Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Microsoft January 2008 Security Bulletins

microsoft.public.windowsupdate






Speedup My PC
Reply
  #1 (permalink)  
Old 01-08-2008
Donna Buenaventura
 

Posts: n/a
Microsoft January 2008 Security Bulletins
Microsoft's January 2008 Security Bulletins

As part of Microsoft's routine, monthly security update cycle, today they
released two new security bulletins that affects Windows system.
Note: There may be latency issues due to replication, if the page does not
display keep refreshing.

Critical
MS08-001 - Vulnerabilities in Windows TCP/IP Could Allow Remote Code
Execution (941644)
http://www.microsoft.com/technet/sec.../MS08-001.mspx

Important
MS08-002 - Vulnerability in LSASS Could Allow Local Elevation of Privilege
(943485)
http://www.microsoft.com/technet/sec.../MS08-002.mspx

Microsoft also released Non-Security, High-Priority Updates on MU, WU, and
WSUS:
- Five non-security, high-priority updates on Microsoft Update (MU) and
Windows Server Update Services (WSUS).
- Two non-security, high-priority updates for Windows on Windows Update (WU)
and WSUS.

Microsoft Windows Malicious Software Removal Tool
Microsoft has released an updated version of the Microsoft Windows Malicious
Software Removal Tool on Windows Update, Microsoft Update, Windows Server
Update Services, and the Download Center.

References:
January 2008 Security Bulletin Summary:
http://www.microsoft.com/technet/sec.../ms08-jan.mspx
Security Bulletin for end-users:
http://www.microsoft.com/protect/com...ns/200801.mspx
MSRC Blog: http://blogs.technet.com

Support:
Call 1-866-PCSAFETY. There is no charge for support calls that are
associated with security updates. International users should go to
http://support.microsoft.com/common/international.aspx

Security Bulletin Webcast:
Microsoft will host a Webcast tomorrow. The webcast focuses on addressing
your questions and concerns about the security bulletins. Therefore, most of
the live webcast is aimed at giving you the opportunity to ask questions and
get answers from their security experts.
http://msevents.microsoft.com/CUI/Ev...&Culture=en-US

Regards,
Donna Buenaventura
Windows Security MVP
http://www.dozleng.com

Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 01-08-2008
marktime
 

Posts: n/a
RE: Microsoft January 2008 Security Bulletins
Could you - or someone - explain why WU is offering me

KB935509

Which is designated for Vista Ultimate & Vista Enterprise only?

I'm using Vista Home Premium (32) and WU is offering this Update along with
6 others today.

What happens if I install this Update on a system that it shouldn't be
offered to? Should I uncheck this Update and proceed with the others?

Thanks.



"Donna Buenaventura" wrote:

> Microsoft's January 2008 Security Bulletins
>
> As part of Microsoft's routine, monthly security update cycle, today they
> released two new security bulletins that affects Windows system.
> Note: There may be latency issues due to replication, if the page does not
> display keep refreshing.
>
> Critical
> MS08-001 - Vulnerabilities in Windows TCP/IP Could Allow Remote Code
> Execution (941644)
> http://www.microsoft.com/technet/sec.../MS08-001.mspx
>
> Important
> MS08-002 - Vulnerability in LSASS Could Allow Local Elevation of Privilege
> (943485)
> http://www.microsoft.com/technet/sec.../MS08-002.mspx
>
> Microsoft also released Non-Security, High-Priority Updates on MU, WU, and
> WSUS:
> - Five non-security, high-priority updates on Microsoft Update (MU) and
> Windows Server Update Services (WSUS).
> - Two non-security, high-priority updates for Windows on Windows Update (WU)
> and WSUS.
>
> Microsoft Windows Malicious Software Removal Tool
> Microsoft has released an updated version of the Microsoft Windows Malicious
> Software Removal Tool on Windows Update, Microsoft Update, Windows Server
> Update Services, and the Download Center.
>
> References:
> January 2008 Security Bulletin Summary:
> http://www.microsoft.com/technet/sec.../ms08-jan.mspx
> Security Bulletin for end-users:
> http://www.microsoft.com/protect/com...ns/200801.mspx
> MSRC Blog: http://blogs.technet.com
>
> Support:
> Call 1-866-PCSAFETY. There is no charge for support calls that are
> associated with security updates. International users should go to
> http://support.microsoft.com/common/international.aspx
>
> Security Bulletin Webcast:
> Microsoft will host a Webcast tomorrow. The webcast focuses on addressing
> your questions and concerns about the security bulletins. Therefore, most of
> the live webcast is aimed at giving you the opportunity to ask questions and
> get answers from their security experts.
> http://msevents.microsoft.com/CUI/Ev...&Culture=en-US
>
> Regards,
> Donna Buenaventura
> Windows Security MVP
> http://www.dozleng.com
>

