ANN: Out-of-band Security Update to be released 23 Oct-08

  • Thread starter Thread starter PA Bear [MS MVP]
  • Start date Start date
P

PA Bear [MS MVP]

Guest
Microsoft Security Bulletin Advance Notification for October 2008
http://www.microsoft.com/technet/security/...n/ms08-oct.mspx


This is an advance notification of an out-of-band security bulletin that
Microsoft is intending to release on Thursday, 23 October 2008.

Critical Security Bulletin (1)
============================================================

Windows Bulletin

- Affected Software:

- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2 and Windows XP Service Pack 3
- Windows XP Professional x64 Edition and Windows XP Professional x64
Edition Service Pack 2
- Windows Server 2003 Service Pack 1 and Windows Server 2003 Service
Pack 2
- Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems and Windows
Server 2003 with SP2 for Itanium based Systems
- Windows Vista and Windows Vista Service Pack 1
- Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
- Windows Server 2008 for 32-bit Systems (Windows Server 2008 Server
Core installation affected)
- Windows Server 2008 for x64-based Systems (Windows Server 2008 Server
Core installation affected)
- Windows Server 2008 for Itanium-based Systems

- Impact: Remote Code Execution
- Restart Requirement: The update requires a restart
- Version Number: 1.0

© 2008 Microsoft Corporation


Microsoft will host a webcast to address customer questions on this
out-of-band security bulletin on October 23, 2008, at 1:00 PM Pacific Time
(US & Canada). Register for this out-of-band Security Bulletin Webcast at
the link above.

[Crossposted to Security, Security Home Users, and Windows Update
newsgroups; Followup To set for Security newsgroup]
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
 
In addition, the below shows the severity rating of this out-of-band
update. For those systems that it's deemed Critical for, be
***strongly advised*** that it should be installed AS SOON AS POSSIBLE.

It's predicted that there will be *** active exploitation of the
vulnerability addressed by this update soon **** or it already ***is***
being actively exploited.
Further details about any exploitation will be posted after the online
webcast scheduled for 10 AM today.

Windows Operating System and Components


Microsoft Windows 2000
Bulletin Identifier
Windows

Aggregate Severity Rating
Critical

Microsoft Windows 2000 Service Pack 4
Microsoft Windows 2000 Service Pack 4
(Critical)

Windows XP
Bulletin Identifier
Windows

Aggregate Severity Rating
Critical

Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Service Pack 2 and Windows XP Service Pack 3
(Critical)

Windows XP Professional x64 Edition and Windows XP Professional x64
Edition Service Pack 2
Windows XP Professional x64 Edition and Windows XP Professional x64
Edition Service Pack 2
(Critical)

Windows Server 2003
Bulletin Identifier
Windows

Aggregate Severity Rating
Critical

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
(Critical)

Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
Service Pack 2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
Service Pack 2
(Critical)

Windows Server 2003 with SP1 for Itanium-based Systems and Windows
Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems and Windows
Server 2003 with SP2 for Itanium-based Systems
(Critical)

Windows Vista
Bulletin Identifier
Windows

Aggregate Severity Rating
Important

Windows Vista and Windows Vista Service Pack 1
Windows Vista and Windows Vista Service Pack 1
(Important)

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
(Important)

Windows Server 2008
Bulletin Identifier
Windows

Aggregate Severity Rating
Important

Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems*
(Important)

Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems*
(Important)

Windows Server 2008 for Itanium-based Systems
Windows Server 2008 for Itanium-based Systems
(Important)

IF anyone has an issue either installing this update, the update is
reoffered, or there are issues after installing it, please contact MS
for *** no-charge *** technical support:

> Support
> • Customers in the U.S. and Canada can receive technical support from Microsoft Product Support
> Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security
> updates.
> • International customers can receive support from their local Microsoft subsidiaries. There is no
> charge for support that is associated with security updates. For more information about how to
> contact Microsoft for support issues, visit the International Support Web site.
> http://go.microsoft.com/fwlink/?LinkId=21155



MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============




PA Bear [MS MVP] wrote:

> Microsoft Security Bulletin Advance Notification for October 2008
> http://www.microsoft.com/technet/security/...n/ms08-oct.mspx
>
>
> This is an advance notification of an out-of-band security bulletin that
> Microsoft is intending to release on Thursday, 23 October 2008.
>
> Critical Security Bulletin (1)
> ============================================================
>
> Windows Bulletin
>
> - Affected Software:
>
> - Microsoft Windows 2000 Service Pack 4
> - Windows XP Service Pack 2 and Windows XP Service Pack 3
> - Windows XP Professional x64 Edition and Windows XP Professional x64
> Edition Service Pack 2
> - Windows Server 2003 Service Pack 1 and Windows Server 2003 Service
> Pack 2
> - Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
> Service Pack 2
> - Windows Server 2003 with SP1 for Itanium-based Systems and Windows
> Server 2003 with SP2 for Itanium based Systems
> - Windows Vista and Windows Vista Service Pack 1
> - Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
> - Windows Server 2008 for 32-bit Systems (Windows Server 2008 Server
> Core installation affected)
> - Windows Server 2008 for x64-based Systems (Windows Server 2008
> Server Core installation affected)
> - Windows Server 2008 for Itanium-based Systems
>
> - Impact: Remote Code Execution
> - Restart Requirement: The update requires a restart
> - Version Number: 1.0
>
> © 2008 Microsoft Corporation
>
>
> Microsoft will host a webcast to address customer questions on this
> out-of-band security bulletin on October 23, 2008, at 1:00 PM Pacific
> Time (US & Canada). Register for this out-of-band Security Bulletin
> Webcast at the link above.
>
> [Crossposted to Security, Security Home Users, and Windows Update
> newsgroups; Followup To set for Security newsgroup]
 
We've just rolled the Patches into our lab to bwegin testing and right off
the bat we have questions regarding applicability.
Almost our target systems have IE7 installed and we are getting
notifications that the patch does not apply "the patch does not apply to the
version of Internet Explorer that is installed" On two Windows Svr 2003 R2
x64 SP2 systems with IE7 installed we get the error "Setup has detected that
the Service Pack Version is newer than the update you are applying. You do
not need to apply this update"

Am I correct in concluding this patch does not apply to systems running IE7?

