Microsoft security updates from March 2009
• MS09-006 - addresses a vulnerability in Microsoft Windows (KB 958690)
• MS09-007 - addresses a vulnerability in Microsoft Windows (KB 960225)
• MS09-008 - addresses a vulnerability in Microsoft Windows Server (KB 962238)
for more details please refer to the Microsoft Link below:
http://www.microsoft.com/protect/computer/updates/bulletins/200903.mspx
Keep Update!
cheers
Alessandro
URGENT Security Update for Internet Explorer
Security Update urgent for Internet Explorer if you don't already have, I would say that yesterday evening was the case of a security update urgent for all versions of the Internet Explorer. The updating is on a vulnerability of type "remote code execution", which allows a remote attacker to obtain the privileges user that has done logon on the machine. The protected mode for Internet Explorer 7.0 and 8.0 for users of domain with privileges reduced the level of Risk, but whereas there are a series of websites on which is already loaded this exploit it is suggested to do immediate update for clients and servers, through Windows Update, Microsoft Windows Update or Server Update Services (wsus).
Download Information
- If you want to have more information about this please visit Security Bulletin MS08-78.
- For RTM version of Internet Explorer, from Internet Explorer 5.01 SP4 to Internet Explorer 7.0 , you can download single package here.
- For Beta version of Internet Explorer, you can download single update package here.
Microsoft Security Bulletin MS08-067 – URGENT
I wanted to call your attention to a critical, out-of-band Microsoft Security Bulletin released yesterday.
This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Please check the links below for additional details:
http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx
http://blogs.technet.com/msrc/archive/2008/10/23/ms08-067-released.aspx
Windows Firewall with Advanced Security Design Guide
Windows Firewall with Advanced Security in Windows Vista® and Windows Server® 2008 is a host firewall that helps secure the computer in two ways.
This guide from Microsoft helps you design Windows Firewall with Advanced Security settings and rules that meet your goals for network security. I suggest you to read this document before planning or implementing a security design in customer environment.
From Microsoft forum: Windows XP SP3 was released
At first Many thanks to Chris Keroack Release Manager, Windows XP Service Pack 3 Windows Serviceability for this article. Yesterday Microsoft announced the release of Windows XP Service Pack 3 (SP3) to Windows Update and Microsoft Download Center. We also resumed automatic distribution of Windows Vista SP1. We will begin automatically distributing Windows XP SP3 in early summer. As mentioned last week, Microsoft has uncovered a compatibility issue between Microsoft Dynamics Retail Management System (RMS) and both Windows XP SP3 and Windows Vista Service Pack 1 (SP1). To help protect customers, we put filtering in place to prevent Windows Update from offering both service packs to systems running Microsoft Dynamics RMS. We are still testing a fix and are working to make it publicly available via Microsoft Download Center this month. The Windows XP Support Forum has pointers to standard information about Windows XP Service Pack 3. Also, the Windows XP SP3 TechNet portal is now updated as well.
---------------------------------- Personal Note:
Personally I think that one of the best improve of this pack is the the integration that will permit integration with Windows Server 2008 infrastructure, specially about NAP integration that for me is a great strategy that Microsoft has created for securing business networks. If you need more information about NAP, you could refer to any posts that I've published (links below)in my blog where is possible to find quickly link to Microsoft site about it.
Links: http://blog.caloni.net/post/475686/Network+Access+Protection+(NAP)+for+Windows+Server+2008
Download ISA Server 2006 180-Day Trial Version
ISA Server 2006 is the new version of Microsoft security platform that provides value to IT managers, security administrators, and information security professionals ISA Server 2006 can help you:
• Protect the corporate network from Web-based threats. ISA Server 2006 was engineered to deliver stronger security to manage and protect your corporate network from Internet based threats.
• Connect and secure branch offices. ISA Server 2006 enables secure and optimized branch office connectivity with site-to-site VPN, HTTP traffic compression and Web content caching.
• Securely publish content for Remote Access. ISA Server 2006 makes it easy to publish web applications, such as SharePoint sites and Outlook Web Access, for secure and easy remote access.
Registration is needed to download evaluation version from Microsoft site, and at this page you have also requirements evaluation guide and upgrade guide…. Secure your environment it’s needed!
Microsoft Security Assessment Tool 3.5 (International)
Overview
The Microsoft Security Assessment Tool 3.5 is the revised version of the original Microsoft Security Risk Self-Assessment Tool (MSRSAT), released in 2004 and the Microsoft Security Assessment Tool 2.0 released in 2006. Security issues have evolved since 2004 so additional questions and answers were needed to ensure you had a comprehensive toolset to become more aware of the evolving security threat landscape that could impact your organization.
The tool employs a holistic approach to measuring your security posture by covering topics across people, process, and technology.