March 2008 - Posts
Received March 14, 2008, 5:46 am CST
********************************************************************
Title: Microsoft Security Bulletin Re-Release
Issued: March 13, 2008
********************************************************************
Summary
=======
The following bulletin has undergone a major revision increment.
Please see the bulletin for more detail.
* MS08-014 - Critical
Bulletin Information:
=====================
* MS08-014 - Critical
- http://www.microsoft.com/technet/security/bulletin/ms08-014.mspx
- Reason for Revision: FAQ added about known issues relating to
users of Excel 2003 Service Pack 2 or Service Pack 3
- Originally posted: March 11, 2008
- Updated: March 13, 2008
- Bulletin Severity Rating: Critical
- Version: 2.0
Received March 12, 2008, 9:58 pm CST
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: March 12, 2008
********************************************************************
Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.
* MS08-017 - Critical
* MS08-016 - Critical
* MS08-015 - Critical
* MS08-014 - Critical
Bulletin Information:
=====================
* MS08-017 - Critical
- http://www.microsoft.com/technet/security/bulletin/ms08-017.mspx
- Reason for Revision: V1.1 (March 12, 2008): Bulletin updated to
reflect new download link for Microsoft Office Web Components
2000 for BizTalk Server 2000 and 2002. Also corrected the
registry key for verifying the update for ISA Server.
- Originally posted: March 11, 2008
- Updated: March 12, 2008
- Bulletin Severity Rating: Critical
- Version: 1.1
* MS08-016 - Critical
- http://www.microsoft.com/technet/security/bulletin/ms08-016.mspx
- Reason for Revision: V1.1 (March 12, 2008): Bulletin updated. FAQ
added to clarify the reason why a non-vulnerable version of
Office will be offered this update. Also removed MS07-015 as
a replaced bulletin for Microsoft Office XP Service Pack 3.
- Originally posted: March 11, 2008
- Updated: March 12, 2008
- Bulletin Severity Rating: Critical
- Version: 1.1
* MS08-015 - Critical
- http://www.microsoft.com/technet/security/bulletin/ms08-015.mspx
- Reason for Revision: V1.1 (March 12, 2008): Bulletin updated. FAQ
added to clarify the reason why a non-vulnerable version of
Office will be offered this update. Also updated the
vulnerability FAQs and the file information tables for
Outlook 2000 and Outlook 2003.
- Originally posted: March 11, 2008
- Updated: March 12, 2008
- Bulletin Severity Rating: Critical
- Version: 1.1
* MS08-014 - Critical
- http://www.microsoft.com/technet/security/bulletin/ms08-014.mspx
- Reason for Revision: V1.1 (March 12, 2008): Bulletin updated. FAQ
added to clarify the reason why a non-vulnerable version of
Office will be offered this update.
- Originally posted: March 11, 2008
- Updated: March 12, 2008
- Bulletin Severity Rating: Critical
- Version: 1.1
In an effort to standardize our workstation environment here, I have been developing a bank of application test pc's utilizing VMWare. It has provided a faster method of refreshing a machine to baseline so that either an application test could progress to the next stage or a new test could begin. I am a proponent of baseline testing as I believe it to be one of the few valid ways to ensure an application will function correction in most situations.
During the creation of our test bank, I utilized a WinPE boot image deployed via PXe and WDS. One of the annoying situations I encountered involved a VM booting into the WinPE image via PXe, but then having no network information once the image was fully loaded. I knew that the VM itself had network connectivity as it just loaded the image through the network, yet here it sat, showing me several blank lined of ipconfig information.
Here was the setup:
I really don't need to hand out any more details than what I describe above as the problem is listed. The proper VMWare network drivers had already been injected into the WinPE image, which left my configuration as the culprit in my mind. The solution to the problem was actually quite simple, although it took some time to figure it out. WinPE is a Vista-based product, producing boot images which are also "Vista-ish." VMWare was not recognizing any network configuration because I had set it up as an XP OS, considering I was about to load Win XP on the instance. C
The entire process, although educational for me, was quite frustrating, as I have been using the boot image for several months with success. Configuring the VM instance as a Vista VM solved the issue.
Granted, one of the most underutilized tools within Windows XP (in my opinion) is the Files and Settings Transfer (F.A.S.T) Wizard. I find it to be one of the easier ways to migrate user settings. There is one particular error message which may cause people some frustration, though, and hopefully, the following piece of information may serve them well.
This error message can be caused by mismatched versions of migwiz.exe.
"The location that you specified does not contain stored information. Please type a valid path in folder box. If you entered a path to a removeable disk the disk must be in the drive."
Checking the versions on the "old" and "new" computers is the best place to start. Most likely, the version on the "old" computer is newer than that on the "new" computer. Under this circumstance, it is most likely that the installation of the old settings will fail. It is best to have both computers with the same version of migwiz.exe. Updates may be in order.