Phil Lewis
 
Hello Robear,

There are here:

Security Update for Windows Vista (KB958644)
Definition Update for Windows Defender - KB915597 (Definition 1.45.1012.0)

Thank you
-=-


"PA Bear [MS MVP]" wrote:

> Microsoft Security Bulletin Advance Notification for October 2008
> http://www.microsoft.com/technet/security/...n/ms08-oct.mspx
>
>
> This is an advance notification of an out-of-band security bulletin that
> Microsoft is intending to release on Thursday, 23 October 2008.
>
> Critical Security Bulletin (1)
> ============================================================
>
> Windows Bulletin
>
> - Affected Software:
>
> - Microsoft Windows 2000 Service Pack 4
> - Windows XP Service Pack 2 and Windows XP Service Pack 3
> - Windows XP Professional x64 Edition and Windows XP Professional x64
> Edition Service Pack 2
> - Windows Server 2003 Service Pack 1 and Windows Server 2003 Service
> Pack 2
> - Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
> Service Pack 2
> - Windows Server 2003 with SP1 for Itanium-based Systems and Windows
> Server 2003 with SP2 for Itanium based Systems
> - Windows Vista and Windows Vista Service Pack 1
> - Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
> - Windows Server 2008 for 32-bit Systems (Windows Server 2008 Server
> Core installation affected)
> - Windows Server 2008 for x64-based Systems (Windows Server 2008 Server
> Core installation affected)
> - Windows Server 2008 for Itanium-based Systems
>
> - Impact: Remote Code Execution
> - Restart Requirement: The update requires a restart
> - Version Number: 1.0
>
> © 2008 Microsoft Corporation
>
>
> Microsoft will host a webcast to address customer questions on this
> out-of-band security bulletin on October 23, 2008, at 1:00 PM Pacific Time
> (US & Canada). Register for this out-of-band Security Bulletin Webcast at
> the link above.
>
> [Crossposted to Security, Security Home Users, and Windows Update
> newsgroups; Followup To set for Security newsgroup]
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> AumHa VSOP & Admin http://aumha.net
> DTS-L http://dts-l.net/
>
>
 
Re: Out-of-band Security Update to be released 23 Oct-08

[Crossposted to Security, Security Home Users; Windows Update newsgroups;
Followup To set for Security newsgroup]

MS08-067 Vulnerability in Server Service Could Allow Remote Code Execution
(958644)

Executive Summary

This security update resolves a privately reported vulnerability in the
Server service. The vulnerability could allow remote code execution if an
affected system received a specially crafted RPC request. On Microsoft
Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could
exploit this vulnerability without authentication to run arbitrary code. It
is possible that this vulnerability could be used in the crafting of a
wormable exploit. Firewall best practices and standard default firewall
configurations can help protect network resources from attacks that
originate outside the enterprise perimeter.

This security update is rated Critical for all supported editions of
Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important
for all supported editions of Windows Vista and Windows Server 2008...

Source: http://www.microsoft.com/technet/security/...n/ms08-oct.mspx

!! => Malware Protection Center: Get Protected, Now!
http://blogs.technet.com/mmpc/archive/2008...tected-now.aspx
--
~PA Bear

PA Bear [MS MVP] wrote:
> Microsoft Security Bulletin Advance Notification for October 2008
> http://www.microsoft.com/technet/security/...n/ms08-oct.mspx
>
>
> This is an advance notification of an out-of-band security bulletin that
> Microsoft is intending to release on Thursday, 23 October 2008.
>
> Critical Security Bulletin (1)
> ============================================================
>
> Windows Bulletin
>
> - Affected Software:
>
> - Microsoft Windows 2000 Service Pack 4
> - Windows XP Service Pack 2 and Windows XP Service Pack 3
> - Windows XP Professional x64 Edition and Windows XP Professional x64
> Edition Service Pack 2
> - Windows Server 2003 Service Pack 1 and Windows Server 2003 Service
> Pack 2
> - Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
> Service Pack 2
> - Windows Server 2003 with SP1 for Itanium-based Systems and Windows
> Server 2003 with SP2 for Itanium based Systems
> - Windows Vista and Windows Vista Service Pack 1
> - Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack
> 1
> - Windows Server 2008 for 32-bit Systems (Windows Server 2008 Server
> Core installation affected)
> - Windows Server 2008 for x64-based Systems (Windows Server 2008 Server
> Core installation affected)
> - Windows Server 2008 for Itanium-based Systems
>
> - Impact: Remote Code Execution
> - Restart Requirement: The update requires a restart
> - Version Number: 1.0
>
> © 2008 Microsoft Corporation
>
 
does this affect XP Embedded?

==================================

"PA Bear [MS MVP]" wrote:

> Microsoft Security Bulletin Advance Notification for October 2008
> http://www.microsoft.com/technet/security/...n/ms08-oct.mspx
>
>
> This is an advance notification of an out-of-band security bulletin that
> Microsoft is intending to release on Thursday, 23 October 2008.
>
> Critical Security Bulletin (1)
> ============================================================
>
> Windows Bulletin
>
> - Affected Software:
>
> - Microsoft Windows 2000 Service Pack 4
> - Windows XP Service Pack 2 and Windows XP Service Pack 3
> - Windows XP Professional x64 Edition and Windows XP Professional x64
> Edition Service Pack 2
> - Windows Server 2003 Service Pack 1 and Windows Server 2003 Service
> Pack 2
> - Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
> Service Pack 2
> - Windows Server 2003 with SP1 for Itanium-based Systems and Windows
> Server 2003 with SP2 for Itanium based Systems
> - Windows Vista and Windows Vista Service Pack 1
> - Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
> - Windows Server 2008 for 32-bit Systems (Windows Server 2008 Server
> Core installation affected)
> - Windows Server 2008 for x64-based Systems (Windows Server 2008 Server
> Core installation affected)
> - Windows Server 2008 for Itanium-based Systems
>
> - Impact: Remote Code Execution
> - Restart Requirement: The update requires a restart
> - Version Number: 1.0
>
> © 2008 Microsoft Corporation
>
>
> Microsoft will host a webcast to address customer questions on this
> out-of-band security bulletin on October 23, 2008, at 1:00 PM Pacific Time
> (US & Canada). Register for this out-of-band Security Bulletin Webcast at
> the link above.
>
> [Crossposted to Security, Security Home Users, and Windows Update
> newsgroups; Followup To set for Security newsgroup]
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> AumHa VSOP & Admin http://aumha.net
> DTS-L http://dts-l.net/
>
>
 
