UPDATE: July 2008 Bulletin Monthly Release – SQL update detection issue



Hi,


Simon here again – I just wanted to follow up on the SQL update detection issue I mentioned below. We’ve released updated WU/MU detection and an updated WSUS catalog to resolve this issue.



Cheers,


Simon


Release Manager, MSRC


 


July 2008 Monthly Bulletin Release


 


I’m Simon, Release Manager in the MSRC.  The July 2008 release contains 4 new bulletins, all with maximum severities of “Important”.


 


MS08-037            Vulnerabilities in DNS Could Allow Spoofing (953230)


 


MS08-038            Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)


 


MS08-039            Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)


 


MS08-040            Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)


 


For a technical deep dive regarding these bulletins, please visit our Security Vulnerability Research and Defence blog.


 


If you have the Windows Internal Database (Microsoft Windows 2003 or Microsoft Windows 2008) installed on or enabled without SQL Server 2005 SP2 and you have are opt-into Microsoft Update, the SQL Server 2005 service pack 2 update may be offered incorrectly and fail to install. The Windows Internal Database will be updated as expected, since the Windows Internal Database update is also offered.  Microsoft is working on resolving this issue and will be updating the detection logic to avoid the incorrect offering.


 


In addition, we’ll also be releasing an infrastructure update to the Windows Update client itself later this month, which has been standard practice for over 8 years. Windows Vista customers who select “never check for updates” (and Windows XP customers who select “turn off Automatic Update”) in their WU settings will not receive this WU infrastructure update unless they elect to install it manually by visiting Windows Update. For more information, please visit the Microsoft Update blog.


 


Please join us for the regular monthly security bulletin webcast, Wednesday July 9, 11:00 PDT (GMT -7). We’ll have an overview of the July bulletins, and you’ll have the opportunity to ask us questions around the release.


 


Cheers,


 


Simon


 


*This posting is provided “AS IS” with no warranties, and confers no rights.*


Comments (8)

  1. Anonymous says:

    SANS Internet Storm Center; Cooperative Network Security Community – Internet Security – isc: http:/

  2. Anonymous says:

    Très petit mois pour l’été : 4 bulletins seulement "importants". Suite aux prévisions

  3. Anonymous says:

    Microsoft has patched bugs in its Exchange, SQL Server, and Windows software that could give hackers

  4. Anonymous says:

    Patch Tuesday or patch Wednesday… it all depends on which part of the world you're in. For me it's

  5. Anonymous says:

    Luglio 2008 8 luglio: Security Advisory 953635 Security Advisory 953635 su Microsoft Word 8 luglio: emissione

  6. Anonymous says:

    Immagino conosciate tutti l’importanza dei security update, e più in generale del tenere i sistemi client

  7. Anonymous says:

    Microsoft have released this month's patches as part of their usual Patch Tuesday monthly cycle.

  8. Anonymous says:

    Microsoft have released this month's patches as part of their usual Patch Tuesday monthly cycle.