin Severity Rating: Critical
- Version: 1.5

* MS08-014 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms08-014.mspx
- Reason for Revision: V3.2 (June 4, 2008): Bulletin updated: Added
    entry to Update FAQ to explain why the update may be offered
    even when Affected Software isn't present on the system.
- Originally posted: March 11, 2008
- Updated: June 4, 2008
- Bulletin Severity Rating: Critical
- Version: 3.2