Reply With Quote
  #3 (permalink)  
Old 01-08-2008
Gis Bun
 

Posts: n/a
RE: Microsoft January 2008 Security Bulletins
Since you have the option at any time to "upgrade" to these versions, I
suspect MS is putting them in as preventive maintenance.

This is one of 3 (?) updates that will come out prior to SP1 that will be
released as prerequisites.

"marktime" wrote:

> Could you - or someone - explain why WU is offering me
>
> KB935509
>
> Which is designated for Vista Ultimate & Vista Enterprise only?
>
> I'm using Vista Home Premium (32) and WU is offering this Update along with
> 6 others today.
>
> What happens if I install this Update on a system that it shouldn't be
> offered to? Should I uncheck this Update and proceed with the others?
>
> Thanks.
>
>
>
> "Donna Buenaventura" wrote:
>
> > Microsoft's January 2008 Security Bulletins
> >
> > As part of Microsoft's routine, monthly security update cycle, today they
> > released two new security bulletins that affects Windows system.
> > Note: There may be latency issues due to replication, if the page does not
> > display keep refreshing.
> >
> > Critical
> > MS08-001 - Vulnerabilities in Windows TCP/IP Could Allow Remote Code
> > Execution (941644)
> > http://www.microsoft.com/technet/sec.../MS08-001.mspx
> >
> > Important
> > MS08-002 - Vulnerability in LSASS Could Allow Local Elevation of Privilege
> > (943485)
> > http://www.microsoft.com/technet/sec.../MS08-002.mspx
> >
> > Microsoft also released Non-Security, High-Priority Updates on MU, WU, and
> > WSUS:
> > - Five non-security, high-priority updates on Microsoft Update (MU) and
> > Windows Server Update Services (WSUS).
> > - Two non-security, high-priority updates for Windows on Windows Update (WU)
> > and WSUS.
> >
> > Microsoft Windows Malicious Software Removal Tool
> > Microsoft has released an updated version of the Microsoft Windows Malicious
> > Software Removal Tool on Windows Update, Microsoft Update, Windows Server
> > Update Services, and the Download Center.
> >
> > References:
> > January 2008 Security Bulletin Summary:
> > http://www.microsoft.com/technet/sec.../ms08-jan.mspx
> > Security Bulletin for end-users:
> > http://www.microsoft.com/protect/com...ns/200801.mspx
> > MSRC Blog: http://blogs.technet.com
> >
> > Support:
> > Call 1-866-PCSAFETY. There is no charge for support calls that are
> > associated with security updates. International users should go to
> > http://support.microsoft.com/common/international.aspx
> >
> > Security Bulletin Webcast:
> > Microsoft will host a Webcast tomorrow. The webcast focuses on addressing
> > your questions and concerns about the security bulletins. Therefore, most of
> > the live webcast is aimed at giving you the opportunity to ask questions and
> > get answers from their security experts.
> > http://msevents.microsoft.com/CUI/Ev...&Culture=en-US
> >
> > Regards,
> > Donna Buenaventura
> > Windows Security MVP
> > http://www.dozleng.com
> >