NO, it applies to the OS, irrespective of the browser installed.
Strongly suggest you contact MS to report this issue and for assistance
in getting this *** Critical *** update installed ASAP.
From the Sec Bulletin:
http://www.microsoft.com/technet/security/...n/MS08-067.mspx

> Support
> • Customers in the U.S. and Canada can receive technical support from Microsoft Product Support
> Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security
> updates.
> • International customers can receive support from their local Microsoft subsidiaries. There is no
> charge for support that is associated with security updates. For more information about how to
> contact Microsoft for support issues, visit the International Support Web site.
> http://go.microsoft.com/fwlink/?LinkId=21155


MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============



Phil Lewis - Checkfree wrote:

> We've just rolled the Patches into our lab to bwegin testing and right off
> the bat we have questions regarding applicability.
> Almost our target systems have IE7 installed and we are getting
> notifications that the patch does not apply "the patch does not apply to the
> version of Internet Explorer that is installed" On two Windows Svr 2003 R2
> x64 SP2 systems with IE7 installed we get the error "Setup has detected that
> the Service Pack Version is newer than the update you are applying. You do
> not need to apply this update"
>
> Am I correct in concluding this patch does not apply to systems running IE7?
>
> Phil Lewis
 
[How did I miss this one?]

MS08-067 is not dependent on the version of IE installed per se.

Then again, you're running Win2008 SP2 Beta which (AFAIK) is not yet a
"supported edition" of Win2008 and I have no idea what download of MS08-067
you're attempting to install.

Also see the listing (and footnotes) for Win2008 in the section Affected
Software and Download Locations | Windows Operating System and Components of
http://www.microsoft.com/technet/security/...n/ms08-oct.mspx

That being said, there is a version of MS08-067 for Windows 7 Pre-Beta so
there might be one for Win2008 SP2 Beta. Contact MS via your usual support
channels ASAP, Phil.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


Phil Lewis - Checkfree wrote:
> We've just rolled the Patches into our lab to bwegin testing and right off
> the bat we have questions regarding applicability.
> Almost our target systems have IE7 installed and we are getting
> notifications that the patch does not apply "the patch does not apply to
> the
> version of Internet Explorer that is installed" On two Windows Svr 2003 R2
> x64 SP2 systems with IE7 installed we get the error "Setup has detected
> that
> the Service Pack Version is newer than the update you are applying. You do
> not need to apply this update"
>
> Am I correct in concluding this patch does not apply to systems running
> IE7?
>
> Phil Lewis
 
"PA Bear [MS MVP]" wrote in message
news:eW5$RTjNJHA.5024@TK2MSFTNGP02.phx.gbl...
> [How did I miss this one?]
>
> MS08-067 is not dependent on the version of IE installed per se.
>
> Then again, you're running Win2008 SP2 Beta which (AFAIK) is not yet a
> "supported edition" of Win2008 and I have no idea what download of
> MS08-067
> you're attempting to install.

If you'd only done inline quoting
smile.gif
you'd have seen this:

> Phil Lewis - Checkfree wrote:
>> We've just rolled the Patches into our lab to bwegin testing and right
>> off
>> the bat we have questions regarding applicability.
>> Almost our target systems have IE7 installed and we are getting
>> notifications that the patch does not apply "the patch does not apply to
>> the
>> version of Internet Explorer that is installed" On two Windows Svr 2003
>> R2
>> x64 SP2 systems with IE7 installed we get the error "Setup has detected
>> that
>> the Service Pack Version is newer than the update you are applying. You
>> do
>> not need to apply this update"

That's 2003 R2 x64 SP2, not 2008. This is a supported version and a
supported service pack.

Having said that, it's entirely possible that there's a versioning issue
here, and hopefully Microsoft can address this quickly.

