13 security bulletins next Tuesday!

Posted by bink on February 5 2010, 2:23 AM. Posted in Security.

Bulletin 1

- Affected Software:

- Microsoft Windows 2000 Service Pack 4

- Windows XP Service Pack 2 and Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2

- Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems

- Windows 7 for x64-based Systems

- Windows Server 2008 R2 for x64-based Systems(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems

- Impact: Remote Code Execution

Bulletin 2

- Affected Software:

- Microsoft Windows 2000 Service Pack 4

- Windows XP Service Pack 2 and Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Impact: Remote Code Execution

Bulletin 3

- Affected Software:

- Microsoft Windows 2000 Service Pack 4

- Windows XP Service Pack 2 and Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2

- Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems

- Windows 7 for x64-based Systems

- Windows Server 2008 R2 for x64-based Systems (Windows Server 2008 R2 Server Core installation not affected)

- Windows Server 2008 R2 for Itanium-based Systems

- Impact: Remote Code Execution

Bulletin 4

- Affected Software:

- Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2

- Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

- Impact: Remote Code Execution

 

Bulletin 6

- Affected Software:

- Microsoft Windows 2000 Service Pack 4 - Windows XP Service Pack 2 and Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2

- Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems

- Windows 7 for x64-based Systems

- Windows Server 2008 R2 for x64-based Systems (Windows Server 2008 R2 Server Core installation not affected)

- Windows Server 2008 R2 for Itanium-based Systems

- Impact: Remote Code Execution

Important Security Bulletins:

Bulletin 7

- Affected Software:

- Microsoft Office XP Service Pack 3

- Microsoft Office 2004 for Mac

- Impact: Remote Code Execution

Bulletin 8

- Affected Software:

- Microsoft Office PowerPoint 2002 Service Pack 3

- Microsoft Office PowerPoint 2003 Service Pack 3

- Microsoft Office 2004 for Mac

- Impact: Remote Code Execution

Bulletin 9

- Affected Software:

- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)

- Windows Server 2008 R2 for x64-based Systems (Windows Server 2008 R2 Server Core installation affected)

- Impact: Denial of Service

Bulletin 10

- Affected Software:

- Microsoft Windows 2000 Service Pack 4

- Windows XP Service Pack 2 and Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Impact: Elevation of Privilege

Bulletin 5

- Affected Software:

- Microsoft Windows 2000 Service Pack 4

- Windows XP Service Pack 2 and Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2

- Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems

- Windows 7 for x64-based Systems

- Windows Server 2008 R2 for x64-based Systems (Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems

- Impact: Remote Code Execution

Bulletin 11

- Affected Software:

- Microsoft Windows 2000 Server Service Pack 4

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)

- Impact: Denial of Service

Bulletin 12

- Affected Software:

- Microsoft Windows 2000 Service Pack 4

- Windows XP Service Pack 2 and Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2

- Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems

- Impact: Elevation of Privilege

Moderate Security Bulletins:

Bulletin 13

- Affected Software:

- Microsoft Windows 2000 Service Pack 4

- Windows XP Service Pack 2 and Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Impact: Remote Code Execution

Other Information:

Microsoft Windows Malicious Software Removal Tool:

Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Open security advisories

A summary of the three open Security Advisories so customers know what to expect on Tuesday:

· Advisory 980088, Vulnerability in Internet Explorer Could Allow Information Disclosure: this advisory was released yesterday (Feb 3). We do not have an update for this issue planned for the normal February bulletin release. However, this vulnerability only affects versions of windows older than Vista in their default configuration, and there is a “Fix It” available so customers in non-default configurations can protect themselves.

· Advisory 979682, Vulnerability in Windows Kernel Could Allow Elevation of Privilege: we are on track to release an update for this issue next Tuesday.

· Advisory 977544, Vulnerability in SMB Could Allow Denial of Service: we are still working on an update for this issue so it will not be addressed in the February bulletins. As a reminder, this issue cannot be used to allow an attacker to take control of a system remotely, but instead results in a system becoming unresponsive due to resource consumption.

We are not aware of any attacks on these vulnerabilities and continue to encourage customers to implement the mitigations and workarounds outlined in the advisories.

Windows versions end of support:

Important information about Windows versions that are reaching the end of their product lifecycle. Customers using these versions should consider upgrading before support for these products end as, once they do, we will no longer provide security updates:

  • Windows XP Service Pack 2 will no longer be supported as of July 13, 2010. Many customers are still on this version, so we encourage upgrading to Service Pack 3 or to Windows 7 as soon as possible.
  • Windows Vista RTM will no longer be supported as of April 13, 2010. Service Pack 1 will still be supported until July 12, 2011 but we recommend customers update to Service Pack 2 or Windows 7 at this time.
  • Extended support for Windows 2000 will also be retired on July 13, 2010. At that time, we will no longer provide security or any other updates for Windows 2000.