spiderwebwoman : Security

IE 6 crashes after you install security update MS07-069 on a computer that is running Windows XP SP2

Kathleen Anderson — Thu, 20 Dec 2007 23:47:00 GMT

This happened on one of my PCs last night - you need to edit the registry to fix it, but Jesper Johansson's got an installer that will do that for you.

Update: http://support.microsoft.com/kb/946627 has been updated.

It now has a description of the IE6 crash and a link to a file you can download from the Microsoft Download site to add the registry entry required to prevent the crash.

I also noticed on one of my PCs at home this morning that Microsoft Update is pushing this out as a high-priority update.

You've upgraded to IE 7 and now FrontPage won't save your userid and password when publishing to remote servers

Kathleen Anderson — Thu, 08 Nov 2007 15:49:00 GMT

The fix that worked for me has two parts:

1. Bring up your remote site in IE 7. Then go to Tools > Internet Options > Security > Trusted Sites > Sites and Add your site to the list. Then Close > Apply > OK. You may need to restart IE 7 for this to take effect.

2. In IE 7, Tools > Internet Options > Security > Trusted Sites > Custom Level > User Authentication > Logon > Automatic logon with current Username and password and then OK your way back out.

TechNet Webcast: Secure, Simplified Web Publishing Using Internet Information Services 7.0

Kathleen Anderson — Sat, 29 Sep 2007 01:14:00 GMT

Event Overview

Learn how Web publishing is changing for Microsoft Internet Information Services (IIS) version 7.0. In this webcast, we take an in-depth look at the new FTP service for IIS 7.0, with demonstrations that showcase new features such as FTP over Secure Sockets Layer (SSL), enhanced security, and improved supportability options. We also discuss plans for a version of the Microsoft Office FrontPage Server Extensions for the Windows Server 2008 and Windows Vista operating systems, in addition to a new Web Distributed Authoring and Versioning (WebDAV) implementation for IIS 7.0.

Tuesday, October 16, 2007 11:30 AM Pacific Time (US & Canada)

Presenter: Robert McMurray, Program Manager, Microsoft Corporation

Register at http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032352158&EventCategory=4&culture=en-US&CountryCode=US

Microsoft Security Bulletin(s) for 6/12/2007

Kathleen Anderson — Wed, 13 Jun 2007 00:38:00 GMT

June 12, 2007

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security<http://www.microsoft.com/technet/security> and www.microsoft.com/security<http://www.microsoft.com/security> are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://www.microsoft.com/technet/security/Bulletin/ms07-Jun.mspx

Critical Bulletins:

Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840) http://www.microsoft.com/technet/security/Bulletin/ms07-031.mspx

Cumulative Security Update for Internet Explorer (933566) http://www.microsoft.com/technet/security/Bulletin/ms07-033.mspx

Cumulative Security Update for Outlook Express and Windows Mail (929123) http://www.microsoft.com/technet/security/Bulletin/ms07-034.mspx

Vulnerability in Win 32 API Could Allow Remote Code Execution (935839) http://www.microsoft.com/technet/security/Bulletin/ms07-035.mspx

Important Bulletins:

Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051) http://www.microsoft.com/technet/security/Bulletin/ms07-030.mspx

Moderate Bulletins:

Vulnerability in Windows Vista Could Allow Information Disclosure (931213) http://www.microsoft.com/technet/security/Bulletin/ms07-032.mspx

Microsoft Security Bulletin MS06-055 - Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486)

Kathleen Anderson — Tue, 26 Sep 2006 23:45:00 GMT

This update resolves a public vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.

If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx

Known Issue Documented for MS06-049

Kathleen Anderson — Fri, 15 Sep 2006 21:13:00 GMT

http://blogs.technet.com/msrc/archive/2006/09/15/456646.aspx

Firefox 1.5.0.7 Security and Stability Update

Kathleen Anderson — Fri, 15 Sep 2006 21:05:00 GMT

As part of Mozilla Corporation's ongoing stability and security update process, Firefox 1.5.0.7 is now available for Windows, Mac, and Linux for free download from getfirefox.com (http://www.getfirefox.com).

The security fixes are listed here: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.7

Microsoft Security Bulletin Advance Notification

Kathleen Anderson — Thu, 07 Sep 2006 17:17:00 GMT

On 12 September 2006 Microsoft is planning to release:

Security Updates

.Two Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Important. These updates will be detectable using the Microsoft Baseline Security Analyzer. Some of these updates will require a restart.

.One Microsoft Security Bulletin affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.

Microsoft Windows Malicious Software Removal Tool

.Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.

Note that this tool will NOT be distributed using Software Update Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS.

Microsoft will release Two NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).

.Microsoft will release three NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

http://www.microsoft.com/technet/security/bulletin/advance.mspx

Microsoft Security Advisory (925059) Vulnerability in Word Could Allow Remote Code Execution

Kathleen Anderson — Thu, 07 Sep 2006 01:36:00 GMT

Microsoft Security Advisory (925059)
Vulnerability in Word Could Allow Remote Code Execution
Published: September 6, 2006

Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000. In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.

http://www.microsoft.com/technet/security/advisory/925059.mspx

New version of MS06-042 (KB918899) under development

Kathleen Anderson — Tue, 15 Aug 2006 22:56:00 GMT

From: http://support.microsoft.com/kb/918899/EN-US/

A new version of security update 918899 is currently in development and will be released to all Microsoft Internet Explorer 6 Service Pack 1 customers by August 22, 2006. The new update will be available on the Microsoft Download Center and by using Windows Update. Customers who are using any version of Internet Explorer other than Internet Explorer 6 Service Pack 1 together with any Windows version are not affected by this release and do not have to take any action. We recommend that customers who are not experiencing this issue continue to deploy security update 918899 in their environments to receive protection from the vulnerabilities that are documented in security bulletin MS06-042. Customers who experience this issue should apply the new security update when it is available. Customers who want to avoid the issue before the new security update is available may apply hotfix 923762.