The latest version of migwiz.exe (currently 5.1.2600.2665) can be found here:
http://support.microsoft.com/?kbid=896344
Received Tuesday, March 11, at 5:07 pm CST.
********************************************************************
Microsoft Security Bulletin Summary for March 2008
Issued: March 11, 2008
********************************************************************
This bulletin summary lists security bulletins released for
March 2008.
The full version of the Microsoft Security Bulletin Summary for
March 2008 can be found at
http://www.microsoft.com/technet/security/bulletin/ms08-mar.mspx.
With the release of the bulletins for March 2008, this bulletin
summary replaces the bulletin advance notification originally issued
on March 6, 2008. For more information about the bulletin advance
notification service, see
http://www.microsoft.com/technet/security/Bulletin/advance.mspx.
To receive automatic notifications whenever Microsoft Security
Bulletins are issued, subscribe to Microsoft Technical Security
Notifications on
http://www.microsoft.com/technet/security/bulletin/notify.mspx.
Microsoft will host a webcast to address customer questions on
these bulletins on Wednesday, March 12, 2008,
at 11:00 AM Pacific Time (US & Canada). Register for the March
Security Bulletin Webcast at
http://www.microsoft.com/technet/security/bulletin/summary.mspx.
Microsoft also provides information to help customers prioritize
monthly security updates with any non-security, high-priority
updates that are being released on the same day as the monthly
security updates. Please see the section, Other Information.
Critical Security Bulletins
===========================
Microsoft Security Bulletin MS08-014
- Affected Software:
- Microsoft Office Excel 2000 Service Pack 3
- Microsoft Office Excel 2002 Service Pack 3
- Microsoft Office Excel 2003 Service Pack 2
- Microsoft Office Excel Viewer 2003
- Microsoft Office Excel 2007
- Microsoft Office Compatibility Pack for Word, Excel, and
PowerPoint 2007 File Formats
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Impact: Remote Code Execution
- Version Number: 1.0
Microsoft Security Bulletin MS08-015
- Affected Software:
- Microsoft Office Outlook 2000 Service Pack 3
- Microsoft Office Outlook 2002 Service Pack 3
- Microsoft Office Outlook 2003 Service Pack 2
- Microsoft Office Outlook 2003 Service Pack 3
- Microsoft Office Outlook 2007
- Impact: Remote Code Execution
- Version Number: 1.0
Microsoft Security Bulletin MS08-016
- Affected Software:
- Microsoft Office 2000 Service Pack 3
- Microsoft Office XP Service Pack 3
- Microsoft Office 2003 Service Pack 2
- Microsoft Office Excel Viewer 2003
- Microsoft Office Excel Viewer 2003 Service Pack 3
- Microsoft Office 2004 for Mac
- Impact: Remote Code Execution
- Version Number: 1.0
Microsoft Security Bulletin MS08-017
- Affected Software:
- Microsoft Office Web Components 2000 (KB931660)
- Microsoft Office Web Components 2000 (KB932031)
- Microsoft Office Web Components 2000 (KB933367)
- Microsoft Office Web Components 2000 (KB933369)
- Microsoft Office Web Components 2000 (KB939714) - associated
with Microsoft BizTalk Server 2000
- Microsoft Office Web Components 2000 (KB939714) - associated
with Microsoft BizTalk Server 2002
- Microsoft Office Web Components 2000 (KB941305)
- Microsoft Office Web Components 2000 (KB948257)
- Impact: Remote Code Execution
- Version Number: 1.0
Other Information
=================
Microsoft Windows Malicious Software Removal Tool:
==================================================
Microsoft has released an updated version of the Microsoft Windows
Malicious Software Removal Tool on Windows Update, Microsoft Update,
Windows Server Update Services, and the Download Center.
Non-Security, High-Priority Updates on MU, WU, and WSUS:
========================================================
For this month:
* Microsoft has released two non-security,
high-priority updates on Microsoft Update (MU) and
Windows Server Update Services (WSUS).
* Microsoft has released three non-security,
high-priority update for Windows on Windows Update (WU) and
WSUS.
Note that this information pertains only to non-security,
high-priority updates on Microsoft Update, Windows Update,
and Windows Server Update Services released on the same day as the
Security Bulletin Summary. Information will not be provided about
non-security updates released on other days.
For those of you who follow my blog, I want to apologize for my lack of posting. Our company has a fledgling IT department and I was tasked with revamping the desktop management environment. Needless to say, my one staff member and I have been overloaded with work and I have flat out not had time to post.
As a door prize, I'm going to post some of the photos I have recently taken during my time here and in our Santa Monica office. I've been a photographer for 25+ years and use it as my "relaxing time."
I will be back to technical posting soon. Hope everyone is doing well!