Alun.
~~~~
--
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
 
Oops! Thanks & sorry to the OP. (Now when did I schedule that eye doctor
appointment...?)

Alun Jones wrote:
> "PA Bear [MS MVP]" wrote in message
> news:eW5$RTjNJHA.5024@TK2MSFTNGP02.phx.gbl...
>> [How did I miss this one?]
>>
>> MS08-067 is not dependent on the version of IE installed per se.
>>
>> Then again, you're running Win2008 SP2 Beta which (AFAIK) is not yet a
>> "supported edition" of Win2008 and I have no idea what download of
>> MS08-067
>> you're attempting to install.
>
> If you'd only done inline quoting
smile.gif
you'd have seen this:
>
>> Phil Lewis - Checkfree wrote:
>>> We've just rolled the Patches into our lab to bwegin testing and right
>>> off
>>> the bat we have questions regarding applicability.
>>> Almost our target systems have IE7 installed and we are getting
>>> notifications that the patch does not apply "the patch does not apply to
>>> the
>>> version of Internet Explorer that is installed" On two Windows Svr 2003
>>> R2
>>> x64 SP2 systems with IE7 installed we get the error "Setup has detected
>>> that
>>> the Service Pack Version is newer than the update you are applying. You
>>> do
>>> not need to apply this update"
>
> That's 2003 R2 x64 SP2, not 2008. This is a supported version and a
> supported service pack.
>
> Having said that, it's entirely possible that there's a versioning issue
> here, and hopefully Microsoft can address this quickly.
>
> Alun.
> ~~~~
 
We have received unconfirmed reports from other companies that the Microsoft
Security Bulletin MS08-067 caused some issues after installation. HAs anyone
else heard or experienced any issues with the install??

Thanks,
Joseph

"InfoSecGuru" wrote:

> does this affect XP Embedded?
>
> ==================================
>
> "PA Bear [MS MVP]" wrote:
>
> > Microsoft Security Bulletin Advance Notification for October 2008
> > http://www.microsoft.com/technet/security/...n/ms08-oct.mspx
> >
> >
> > This is an advance notification of an out-of-band security bulletin that
> > Microsoft is intending to release on Thursday, 23 October 2008.
> >
> > Critical Security Bulletin (1)
> > ============================================================
> >
> > Windows Bulletin
> >
> > - Affected Software:
> >
> > - Microsoft Windows 2000 Service Pack 4
> > - Windows XP Service Pack 2 and Windows XP Service Pack 3
> > - Windows XP Professional x64 Edition and Windows XP Professional x64
> > Edition Service Pack 2
> > - Windows Server 2003 Service Pack 1 and Windows Server 2003 Service
> > Pack 2
> > - Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
> > Service Pack 2
> > - Windows Server 2003 with SP1 for Itanium-based Systems and Windows
> > Server 2003 with SP2 for Itanium based Systems
> > - Windows Vista and Windows Vista Service Pack 1
> > - Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
> > - Windows Server 2008 for 32-bit Systems (Windows Server 2008 Server
> > Core installation affected)
> > - Windows Server 2008 for x64-based Systems (Windows Server 2008 Server
> > Core installation affected)
> > - Windows Server 2008 for Itanium-based Systems
> >
> > - Impact: Remote Code Execution
> > - Restart Requirement: The update requires a restart
> > - Version Number: 1.0
> >
> > © 2008 Microsoft Corporation
> >
> >
> > Microsoft will host a webcast to address customer questions on this
> > out-of-band security bulletin on October 23, 2008, at 1:00 PM Pacific Time
> > (US & Canada). Register for this out-of-band Security Bulletin Webcast at
> > the link above.
> >
> > [Crossposted to Security, Security Home Users, and Windows Update
> > newsgroups; Followup To set for Security newsgroup]
> > --
> > ~Robear Dyer (PA Bear)
> > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> > AumHa VSOP & Admin http://aumha.net
> > DTS-L http://dts-l.net/
> >
> >
 
In terms of the security update itself, we’re seeing strong deployments
worldwide. We also have no reports of known issues with the security update
at this time.

Source:
http://blogs.technet.com/msrc/archive/2008...n-ms08-067.aspx

That being said, free support is available should you run into problems:

Start a free Windows Update support incident request:
https://support.microsoft.com/oas/default.aspx?gprid=6527

Support for Windows Update:
http://support.microsoft.com/gp/wusupport

For home users, no-charge support is available by calling 1-866-PCSAFETY in
the United States and in Canada or by contacting your local Microsoft
subsidiary. There is no-charge for support calls that are associated with
security updates. When you call, clearly state that your problem is related
to a Security Update and cite the update's KB number (e.g., KB958644).

For more information about how to contact your local Microsoft subsidiary
for security update support issues, visit the International Support Web
site: http://support.microsoft.com/common/international.aspx

For enterprise customers, support for security updates is available through
your usual support contacts.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin; DTS-L.net

josephr38@hotmail.com wrote:
> We have received unconfirmed reports from other companies that the
> Microsoft
> Security Bulletin MS08-067 caused some issues after installation. HAs
> anyone else heard or experienced any issues with the install??
>
> Thanks,
> Joseph
>
> "InfoSecGuru" wrote:
>
>> does this affect XP Embedded?
>>
>> ==================================
>>
>> "PA Bear [MS MVP]" wrote:
>>
>>> Microsoft Security Bulletin Advance Notification for October 2008
>>> http://www.microsoft.com/technet/security/...n/ms08-oct.mspx
>>>
>>>
>>> This is an advance notification of an out-of-band security bulletin that
>>> Microsoft is intending to release on Thursday, 23 October 2008.
>>>
>>> Critical Security Bulletin (1)
>>> ============================================================
>>>
>>> Windows Bulletin
>>>
>>> - Affected Software:
>>>
>>> - Microsoft Windows 2000 Service Pack 4
>>> - Windows XP Service Pack 2 and Windows XP Service Pack 3
>>> - Windows XP Professional x64 Edition and Windows XP Professional
>>> x64
>>> Edition Service Pack 2
>>> - Windows Server 2003 Service Pack 1 and Windows Server 2003 Service
>>> Pack 2
>>> - Windows Server 2003 x64 Edition and Windows Server 2003 x64
>>> Edition
>>> Service Pack 2
>>> - Windows Server 2003 with SP1 for Itanium-based Systems and Windows
