July 2008 - Posts
Good news from the Windows Search team. In late July Windows Search 4.0 will be available on the Windows Update. For XP users available as "Optional" update and Windows Vista users will see it as a "Recommended" update.
Me, myself and I really do like this tool. Searches the hard drive and network drives pretty fast and within documents too.
For more information check the web site: Windows Search 4.0
Source: The Windows Experience Blog.
Sorry if it's a bit late but I was on a trip to Germany... and no Internet connection... But about a week ago Mozilla released a security update version for Firefox: 3.0.1. If the automated update has not installed it yet, then you can get it at: GetFirefox. The update is also available for the Mac and Linux. Read the release notes at: Firefox 3 Release Notes.
Just read at the Windows Experience Blog that a new version of Windows Live OneCare is available. Version 2.5. It seems it is rolled out to new customers and or subscribers who do a manual uninstall and reinstall. Eventually all subscribers are getting the update automatically.
Related links:
Microsoft released an advisory for a Office Word 2002 SP3 vulnerability.
Investigation indicates that customers who use all other supported versions of Microsoft Office Word, Microsoft Office Word Viewer, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, and Microsoft Office for Mac are not affected.
At this time, Microsoft is aware of limited, targeted attacks that attempt to use this vulnerability. While Microsoft Office Word 2000 does not appear vulnerable to this issue, Word 2000 may unexpectedly exit when opening a specially crafted .doc file that the attacker is using in an attempt to exploit the vulnerability.
More information: Microsoft Security Advisory (953635) and MSRC Blog.
This article at the BBC web site,
Computer experts have released software to tackle a security glitch in the internet's addressing system.
The flaw, discovered by accident, would allow criminals to redirect users to fake webpages, even if they typed the correct address into a browser.
Internet giants such as Microsoft are now distributing the security patch.
More at the BBC site here...
is related to the security patch Microsoft posted yesterday: Microsoft Security Bulletin MS08-037:
Summary:
This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008.
Patch Tuesday or patch Wednesday... it all depends on which part of the world you're in. For me it's patch Wednesday and yes, yesterday Microsoft released their monthly bulletin with 4 "important" updates.
On July 8th, Microsoft released the following updates:
Important:
- MS08-040 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
- MS08-038 - Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
- MS08-037 - Vulnerabilities in DNS Could Allow Spoofing (953230)
- MS08-039 - Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.
You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086.
Support:
See also: Microsoft Security Response Center (MSRC) blog
So, you all know the drill! If it's not downloaded by automatic updates then move your mouse pointer to Microsoft Update...
Microsoft has released an advisory for a MS Access remote code-execution vulnerability. The flaw lies in the Microsoft Snapshot Viewer ActiveX control, "snapview.ocx", which may allow remote code-execution attacks. This affects Office Access 2000, Office Access 2002 and Office Access 2003.
An attacker could exploit this vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution.
There's no patch available yet, but there are manual workarounds. For more information see Microsoft's Security Advisory (955179) and MSRC Blog.
Opera released a security and stability upgrade. For details see the Security section of the Changelog.
Download Opera's newest release Opera 9.51 for Windows.
A few days ago Adobe released version 9 of their Adobe Reader. It seems to add new capabilities, better performance and stronger security, according to Adobe Reader Weblog.
You can download the new version here. This download also comes with the new online product(s) Acrobat.com (Beta), which is possible to uninstall later if you don't need/want it...
Last time I was a bit late to tell you about the Windows Updates, but this time we have an advanced notification. On July 8th, Microsoft is releasing 4 "important" updates.
For more detailed information check TechNet and the post at the blog of Microsoft Security Response Center: July 2008 Advance Notification.
If you want to get these advanced notifications by email, RSS or Messenger then signup at: Microsoft Technical Security Notifications.
Have a wonderful day...
Starting at the end of this month, Microsoft Update Product Team will be rolling out an update to the Windows Update agent. You can read all the information in the posting at their team blog: Upcoming Update to Windows Update.
What it means for you... is that unless you have chosen "Turn Automatic Updates Off", you will receive this update. Otherwise you have to check for updates and install it yourself manually.