News

Wednesday, July 09, 2008

Security UPDATE Alert: 4 Microsoft Security Bulletins for July 2008

WIN_SECURITY UPDATE_
A Penton Media Property
July 9, 2008


If you want to view this on the web go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-10401-803-202-62923-1068089-0-0-0-1-2-207

----------------------------------------
ADVERTISEMENT
USA.net

Leverage Exchange and SharePoint Using Hosted Services

Business decision need to be based on current and accurate data; this
means businesses have a need for a comprehensive messaging and
collaboration solution to keep everyone operating in sync. View this
on-demand web seminar to see how a business of any size can
strategically acquire the messaging and collaboration infrastructure of
a Fortune 50 enterprise with the right hosting provider.

http://ct.email.windowsitpro.com/rd/cts?d=33-10401-803-202-62923-1068090-0-0-0-1-2-207
----------------------------------------

ALERT

--Security UPDATE Alert: 4 Microsoft Security Bulletins for July 2008
by Orin Thomas, MVP Windows Security
Microsoft released four security updates for July, rating all of them as
important. Here's a brief description of each update; for more
information, go to

http://ct.email.windowsitpro.com/rd/cts?d=33-10401-803-202-62923-1068091-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-10401-803-202-62923-1068092-0-0-0-1-2-207)

MS08-037: Vulnerabilities in DNS Could Allow Spoofing

This vulnerability deals with the possible spoofing of the Windows DNS
client and server. The most severe consequence from an attack leveraging
this vulnerability is network traffic being redirected by the attacker
from a legitimate host to the attacker's own systems. This bulletin
replaces no previous bulletins.

Applies to: Windows Server 2003, Windows XP, and Windows 2000 DNS
clients; Windows Server 2008, Windows Server 2003, and Windows 2000 DNS
servers

Recommendation: Microsoft rates this update as important. The
vulnerabilities have been privately rather than publically reported. You
should test and deploy this update as a part of your organization's
regular patch management strategy.

MS08-038: Vulnerability in Windows Explorer Could Allow Remote Code
Execution

The attack vector for this vulnerability is a specially crafted
saved-search file. The most severe consequence from an attack leveraging
this vulnerability is an attacker taking complete control of an affected
system. This bulletin does not replace any previous security bulletins.

Applies to: Windows Server 2008 and Windows Vista

Recommendation: Microsoft rates this update as important; however, the
vulnerability was publically disclosed and could result in an attacked
system being completely compromised. Although there were no critical
bulletins released this month, you should test and deploy this update as
a part of your organization's accelerated patch management strategy.

MS08-039: Vulnerability in Outlook Web Access for Exchange Server Could
Allow Elevation of Privilege

Both of the vulnerabilities addressed by this update deal with
cross-site scripting attacks against Outlook Web Access (OWA) clients
connecting to OWA on Exchange Server 2007 and Exchange Server 2003. The
most severe consequence from an attack leveraging this vulnerability is
elevation of privilege, allowing the attacker to perform any action
within an individual client's OWA session. This bulletin replaces
previous bulletin MS07-026.

Applies to: Exchange Server 2007 and Exchange Server 2003

Recommendation:
Microsoft rates this update as important. If your organization relies
heavily on OWA, you should test and deploy this update as a part of your
organization's regular patch management strategy.

MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation
of Privilege

This update addresses four vulnerabilities that have been privately
disclosed to Microsoft. The most severe consequence from an attack
leveraging one of the vulnerabilities addressed by this bulletin is that
an attacker could execute code and take complete control of an affected
server, thus being able to install programs; view, change, or delete
data; and create new accounts with administrative rights. This bulletin
replaces no previous bulletins.

Applies to: SQL Server 2005, SQL Server 2000, and SQL Server 7.0

Recommendation: Although Microsoft rates this update as important, given
the critical nature of SQL Server to many organizations and the possible
leveraging of these vulnerabilities to take complete control of a
database server (though admittedly under a very specific set of
circumstances), you should thoroughly test and deploy this update as a
part of your organization's accelerated patch management strategy.


CONTACT US
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).

http://ct.email.windowsitpro.com/rd/cts?d=33-10401-803-202-62923-1068093-0-0-0-1-2-207

http://ct.email.windowsitpro.com/rd/cts?d=33-10401-803-202-62923-1068094-0-0-0-1-2-207

You are subscribed to this newsletter as boy.blogger@gmail.com

Manage your Security UPDATE subscription at
http://ct.email.windowsitpro.com/rd/cts?d=33-10401-803-202-62923-1068095-0-0-0-1-2-207.

To unsubscribe:
http://ct.email.windowsitpro.com/rd/cts?d=33-10401-803-202-62923-1068096-0-0-0-1-2-207&list_id=803&email=boy.blogger@gmail.com&message_id=10401

Be sure to add Security_UPDATE@email.windowsitpro.com
to your spam filter's list of allowed senders.

To contact us:
About Security UPDATE content -- mailto:letters@windowsitpro.com
About technical questions -- http://ct.email.windowsitpro.com/rd/cts?d=33-10401-803-202-62923-1068097-0-0-0-1-2-207

About your product news -- mailto:products@windowsitpro.com
About your subscription -- mailto:windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- mailto:salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://ct.email.windowsitpro.com/rd/cts?d=33-10401-803-202-62923-1068098-0-0-0-1-2-207

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2008, Penton Media, Inc. All rights reserved.

No comments:

Blog Archive