>>> Server 2003 with SP2 for Itanium based Systems
>>> - Windows Vista and Windows Vista Service Pack 1
>>> - Windows Vista x64 Edition and Windows Vista x64 Edition Service
>>> Pack 1
>>> - Windows Server 2008 for 32-bit Systems (Windows Server 2008 Server
>>> Core installation affected)
>>> - Windows Server 2008 for x64-based Systems (Windows Server 2008
>>> Server Core installation affected)
>>> - Windows Server 2008 for Itanium-based Systems
>>>
>>> - Impact: Remote Code Execution
>>> - Restart Requirement: The update requires a restart
>>> - Version Number: 1.0
>>>
>>> © 2008 Microsoft Corporation
>>>
>>>
>>> Microsoft will host a webcast to address customer questions on this
>>> out-of-band security bulletin on October 23, 2008, at 1:00 PM Pacific
>>> Time
>>> (US & Canada). Register for this out-of-band Security Bulletin Webcast
>>> at
>>> the link above.
>>>
>>> [Crossposted to Security, Security Home Users, and Windows Update
>>> newsgroups; Followup To set for Security newsgroup]
>>> --
>>> ~Robear Dyer (PA Bear)
>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>> AumHa VSOP & Admin http://aumha.net
>>> DTS-L http://dts-l.net/
 
josephr38@hotmail.com wrote:

> We have received unconfirmed reports from other companies that the Microsoft
> Security Bulletin MS08-067 caused some issues after installation. HAs anyone
> else heard or experienced any issues with the install??

What PA Bear said. Also, we know that in at least some cases problems thought
to be caused by MS08-067 were actually caused by a third-party software update
that was released around the same time.

Harry.
 
Re: Out-of-band Security Update to be released 23 Oct-08

Microsoft Security Advisory (958963): Exploit Code Published Affecting the
Server Service

Microsoft is aware that detailed exploit code demonstrating code execution
has been published on the Internet for the vulnerability that is addressed
by security update MS08-067. This exploit code demonstrates code execution
on Windows 2000, Windows XP, and Windows Server 2003. Microsoft is aware of
limited, targeted active attacks that use this exploit code. At this time,
there are no self-replicating attacks associated with this vulnerability.
Microsoft has activated its Software Security Incident Response Process
(SSIRP) and is continuing to investigate this issue.

Our investigation of this exploit code has verified that it does not affect
customers who have installed the updates detailed in MS08-067 on their
computers. Microsoft continues to recommend that customers apply the
updates to the affected products by enabling the Automatic Updates feature
in Windows.

We continue to work with our Microsoft Security Response Alliance (MSRA) and
Microsoft Active Protections Program (MAPP) partners so that their products
can provide additional protections for customers. We have updated our
Windows Live Safety Scanner, Windows Live One Care, and Forefront security
products with protections for customers. We have also been working with our
partners in the Global Infrastructure Alliance for Internet Safety (GIAIS)
program to take steps to help keep attacks from spreading.

Customers who believe they are affected can contact Customer Service and
Support. Contact CSS in North America for help with security update issues
or viruses at no charge using the PC Safety line (1-866-PCSAFETY).
International customers may request help by using any method found at this
location: http://www.microsoft.com/protect/support/default.mspx (click on
the select your region hyperlink in the first paragraph).

Mitigating Factors:

• Customers who have installed the MS08-067 security update are not affected
by this vulnerability.

• Windows 2000, Windows XP and Windows Server 2003 systems are primarily at
risk from this vulnerability. Customers running these platforms should
deploy MS08-067 as soon as possible.

• While installation of the update is the recommended action, customers who
have applied the mitigations as identified in MS08-067 will have minimized
their exposure and potential exploitability against an attack.

Source: http://www.microsoft.com/technet/security/...ory/958963.mspx

PA Bear [MS MVP] wrote:
> Microsoft Security Bulletin Advance Notification for October 2008
> http://www.microsoft.com/technet/security/...n/ms08-oct.mspx
>
>
> This is an advance notification of an out-of-band security bulletin that
> Microsoft is intending to release on Thursday, 23 October 2008.
>
> Critical Security Bulletin (1)
> ============================================================
>
> Windows Bulletin
>
> - Affected Software:
>
> - Microsoft Windows 2000 Service Pack 4
> - Windows XP Service Pack 2 and Windows XP Service Pack 3
> - Windows XP Professional x64 Edition and Windows XP Professional x64
> Edition Service Pack 2
> - Windows Server 2003 Service Pack 1 and Windows Server 2003 Service
> Pack 2
> - Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
> Service Pack 2
> - Windows Server 2003 with SP1 for Itanium-based Systems and Windows
> Server 2003 with SP2 for Itanium based Systems
> - Windows Vista and Windows Vista Service Pack 1
> - Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack
> 1
> - Windows Server 2008 for 32-bit Systems (Windows Server 2008 Server
> Core installation affected)
> - Windows Server 2008 for x64-based Systems (Windows Server 2008 Server
> Core installation affected)
> - Windows Server 2008 for Itanium-based Systems
>
> - Impact: Remote Code Execution
> - Restart Requirement: The update requires a restart
> - Version Number: 1.0
>
> © 2008 Microsoft Corporation
>
>
> Microsoft will host a webcast to address customer questions on this
> out-of-band security bulletin on October 23, 2008, at 1:00 PM Pacific Time
> (US & Canada). Register for this out-of-band Security Bulletin Webcast at
> the link above.
>
> [Crossposted to Security, Security Home Users, and Windows Update
> newsgroups; Followup To set for Security newsgroup]
 
On Monday morning after the update, about 50 pc's in my Domain OU all
received the following error when trying to run windows or Microsoft
update!!!
Note:Other OU's reporting windows update failing!!
Of the three option given for (error number 0x800A0046), the script in the
second option restore the ability to run Microsoft update, but We hade to go
through the "start using Microsoft updates" as if it had never been used!
Note: doesn't always survive reboot!

Nobody seams to know if it;s waht is causing it, the MS patch, the AD or
