2008 | Microsoft Security Response Center

Security Advisory 954474: Deployment Issue affecting System Center Configuration Manager 2007servers with SMS 2003 clients

Friday, June 13, 2008

Hello, This is Christopher Budd. I’m back here on the MSRC weblog after spending some time learning the Privacy side of our business (and getting my CIPP certification). I’m here to let you know that we’ve just posted Microsoft Security Advisory 954474. This advisory is to let customers know that we’re aware of an issue that is affecting the deployment of the June 2008 security updates.

2008年6月のセキュリティリリース

Tuesday, June 10, 2008

小野寺です今月は、事前通知でお伝えしていたとおり計 7 件 (緊急 3 件, 重要 3 件、警告 1 件)を公開しました

6月のワンポイントセキュリティ

Tuesday, June 10, 2008

小野寺です。 6 月のワンポイントセキュリティを公開しました。 Video: Security Updates This Month - June 2008 soapbox 版ではない、フルサイズ版

June 2008 Monthly Release

Tuesday, June 10, 2008

Hello! This is Tami Gallupe (MSRC Release Manager) and I want to let you know that we just posted our June 2008 Bulletins. We released seven bulletins today, which includes three bulletins with severity rating of Critical three bulletins with severity rating of Important and one with the severity rating of Moderate.

MS08-030: All bark and no bite? The case of the Bluetooth update

Tuesday, June 10, 2008

This morning we released a critical update for Windows addressing a vulnerability in the Microsoft Bluetooth stack (MS08-030). The bulletin is rated Critical since it allows an attacker to corrupt memory in the Windows kernel, which theoretically could allow an attacker to execute code in the context of the operating system on the remote computer.

MS08-033: So what breaks when you ACL quartz.dll?

Tuesday, June 10, 2008

In some of the multimedia MSRC bulletins that have been released there is a workaround listed about changing ACL’s on Quartz.dll. So, what exactly breaks when we ACL Quartz.dll? Quartz.dll is a core component of the DirectShow framework. Originally a component of DirectX, DirectShow eventually took on a life of its own as multimedia recording and playback evolved.

MS08-036: PGM? What is PGM?

Tuesday, June 10, 2008

This morning we released MS08-036 to fix two denial-of-service vulnerabilities in the Windows implementation of the Pragmatic General Multicast (PGM) protocol (RFC 3208). You probably have never heard of PGM. Only one engineer on our team had ever heard of it and he previously worked as a tester on the core network components team.

2008年6月のセキュリティリリース予定

Thursday, June 05, 2008

小野寺です。今月は、計 7 件 (緊急 3 件, 重要 3 件、警告 1 件) の公開を予定しています。リリース日は、週明

June 2008 Advance Notification

Thursday, June 05, 2008

Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, June 10, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.

Why there won't be a security update for WkImgSrv.dll

Thursday, June 05, 2008

Recently, there was a public post in milw0rm (http://www.milw0rm.com/exploits/5530), talking about an issue in the ActiveX control of Microsoft Works 7 WkImgSrv.dll. The PoC claims that it would achieve remote code execution. McAfee Avert Labs Blog also had a post about this (http://www.avertlabs.com/research/blog/index.php/2008/04/17/potential-microsoft-works-activex-0-day-surfaces/). At first glance the issue sounds serious, right?