Reply With Quote
  #4 (permalink)  
Old 01-08-2008
JPO
 

Posts: n/a
RE: Microsoft January 2008 Security Bulletins


"Gis Bun" wrote:

> Since you have the option at any time to "upgrade" to these versions, I
> suspect MS is putting them in as preventive maintenance.
>
> This is one of 3 (?) updates that will come out prior to SP1 that will be
> released as prerequisites.
>
> "marktime" wrote:
>
> > Could you - or someone - explain why WU is offering me
> >
> > KB935509
> >
> > Which is designated for Vista Ultimate & Vista Enterprise only?
> >
> > I'm using Vista Home Premium (32) and WU is offering this Update along with
> > 6 others today.
> >
> > What happens if I install this Update on a system that it shouldn't be
> > offered to? Should I uncheck this Update and proceed with the others?
> >
> > Thanks.
> >
> >
> >
> > "Donna Buenaventura" wrote:
> >
> > > Microsoft's January 2008 Security Bulletins
> > >
> > > As part of Microsoft's routine, monthly security update cycle, today they
> > > released two new security bulletins that affects Windows system.
> > > Note: There may be latency issues due to replication, if the page does not
> > > display keep refreshing.
> > >
> > > Critical
> > > MS08-001 - Vulnerabilities in Windows TCP/IP Could Allow Remote Code
> > > Execution (941644)
> > > http://www.microsoft.com/technet/sec.../MS08-001.mspx
> > >
> > > Important
> > > MS08-002 - Vulnerability in LSASS Could Allow Local Elevation of Privilege
> > > (943485)
> > > http://www.microsoft.com/technet/sec.../MS08-002.mspx
> > >
> > > Microsoft also released Non-Security, High-Priority Updates on MU, WU, and
> > > WSUS:
> > > - Five non-security, high-priority updates on Microsoft Update (MU) and
> > > Windows Server Update Services (WSUS).
> > > - Two non-security, high-priority updates for Windows on Windows Update (WU)
> > > and WSUS.
> > >
> > > Microsoft Windows Malicious Software Removal Tool
> > > Microsoft has released an updated version of the Microsoft Windows Malicious
> > > Software Removal Tool on Windows Update, Microsoft Update, Windows Server
> > > Update Services, and the Download Center.
> > >
> > > References:
> > > January 2008 Security Bulletin Summary:
> > > http://www.microsoft.com/technet/sec.../ms08-jan.mspx
> > > Security Bulletin for end-users:
> > > http://www.microsoft.com/protect/com...ns/200801.mspx
> > > MSRC Blog: http://blogs.technet.com
> > >
> > > Support:
> > > Call 1-866-PCSAFETY. There is no charge for support calls that are
> > > associated with security updates. International users should go to
> > > http://support.microsoft.com/common/international.aspx
> > >
> > > Security Bulletin Webcast:
> > > Microsoft will host a Webcast tomorrow. The webcast focuses on addressing
> > > your questions and concerns about the security bulletins. Therefore, most of
> > > the live webcast is aimed at giving you the opportunity to ask questions and
> > > get answers from their security experts.
> > > http://msevents.microsoft.com/CUI/Ev...&Culture=en-US
> > >
> > > Regards,
> > > Donna Buenaventura
> > > Windows Security MVP
> > > http://www.dozleng.com
> > >

Any reason none of these updates apply to my Vista Business 32bit system
with SP1RC?
Reply With Quote
  #5 (permalink)  
Old 01-08-2008
marktime
 

Posts: n/a
RE: Microsoft January 2008 Security Bulletins
Appreciate the reply. That possibility crossed my mind, but for whatever
reason it just doesn't seem right to me.

Why then would the KB article specifically state that KB935509 only applies
to Ultimate & Enterprise if it was to be offered to Home Premium as well, in
light of possible future upgrades?