both??
Wab

>>>>>>>>>> Error >>>>>>>>>>>>>>>>>>>>>>>>>>>
Please change your Internet Explorer security settings
To save changes to your settings for this website, you need to enable
userdata persistence for Internet Explorer. Complete the steps below, and
then click Change settings to the left and try saving your changes again.
1. In Internet Explorer, on the Tools menu, click Internet Options.
2. Click the Security tab, click the Internet security zone icon, and
then click Custom Level.
3. In the Settings dialog box, scroll to the Miscellaneous section.
4. Under Userdata persistence , select Enable.
5. Click OK and when the security warning dialog box appears, click
Yes.
Read more about steps you can take to resolve this problem (error number
0x800A0046) yourself.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

"josephr38@hotmail.com" wrote:

> We have received unconfirmed reports from other companies that the Microsoft
> Security Bulletin MS08-067 caused some issues after installation. HAs anyone
> else heard or experienced any issues with the install??
>
> Thanks,
> Joseph
>
> "InfoSecGuru" wrote:
>
> > does this affect XP Embedded?
> >
> > ==================================
> >
> > "PA Bear [MS MVP]" wrote:
> >
> > > Microsoft Security Bulletin Advance Notification for October 2008
> > > http://www.microsoft.com/technet/security/...n/ms08-oct.mspx
> > >
> > >
> > > This is an advance notification of an out-of-band security bulletin that
> > > Microsoft is intending to release on Thursday, 23 October 2008.
> > >
> > > Critical Security Bulletin (1)
> > > ============================================================
> > >
> > > Windows Bulletin
> > >
> > > - Affected Software:
> > >
> > > - Microsoft Windows 2000 Service Pack 4
> > > - Windows XP Service Pack 2 and Windows XP Service Pack 3
> > > - Windows XP Professional x64 Edition and Windows XP Professional x64
> > > Edition Service Pack 2
> > > - Windows Server 2003 Service Pack 1 and Windows Server 2003 Service
> > > Pack 2
> > > - Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
> > > Service Pack 2
> > > - Windows Server 2003 with SP1 for Itanium-based Systems and Windows
> > > Server 2003 with SP2 for Itanium based Systems
> > > - Windows Vista and Windows Vista Service Pack 1
> > > - Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
> > > - Windows Server 2008 for 32-bit Systems (Windows Server 2008 Server
> > > Core installation affected)
> > > - Windows Server 2008 for x64-based Systems (Windows Server 2008 Server
> > > Core installation affected)
> > > - Windows Server 2008 for Itanium-based Systems
> > >
> > > - Impact: Remote Code Execution
> > > - Restart Requirement: The update requires a restart
> > > - Version Number: 1.0
> > >
> > > © 2008 Microsoft Corporation
> > >
> > >
> > > Microsoft will host a webcast to address customer questions on this
> > > out-of-band security bulletin on October 23, 2008, at 1:00 PM Pacific Time
> > > (US & Canada). Register for this out-of-band Security Bulletin Webcast at
> > > the link above.
> > >
> > > [Crossposted to Security, Security Home Users, and Windows Update
> > > newsgroups; Followup To set for Security newsgroup]
> > > --
> > > ~Robear Dyer (PA Bear)
> > > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> > > AumHa VSOP & Admin http://aumha.net
> > > DTS-L http://dts-l.net/
> > >
> > >
 
Error message when you visit the Windows Update Web site or the Microsoft
Update Web site: "0x800A0046":
http://support.microsoft.com/kb/910338

Error message when you try to install Microsoft Update on a Windows
Vista-based computer: "Could not install Microsoft Update on the computer":
http://support.microsoft.com/kb/933528

===
Start a free Windows Update support incident request:
https://support.microsoft.com/oas/default.aspx?gprid=6527

Support for Windows Update:
http://support.microsoft.com/gp/wusupport

For more information about how to contact your local Microsoft subsidiary
for security update support issues, visit the International Support Web
site: http://support.microsoft.com/common/international.aspx

For enterprise customers, support for security updates is available through
your usual support contacts.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin; DTS-L.net

WAB wrote:
> On Monday morning after the update, about 50 pc's in my Domain OU all
> received the following error when trying to run windows or Microsoft
> update!!!
> Note:Other OU's reporting windows update failing!!
> Of the three option given for (error number 0x800A0046), the script in the
> second option restore the ability to run Microsoft update, but We hade to
> go
> through the "start using Microsoft updates" as if it had never been used!
> Note: doesn't always survive reboot!
>
> Nobody seams to know if it;s waht is causing it, the MS patch, the AD or
> both??
> Wab
>
>>>>>>>>>>> Error >>>>>>>>>>>>>>>>>>>>>>>>>>>
> Please change your Internet Explorer security settings
> To save changes to your settings for this website, you need to enable
> userdata persistence for Internet Explorer. Complete the steps below, and
> then click Change settings to the left and try saving your changes again.
> 1. In Internet Explorer, on the Tools menu, click Internet Options.
> 2. Click the Security tab, click the Internet security zone icon,
> and
> then click Custom Level.
> 3. In the Settings dialog box, scroll to the Miscellaneous section.
> 4. Under Userdata persistence , select Enable.
> 5. Click OK and when the security warning dialog box appears, click
> Yes.
> Read more about steps you can take to resolve this problem (error number
> 0x800A0046) yourself.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>
> "josephr38@hotmail.com" wrote:
>
>> We have received unconfirmed reports from other companies that the
>> Microsoft Security Bulletin MS08-067 caused some issues after
>> installation. HAs anyone else heard or experienced any issues with the
>> install??
>>
>> Thanks,
>> Joseph
>>
>> "InfoSecGuru" wrote:
>>
>>> does this affect XP Embedded?
>>>
>>> ==================================
>>>
>>> "PA Bear [MS MVP]" wrote:
>>>
>>>> Microsoft Security Bulletin Advance Notification for October 2008
>>>> http://www.microsoft.com/technet/security/...n/ms08-oct.mspx
>>>>
>>>>
>>>> This is an advance notification of an out-of-band security bulletin
>>>> that
>>>> Microsoft is intending to release on Thursday, 23 October 2008.