Problems with MS06-042 (KB918899) and web sites that use the HTTP 1.1 protocol and compression

Kathleen Anderson — Sat, 12 Aug 2006 00:04:00 GMT

We've seen a number of reports since (Patch) Tuesday from folks running either Windows 2000 or Windows XP SP1 that IE is crashing when accessing certain sites, most notably PeopleSoft applications. It was (strongly) suspected that MS06-042 (KB918899) was causing the problem - for most people, uninstalling the patch made the problem go away.

A couple of workarounds were posted, one requiring a server setting change, the other required a browser setting change.

Late this afternoon, Microsoft announced the availability of a hotfix for this problem.

Microsoft Security Bulletin Summary for June, 2006

Kathleen Anderson — Tue, 13 Jun 2006 18:23:00 GMT

http://www.microsoft.com/technet/security/bulletin/ms06-jun.mspx

Tomorrow is Patch Tuesday - are you ready?

Kathleen Anderson — Mon, 12 Jun 2006 21:49:00 GMT

The current count of patches to be released tomorrow by Microsoft is 12 - I think that's a record.

If you need an (additional) incentive to apply Microsoft Security Bulletin MS06-017, here it is

Kathleen Anderson — Tue, 16 May 2006 19:04:00 GMT

In addition to fixing some security issues, MS06-017 has an extra bonus feature that will please FrontPage users that develop locally on IIS under Windows XP - it fixes the 'Update All Pages" function for DWTs.

Here's the text from the KB article that came out last fall when the hotfix was released for Windows Server 2003: When you save changes to a Dynamic Web Template (.dwt) file, all the Web pages that are linked to the .dwt file may not be changed. This problem occurs when the .dwt file is part of a Microsoft FrontPage 2002 Server Extensions (FPSE) from Microsoft Web site that is running on a Microsoft Windows Server 2003-based computer.

Apply MS06-017 to your Windows XP Pro PC running IIS and FPSE2002 and the problem is fixed.

Unix FrontPage Server Extensions Patch Released - MS06-017

Kathleen Anderson — Thu, 04 May 2006 18:38:00 GMT

FrontPage 2002 Server Extensions Release
May 2, 2006
Microsoft Security Bulletin MS06-017

Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)

A security issue has been identified that could allow an attacker to remotely compromise your system using the FrontPage Server Extensions and gain control over it.

It is recommended that you upgrade to the latest release of the extensions, version 5.0.2.4803. They are available on our download page.

Microsoft Security Bulletin MS06-015 Updated: April 20, 2006

Kathleen Anderson — Fri, 21 Apr 2006 14:09:00 GMT

http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx

Frequently asked questions (FAQ) related to this security update

I've heard of issues with this security update. Does Microsoft plan to release a revised security update to address these issues?

Microsoft has completed its initial investigation into issues involving old third party software that customers may have experienced after the installation of this security update. On Tuesday, April 25, Microsoft will issue a targeted re-release of the MS06-015 update.

Note Customers who have already applied the MS06-015 update who are not experiencing the problem need take no action.

Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)

Kathleen Anderson — Mon, 17 Apr 2006 00:23:00 GMT

Microsoft Security Bulletin MS06-017
Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)
Published: April 11, 2006

Executive Summary:

This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.

Issues that the security update fixes

The installation of Outlook Express Patch 911567 prevents saved unsent message eml files from being opened as unsent messages.

Kathleen Anderson — Sun, 16 Apr 2006 23:21:00 GMT

The installation of Outlook Express Patch 911567 prevents saved unsent message eml files from being opened as unsent messages. Instead, they open as sent messages and cannot be resent. This is because the patch causes Outlook Express to ignore the unsent flag in the message, so the message opens as a sent message, even though it has not been sent.

Uninstall Outlook Express Patch 911567 (April 11, 2006) to restore unsent message functionality

Problems in Windows Explorer/ Windows shell due to 908531

Kathleen Anderson — Sun, 16 Apr 2006 23:15:00 GMT

On April 11, Microsoft released a security update via Automatic Updates & Windows / Microsoft Update to fix some security issues.
See http://support.microsoft.com/kb/908531/

This update applies to Win2000, SBS systems, Win XP, and Windows Server 2003.

Subsequent to this fix, many users have reported various problems in Windows Explorer and also with Internet Explorer, as well as other programs & functions. Many examples can be seen in the MS public newsgroups (and likely elsewhere).

This post, at AumHa Forums, has a list of reported problems, and suggestions on how to resolve them.

Microsoft Security Bulletins for April 11, 2006

Kathleen Anderson — Tue, 11 Apr 2006 22:47:00 GMT

April 11, 2006

Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:

http://www.microsoft.com/technet/security/Bulletin/ms06-Apr.mspx

Critical Bulletins:

Cumulative Security Update for Internet Explorer (912812)

http://www.microsoft.com/technet/security/Bulletin/ms06-013.mspx

Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)

http://www.microsoft.com/technet/security/Bulletin/ms06-014.mspx

Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)

http://www.microsoft.com/technet/security/Bulletin/ms06-015.mspx

Important Bulletins:

Cumulative Security Update for Outlook Express (911567)

http://www.microsoft.com/technet/security/Bulletin/ms06-016.mspx

Moderate Bulletins:

Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)

http://www.microsoft.com/technet/security/Bulletin/ms06-017.mspx

Re-Released Bulletins:

Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)

http://www.microsoft.com/technet/security/Bulletin/ms06-005.mspx