Suffice to say; I don't trust WU very much. It's already offered me "updated
drivers" for audio components that did not match my system...



"Gis Bun" wrote:

> Since you have the option at any time to "upgrade" to these versions, I
> suspect MS is putting them in as preventive maintenance.
>
> This is one of 3 (?) updates that will come out prior to SP1 that will be
> released as prerequisites.
>
> "marktime" wrote:
>
> > Could you - or someone - explain why WU is offering me
> >
> > KB935509
> >
> > Which is designated for Vista Ultimate & Vista Enterprise only?
> >
> > I'm using Vista Home Premium (32) and WU is offering this Update along with
> > 6 others today.
> >
> > What happens if I install this Update on a system that it shouldn't be
> > offered to? Should I uncheck this Update and proceed with the others?
> >
> > Thanks.
> >


Reply With Quote
  #6 (permalink)  
Old 01-08-2008
antioch
 

Posts: n/a
Re: Microsoft January 2008 Security Bulletins

"marktime" <marktime@discussions.microsoft.com> wrote in message
news:B979462C-21D2-4089-9D0C-6EEFDC345386@microsoft.com...
> Appreciate the reply. That possibility crossed my mind, but for whatever
> reason it just doesn't seem right to me.
> Why then would the KB article specifically state that KB935509 only
> applies
> to Ultimate & Enterprise if it was to be offered to Home Premium as well,
> in
> light of possible future upgrades?
> Suffice to say; I don't trust WU very much. It's already offered me
> "updated
> drivers" for audio components that did not match my system...



See below posted a few hours ago by PA BEAR - a quote from MS.

http://windowsvistablog.com/blogs/wi...p1-prereq.aspx

It might explain some - but not why you have been offered this update.
Stick it in the Hidden Folder in WINUPDATE Home until you feel you need it -
then at least you will not keep getting pestered to install.

Antioch





Reply With Quote
  #7 (permalink)  
Old 01-09-2008
Robert Aldwinckle
 

Posts: n/a
Re: Microsoft January 2008 Security Bulletins
"marktime" <marktime@discussions.microsoft.com> wrote in message
news:93633494-F104-45FB-AE9F-2D772E31DF68@microsoft.com...
> Could you - or someone - explain why WU is offering me
>
> KB935509
>
> Which is designated for Vista Ultimate & Vista Enterprise only?



Perhaps more significantly it also says
<quote>
for versions of Windows Vista that include the Windows BitLocker
Drive Encryption feature
</quote>

Do you have that feature on your OS? If so, then your observation
might be explained as a simple documentation error. ; )


To try to determine what is actually happening you could
activate verbose logging (ref. KB902093)
and then trace the context with ProcMon.


>
> I'm using Vista Home Premium (32) and WU is offering this Update along with
> 6 others today.
>
> What happens if I install this Update on a system that it shouldn't be
> offered to? Should I uncheck this Update and proceed with the others?



Typically updates fail if their prerequisites or dependencies are missing.
Again, it might help to run the update with its verbose logging (if any)
to clarify exactly what it was trying to do and why it failed. And again,
running ProcMon concurrently could help supplement the context
of any log messages.

If you have to install Vista SP1 and that fails you could then take another
look at this one:

<qp>
Note This software update is a prerequisite for Windows Vista Service Pack 1 (SP1).
This update helps improve reliability when you install or remove Windows Vista SP1.
</qp>


Good luck

Robert Aldwinckle
---


>
> Thanks.
>
>
>
> "Donna Buenaventura" wrote:
>
>> Microsoft's January 2008 Security Bulletins


....


