September 2006 - Posts
This update resolves a public vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx
I am so glad I don't have to choose between The Office and Grey's Anatomy - being Tivo-less I just don't know what I would do.
The FrontPage Server Extensions 2002 web download is not available anymore from the Microsoft web sites. This is due to the fact that the mainstream support for FrontPage Server Extensions 2002 web download which follows the Office XP/FrontPage 2002 life cycle expired on 7/11/2006. The following article explains the timelines: http://support.microsoft.com/lifecycle/?p1=1902
However, we understand that customers might need this download in situations where existing FPSE2002 installations are hampered in one way or the other. Considering this, it may be possible to obtain this download for reinstallation purposes only if you call MS support.
As part of Mozilla Corporation's ongoing stability and security update process, Firefox 1.5.0.7 is now available for Windows, Mac, and Linux for free download from getfirefox.com (http://www.getfirefox.com).
The security fixes are listed here: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.7
Federal judge sustains discrimination claims against Target; precedent establishes that retailers must make their websites accessible to the blind under the ADA
Berkeley, CA (September 7, 2006): A federal district court judge ruled yesterday that a retailer may be sued if its website is inaccessible to the blind. The ruling was issued in a case brought by the National Federation of the Blind against Target Corp. (Northern District of California Case No. C 06-01802 MHP)
The suit charges that Target's website http://www.target.com is inaccessible to the blind, and therefore violates the Americans with Disabilities Act. (ADA), the California Unruh Civil Rights Act, and the California Disabled Persons Act. Target asked the court to dismiss the action by arguing that no law requires Target to make its website accessible. The Court denied Target's motion to dismiss and held that the federal and state civil rights laws do apply to a website such as target.com.
http://www.nfb.org/nfb/Target_Sept_Release.asp?SnID=1985711710
On 12 September 2006 Microsoft is planning to release:
Security Updates
.Two Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Important. These updates will be detectable using the Microsoft Baseline Security Analyzer. Some of these updates will require a restart.
.One Microsoft Security Bulletin affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.
Microsoft Windows Malicious Software Removal Tool
.Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS.
Microsoft will release Two NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
.Microsoft will release three NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
http://www.microsoft.com/technet/security/bulletin/advance.mspx
Microsoft Security Advisory (925059)
Vulnerability in Word Could Allow Remote Code Execution
Published: September 6, 2006
Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000. In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.
http://www.microsoft.com/technet/security/advisory/925059.mspx
Did you notice the name has changed? I wonder what that signifies? You can download the Beta 1 from the Expression Web web site (be sure to read the IMPORTANT! notes). If you want to reports bugs, create an account at Microsoft Connect: http://www.microsoft.com/products/expression/en/reportbug.aspx
Remember - never install beta software on a production machine.
Happy testing!!
MSDN Webcast: Designing Standards-Based Web Sites with Expression Web Designer (Level 200)
Monday, September 11, 2006
1:00 P.M.–2:00 P.M. Pacific Time
In this session, we introduce you to the new Expression Web Designer tool, created to help professional designers collaborate with developers to build standards-based Web sites. Expression Web Designer provides full access to industry standards such as Cascading Style Sheets (CSS), XSL, XML, XHTML, and Microsoft ASP.NET 2.0, allowing designers to intuitively incorporate controls into their Web designs. As a result, designers can deliver Microsoft Visual Studio-compatible projects to developers, who can then use Visual Studio to add advanced functionalities such as security or database connections.
Presenter: Arturo Toledo, Product Manager, Microsoft Corporation
Register here: http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032307175&EventCategory=4&culture=en-US&CountryCode=US
MSDN Webcast: Exploring Basic Features of the New Microsoft Expression Web Designer (Level 200)
Friday, September 29, 2006
1:00 P.M.–2:00 P.M. Pacific Time
Microsoft Expression Web Designer is a new product that Web designers can use to easily and quickly produce high-quality, standards-based Web sites. In this session, we discuss some of the basic features of this exciting new Web development tool, including powerful task panes and design tools for greater productivity, cross-browser validation features for Web standards, and sophisticated Cascading Style Sheets (CSS) design tools for page layout and formatting. In addition, we compare how the features and performance of Expression Web Designer stack up against the longtime industry standard, Macromedia Dreamweaver.
Presenter: Christian Johnson, Graphic Designer, Exsilio Consulting, Inc
Register here: http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032307161&EventCategory=4&culture=en-US&CountryCode=US