>>>>
>>>> Critical Security Bulletin (1)
>>>> ============================================================
>>>>
>>>> Windows Bulletin
>>>>
>>>> - Affected Software:
>>>>
>>>> - Microsoft Windows 2000 Service Pack 4
>>>> - Windows XP Service Pack 2 and Windows XP Service Pack 3
>>>> - Windows XP Professional x64 Edition and Windows XP Professional
>>>> x64
>>>> Edition Service Pack 2
>>>> - Windows Server 2003 Service Pack 1 and Windows Server 2003
>>>> Service
>>>> Pack 2
>>>> - Windows Server 2003 x64 Edition and Windows Server 2003 x64
>>>> Edition
>>>> Service Pack 2
>>>> - Windows Server 2003 with SP1 for Itanium-based Systems and
>>>> Windows
>>>> Server 2003 with SP2 for Itanium based Systems
>>>> - Windows Vista and Windows Vista Service Pack 1
>>>> - Windows Vista x64 Edition and Windows Vista x64 Edition Service
>>>> Pack 1
>>>> - Windows Server 2008 for 32-bit Systems (Windows Server 2008
>>>> Server
>>>> Core installation affected)
>>>> - Windows Server 2008 for x64-based Systems (Windows Server 2008
>>>> Server Core installation affected)
>>>> - Windows Server 2008 for Itanium-based Systems
>>>>
>>>> - Impact: Remote Code Execution
>>>> - Restart Requirement: The update requires a restart
>>>> - Version Number: 1.0
>>>>
>>>> © 2008 Microsoft Corporation
>>>>
>>>>
>>>> Microsoft will host a webcast to address customer questions on this
>>>> out-of-band security bulletin on October 23, 2008, at 1:00 PM Pacific
>>>> Time (US & Canada). Register for this out-of-band Security Bulletin
>>>> Webcast at the link above.
>>>>
>>>> [Crossposted to Security, Security Home Users, and Windows Update
>>>> newsgroups; Followup To set for Security newsgroup]
>>>> --
>>>> ~Robear Dyer (PA Bear)
>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>> AumHa VSOP & Admin http://aumha.net
>>>> DTS-L http://dts-l.net/
 
Robear, Nice copy and paste, but it doesn't provide any insight!

As I said, the script restores the ability to access windows/Microsoft
updated site, but It doesn't always survive reboot!

Subinacl /service wuauserv
/sddl=D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)

Our domain admins say they can't find anything wrong, so is it a by product
of the out of band patch or our AD admin's,?
Is it by accident or design?

Already submitted support request.

Wondering if any one else is having this problem and if so did they find
solution?

Something striped many User/pc's ability to access Window/Microsoft update
and download critical updates right after the out of band patch.

I don't know if it was the MS patch or our domain admin's, but weather by
accident or design I need to find an answer/solution to protect the OU I
manage.

I can't keep running around running this script over and over again, need
something more then a bandaid!
So I ask the question, are there others having this problem after the out of
band patch?
wab




"PA Bear [MS MVP]" wrote:

> Error message when you visit the Windows Update Web site or the Microsoft
> Update Web site: "0x800A0046":
> http://support.microsoft.com/kb/910338
>
> Error message when you try to install Microsoft Update on a Windows
> Vista-based computer: "Could not install Microsoft Update on the computer":
> http://support.microsoft.com/kb/933528
>
> ===
> Start a free Windows Update support incident request:
> https://support.microsoft.com/oas/default.aspx?gprid=6527
>
> Support for Windows Update:
> http://support.microsoft.com/gp/wusupport
>
> For more information about how to contact your local Microsoft subsidiary
> for security update support issues, visit the International Support Web
> site: http://support.microsoft.com/common/international.aspx
>
> For enterprise customers, support for security updates is available through
> your usual support contacts.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE, OE, Security, Shell/User)
> AumHa VSOP & Admin; DTS-L.net
>
> WAB wrote:
> > On Monday morning after the update, about 50 pc's in my Domain OU all
> > received the following error when trying to run windows or Microsoft
> > update!!!
> > Note:Other OU's reporting windows update failing!!
> > Of the three option given for (error number 0x800A0046), the script in the
> > second option restore the ability to run Microsoft update, but We hade to
> > go
> > through the "start using Microsoft updates" as if it had never been used!
> > Note: doesn't always survive reboot!
> >
> > Nobody seams to know if it;s waht is causing it, the MS patch, the AD or
> > both??
> > Wab
> >
> >>>>>>>>>>> Error >>>>>>>>>>>>>>>>>>>>>>>>>>>
> > Please change your Internet Explorer security settings
> > To save changes to your settings for this website, you need to enable
> > userdata persistence for Internet Explorer. Complete the steps below, and
> > then click Change settings to the left and try saving your changes again.
> > 1. In Internet Explorer, on the Tools menu, click Internet Options.
> > 2. Click the Security tab, click the Internet security zone icon,
> > and
> > then click Custom Level.
> > 3. In the Settings dialog box, scroll to the Miscellaneous section.
> > 4. Under Userdata persistence , select Enable.
> > 5. Click OK and when the security warning dialog box appears, click
> > Yes.
> > Read more about steps you can take to resolve this problem (error number
> > 0x800A0046) yourself.
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> >
> > "josephr38@hotmail.com" wrote:
> >
> >> We have received unconfirmed reports from other companies that the
> >> Microsoft Security Bulletin MS08-067 caused some issues after
> >> installation. HAs anyone else heard or experienced any issues with the
> >> install??
> >>
> >> Thanks,
> >> Joseph
> >>
> >> "InfoSecGuru" wrote:
> >>
> >>> does this affect XP Embedded?
> >>>
> >>> ==================================
> >>>
> >>> "PA Bear [MS MVP]" wrote:
> >>>
> >>>> Microsoft Security Bulletin Advance Notification for October 2008
> >>>> http://www.microsoft.com/technet/security/...n/ms08-oct.mspx
> >>>>
> >>>>
> >>>> This is an advance notification of an out-of-band security bulletin
> >>>> that
> >>>> Microsoft is intending to release on Thursday, 23 October 2008.
> >>>>
> >>>> Critical Security Bulletin (1)
> >>>> ============================================================
> >>>>
> >>>> Windows Bulletin
> >>>>
> >>>> - Affected Software:
> >>>>
> >>>> - Microsoft Windows 2000 Service Pack 4
> >>>> - Windows XP Service Pack 2 and Windows XP Service Pack 3
