Microsoft is set to release four “Important” updates today as the July security patches are pushed to users across the globe. SQL Server and Exchange, as well as a pair of Windows patches, are on the agenda. On top of this, the Malicious Software Removal Tool, which made headlines on its own last month, is getting a monthly update as well.
It\'s that time again...Microsoft releases July patches.(IMG:J.Anderson)
If you follow the release news, then you know the Advance Notification emails went out just before the holiday weekend. The item that stood out was “Windows 1,” or the bulletin that was listed as “Important,” but addresses a Remote Code Execution issue. Because of this bulletin, what some in the press are accusing Microsoft of is setting a lower priority to avoid negative press. The reasoning for the accusation, is that Remote Code Execution is usually “Critical,” and that “Windows 1” affects Vista with SP1 on 32-bit and 64-bit systems.
Before the mud starts to sling and there is panic in the streets, remember that the object is not to seriously watch the ratings. The object is to patch your systems and to install all of the patches that apply to your network or computer. However, it will be interesting to see why Microsoft listed something as Remote Code Execution as “Important” when that is something most would claim as “Critical,” no matter how difficult it is to pull off.
Windows XP, 32-bit and 64-bit, Home and Professional with SP2 or SP3, is getting a patch to deal with Spoofing. The Spoofing patch will also be pushed to Windows Server 2000, 2003, and 2008.
Microsoft SQL Server on Windows Server 2000, 2003, and 2008 will get a separate patch as well dealing with privilege elevation. This patch is likely related to Microsoft Security Advisory 954462, updated June 25, that addresses “recent escalation in a class of attacks targeting Web sites that use Microsoft ASP and ASP.NET.” Also, this MSSA was the one that introduced three tools that were released to deal with SQL Injection attacks on ASP driven websites. SQL Server 7.0 Service Pack 4, SQL Server 2000 for Itanium systems and all versions of SQL Server 2005 SP2, are included in the affected list for this patch. In addition, Microsoft Data Engine 1.0 SP4, SQL Server 2000 Desktop Engine SP4, SQL Server 2005 Express Edition SP2, and SQL Server 2005 Express Edition with Advanced Services SP2 are affected as well.
The final patch, is one that almost every IT department will take note of. Microsoft Exchange Server will get a patch to address an elevation-of-privilege attack. As you know, Exchange is center piece of most networks, as it controls company email.
Microsoft is also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS), as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS).
July Notification list:http://www.microsoft.com/technet/security/bulletin/ms08-jul.mspx
Non-Security releases:http://support.microsoft.com/kb/894199/en-us
View blog reactions
Add your comment (no registration required)
page: 1
Mike BJul 10th, 2008 - 11:28:45
Once again Microsoft has delivered an update that trashes a third party firewall in this case Zone Alarm both free and professional versions. To say that several thousands of Zone Alarm users are less than impressed is an understatement.
Report this comment
Advertising
Mike BJul 10th, 2008 - 11:28:45
Once again Microsoft has delivered an update that trashes a third party firewall in this case Zone Alarm both free and professional versions.
To say that several thousands of Zone Alarm users are less than impressed is an understatement.
Report this comment