Reply With Quote
  #8 (permalink)  
Old 01-09-2008
MAP
 

Posts: n/a
Re: Microsoft January 2008 Security Bulletins
Donna Buenaventura wrote:
> Microsoft's January 2008 Security Bulletins
>
> As part of Microsoft's routine, monthly security update cycle, today
> they released two new security bulletins that affects Windows system.
> Note: There may be latency issues due to replication, if the page
> does not display keep refreshing.
>
> Critical
> MS08-001 - Vulnerabilities in Windows TCP/IP Could Allow Remote Code
> Execution (941644)
> http://www.microsoft.com/technet/sec.../MS08-001.mspx
>
> Important
> MS08-002 - Vulnerability in LSASS Could Allow Local Elevation of
> Privilege (943485)
> http://www.microsoft.com/technet/sec.../MS08-002.mspx
>
> Microsoft also released Non-Security, High-Priority Updates on MU,
> WU, and WSUS:
> - Five non-security, high-priority updates on Microsoft Update (MU)
> and Windows Server Update Services (WSUS).
> - Two non-security, high-priority updates for Windows on Windows
> Update (WU) and WSUS.
>
> Microsoft Windows Malicious Software Removal Tool
> Microsoft has released an updated version of the Microsoft Windows
> Malicious Software Removal Tool on Windows Update, Microsoft Update,
> Windows Server Update Services, and the Download Center.
>
> References:
> January 2008 Security Bulletin Summary:
> http://www.microsoft.com/technet/sec.../ms08-jan.mspx
> Security Bulletin for end-users:
> http://www.microsoft.com/protect/com...ns/200801.mspx
> MSRC Blog: http://blogs.technet.com
>
> Support:
> Call 1-866-PCSAFETY. There is no charge for support calls that are
> associated with security updates. International users should go to
> http://support.microsoft.com/common/international.aspx
>
> Security Bulletin Webcast:
> Microsoft will host a Webcast tomorrow. The webcast focuses on
> addressing your questions and concerns about the security bulletins.
> Therefore, most of the live webcast is aimed at giving you the
> opportunity to ask questions and get answers from their security
> experts.
> http://msevents.microsoft.com/CUI/Ev...&Culture=en-US
>
> Regards,
> Donna Buenaventura
> Windows Security MVP
> http://www.dozleng.com


Not needed for the home user.
http://www.ultimatewindowssecurity.com/

--
Mike Pawlak


Reply With Quote
  #9 (permalink)  
Old 01-09-2008
MedRxman
 

Posts: n/a
Re: Microsoft January 2008 Security Bulletins
will the lattency issue be a permanet issue if it does appear, or will the
issue resolve itself after refreshing?


"Donna Buenaventura" <dbuenaventura@mvps.org> wrote in message
news:4A157AEB-97DF-44BA-B394-0B1473417F56@microsoft.com...
> Microsoft's January 2008 Security Bulletins
>
> As part of Microsoft's routine, monthly security update cycle, today they
> released two new security bulletins that affects Windows system.
> Note: There may be latency issues due to replication, if the page does not
> display keep refreshing.
>
> Critical
> MS08-001 - Vulnerabilities in Windows TCP/IP Could Allow Remote Code
> Execution (941644)
> http://www.microsoft.com/technet/sec.../MS08-001.mspx
>
> Important
> MS08-002 - Vulnerability in LSASS Could Allow Local Elevation of Privilege
> (943485)
> http://www.microsoft.com/technet/sec.../MS08-002.mspx
>
> Microsoft also released Non-Security, High-Priority Updates on MU, WU, and
> WSUS:
> - Five non-security, high-priority updates on Microsoft Update (MU) and
> Windows Server Update Services (WSUS).
> - Two non-security, high-priority updates for Windows on Windows Update
> (WU) and WSUS.
>
> Microsoft Windows Malicious Software Removal Tool
> Microsoft has released an updated version of the Microsoft Windows
> Malicious Software Removal Tool on Windows Update, Microsoft Update,
> Windows Server Update Services, and the Download Center.
>
> References:
> January 2008 Security Bulletin Summary:
> http://www.microsoft.com/technet/sec.../ms08-jan.mspx
> Security Bulletin for end-users:
> http://www.microsoft.com/protect/com...ns/200801.mspx
> MSRC Blog: http://blogs.technet.com
>
> Support:
> Call 1-866-PCSAFETY. There is no charge for support calls that are
> associated with security updates. International users should go to
> http://support.microsoft.com/common/international.aspx
>
> Security Bulletin Webcast:
> Microsoft will host a Webcast tomorrow. The webcast focuses on addressing
> your questions and concerns about the security bulletins. Therefore, most
> of the live webcast is aimed at giving you the opportunity to ask
> questions and get answers from their security experts.
> http://msevents.microsoft.com/CUI/Ev...&Culture=en-US
>
> Regards,
> Donna Buenaventura
> Windows Security MVP
> http://www.dozleng.com
>



