As part of Microsoft’s routine, monthly security update cycle, today they released two new security bulletins that affects Windows system.
Note: There may be latency issues due to replication, if the page does not display keep refreshing.

Critical

  • MS08-001 – Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)

Important

  • MS08-002 – Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)

Microsoft also released Non-Security, High-Priority Updates on MU, WU, and WSUS:
Five non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Two non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.

Microsoft Windows Malicious Software Removal Tool
Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

References:
January 2008 Security Bulletin Summary: http://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx
Security Bulletin for end-users: http://www.microsoft.com/protect/computer/updates/bulletins/200801.mspx
MSRC Blog: http://blogs.technet.com/msrc/archive/2008/01/08/january-2008-monthly-release.aspx

Support:
Call 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. International users should go to http://support.microsoft.com/common/international.aspx

Security Bulletin Webcast:
Microsoft will host a Webcast tomorrow. The webcast focuses on addressing your questions and concerns about the security bulletins. Therefore, most of the live webcast is aimed at giving you the opportunity to ask questions and get answers from their security experts.

Update sources:
Microsoft NEVER send security updates via e-mail. As always, download the updates only from the vendors’ website – visit Windows Update and Office Update or Microsoft Update. You may also get the updates thru Automatic Updates functionality in Windows.
Security updates are available on ISO-9660 DVD5 image files from the Microsoft Download Center. For more information, please see http://support.microsoft.com/kb/913086
Note: Don’t be a victim of spoofed emails. Read “How to tell whether a security e-mail message is really from Microsoft

Recommendations:
Microsoft advises customers to install the latest product releases, security updates, and service packs to remain as secure as possible. Older products, such as Microsoft Windows NT 4.0, may not meet today’s more demanding security requirements. It may not be possible for Microsoft to provide security updates for older products. More info at Microsoft Support Lifecycle website.

Report Security Vulnerability to Microsoft:
If you have found a Microsoft security vulnerability, please report: https://www.microsoft.com/technet/security/…in/alertus.aspx

Tool:
Check your system for missing or misconfigured patches using Microsoft Baseline Security Analyzer (MBSA).
For 3rd Party tools in scanning your computer for missing updates, hotfixes, end of life or out-dated version, please see the list at http://www.dozleng.com/updates/index.php?showtopic=13587

Advertisements