Reply With Quote
  #10 (permalink)  
Old 01-09-2008
marktime
 

Posts: n/a
Re: Microsoft January 2008 Security Bulletins
Had to look around a bit, but, interested parties who may also have been
erroneously offered KB935509 please see the replies here:

http://windowshelp.microsoft.com/com...2bb00accb9&p=1

It appears that those not running Vista Ultimate or Vista Enterprise should
not have been offered KB935509, but, supposedly, even installing it on
non-applicable systems will have no negative impact. That's what they say
anyway.

I can confirm that WU is no longer offering KB935509 for my Vista Home
Premium system.

Guess I'll go ahead with other Updates and hope that I'm not negatively
impacted by these updates as some others seem to have been. Fingers crossed.

Thanks to all who responded to my initial inquiry.



"Robert Aldwinckle" wrote:

> "marktime" <marktime@discussions.microsoft.com> wrote in message
> news:93633494-F104-45FB-AE9F-2D772E31DF68@microsoft.com...
> > Could you - or someone - explain why WU is offering me
> >
> > KB935509
> >
> > Which is designated for Vista Ultimate & Vista Enterprise only?

>
>
> Perhaps more significantly it also says
> <quote>
> for versions of Windows Vista that include the Windows BitLocker
> Drive Encryption feature
> </quote>
>
> Do you have that feature on your OS? If so, then your observation
> might be explained as a simple documentation error. ; )
>
>
> To try to determine what is actually happening you could
> activate verbose logging (ref. KB902093)
> and then trace the context with ProcMon.
>
>
> >
> > I'm using Vista Home Premium (32) and WU is offering this Update along with
> > 6 others today.
> >
> > What happens if I install this Update on a system that it shouldn't be
> > offered to? Should I uncheck this Update and proceed with the others?

>
>
> Typically updates fail if their prerequisites or dependencies are missing.
> Again, it might help to run the update with its verbose logging (if any)
> to clarify exactly what it was trying to do and why it failed. And again,
> running ProcMon concurrently could help supplement the context
> of any log messages.
>
> If you have to install Vista SP1 and that fails you could then take another
> look at this one:
>
> <qp>
> Note This software update is a prerequisite for Windows Vista Service Pack 1 (SP1).
> This update helps improve reliability when you install or remove Windows Vista SP1.
> </qp>
>
>
> Good luck
>
> Robert Aldwinckle
> ---
>
>
> >
> > Thanks.
> >
> >
> >
> > "Donna Buenaventura" wrote:
> >
> >> Microsoft's January 2008 Security Bulletins

>
> ....
>
>
>

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft January 2008 Security Bulletins Donna Buenaventura microsoft.public.windows.vista.security 2 01-09-2008 05:00
Security World: Microsoft prepares two security bulletins Steve Security News 0 01-04-2008 14:20
Security World: Microsoft releases four critical security bulletins Steve Security News 0 10-09-2007 23:00
Microsoft Security Bulletins for May 2007 Donna Buenaventura microsoft.public.windows.vista.security 5 05-09-2007 02:40
Security World: Microsoft releases 7 critical security bulletins Steve Security News 0 05-08-2007 20:47




All times are GMT +1. The time now is 10:03.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120