> >>>> - Windows XP Professional x64 Edition and Windows XP Professional
> >>>> x64
> >>>> Edition Service Pack 2
> >>>> - Windows Server 2003 Service Pack 1 and Windows Server 2003
> >>>> Service
> >>>> Pack 2
> >>>> - Windows Server 2003 x64 Edition and Windows Server 2003 x64
> >>>> Edition
> >>>> Service Pack 2
> >>>> - Windows Server 2003 with SP1 for Itanium-based Systems and
> >>>> Windows
> >>>> Server 2003 with SP2 for Itanium based Systems
> >>>> - Windows Vista and Windows Vista Service Pack 1
> >>>> - Windows Vista x64 Edition and Windows Vista x64 Edition Service
> >>>> Pack 1
> >>>> - Windows Server 2008 for 32-bit Systems (Windows Server 2008
> >>>> Server
> >>>> Core installation affected)
> >>>> - Windows Server 2008 for x64-based Systems (Windows Server 2008
> >>>> Server Core installation affected)
> >>>> - Windows Server 2008 for Itanium-based Systems
> >>>>
> >>>> - Impact: Remote Code Execution
> >>>> - Restart Requirement: The update requires a restart
> >>>> - Version Number: 1.0
> >>>>
> >>>> © 2008 Microsoft Corporation
> >>>>
> >>>>
> >>>> Microsoft will host a webcast to address customer questions on this
> >>>> out-of-band security bulletin on October 23, 2008, at 1:00 PM Pacific
> >>>> Time (US & Canada). Register for this out-of-band Security Bulletin
> >>>> Webcast at the link above.
> >>>>
> >>>> [Crossposted to Security, Security Home Users, and Windows Update
> >>>> newsgroups; Followup To set for Security newsgroup]
> >>>> --
> >>>> ~Robear Dyer (PA Bear)
> >>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> >>>> AumHa VSOP & Admin http://aumha.net
> >>>> DTS-L http://dts-l.net/
>
>
 
> As I said, the script restores the ability to access windows/Microsoft
> updated site, but It doesn't always survive reboot!

Then one assumes something must be disallowing the changes to persist.
Could be anti-virus application, third-party firewall, and/or Group
Policy...or already-infected machines!

> Already submitted support request.

Excellent. I'm quite sure you'll need assistance from MS.

Considering the following, I think it'd be best to have MS08-067 installed
on all machines at all times:

http://msmvps.com/blogs/harrywaldron/archi...n-the-wild.aspx
(and links therein)

http://msmvps.com/blogs/harrywaldron/archi...e-worm-yet.aspx
(and links therein)

http://blogs.technet.com/mmpc/archive/2008...ire-part-2.aspx
(nearly 50% of attacks via RPC Service)

http://blogs.technet.com/msrc/archive/2008...ory-958963.aspx

http://blogs.technet.com/mmpc/archive/2008...tected-now.aspx

Good luck!
--
~PA Bear

WAB wrote:
> Robear, Nice copy and paste, but it doesn't provide any insight!
>
> As I said, the script restores the ability to access windows/Microsoft
> updated site, but It doesn't always survive reboot!
>
> Subinacl /service wuauserv
> /sddl=D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
>
> Our domain admins say they can't find anything wrong, so is it a by
> product
> of the out of band patch or our AD admin's,?
> Is it by accident or design?
>
> Already submitted support request.
>
> Wondering if any one else is having this problem and if so did they find
> solution?
>
> Something striped many User/pc's ability to access Window/Microsoft update
> and download critical updates right after the out of band patch.
>
> I don't know if it was the MS patch or our domain admin's, but weather by
> accident or design I need to find an answer/solution to protect the OU I
> manage.
>
> I can't keep running around running this script over and over again, need
> something more then a bandaid!
> So I ask the question, are there others having this problem after the out
> of
> band patch?
>
> "PA Bear [MS MVP]" wrote:
>> Error message when you visit the Windows Update Web site or the Microsoft
>> Update Web site: "0x800A0046":
>> http://support.microsoft.com/kb/910338
>>
>> Error message when you try to install Microsoft Update on a Windows
>> Vista-based computer: "Could not install Microsoft Update on the
>> computer":
>> http://support.microsoft.com/kb/933528
>>
>> ===
>> Start a free Windows Update support incident request:
>> https://support.microsoft.com/oas/default.aspx?gprid=6527
>>
>> Support for Windows Update:
>> http://support.microsoft.com/gp/wusupport
>>
>> For more information about how to contact your local Microsoft subsidiary
>> for security update support issues, visit the International Support Web
>> site: http://support.microsoft.com/common/international.aspx
>>
>> For enterprise customers, support for security updates is available
>> through
>> your usual support contacts.
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-Windows (IE, OE, Security, Shell/User)
>> AumHa VSOP & Admin; DTS-L.net
>>
>> WAB wrote:
>>> On Monday morning after the update, about 50 pc's in my Domain OU all
>>> received the following error when trying to run windows or Microsoft
>>> update!!!
>>> Note:Other OU's reporting windows update failing!!
>>> Of the three option given for (error number 0x800A0046), the script in
>>> the
>>> second option restore the ability to run Microsoft update, but We hade
>>> to
>>> go
>>> through the "start using Microsoft updates" as if it had never been
>>> used!
>>> Note: doesn't always survive reboot!
>>>
>>> Nobody seams to know if it;s waht is causing it, the MS patch, the AD or
>>> both??
>>> Wab
>>>
>>>>>>>>>>>>> Error >>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> Please change your Internet Explorer security settings
>>> To save changes to your settings for this website, you need to enable
>>> userdata persistence for Internet Explorer. Complete the steps below,
>>> and
>>> then click Change settings to the left and try saving your changes
>>> again.
>>> 1. In Internet Explorer, on the Tools menu, click Internet
>>> Options.
>>> 2. Click the Security tab, click the Internet security zone icon,
>>> and
>>> then click Custom Level.
>>> 3. In the Settings dialog box, scroll to the Miscellaneous
>>> section.
>>> 4. Under Userdata persistence , select Enable.
>>> 5. Click OK and when the security warning dialog box appears,
>>> click
>>> Yes.
>>> Read more about steps you can take to resolve this problem (error number
>>> 0x800A0046) yourself.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>
>>> "josephr38@hotmail.com" wrote:
>>>
>>>> We have received unconfirmed reports from other companies that the
>>>> Microsoft Security Bulletin MS08-067 caused some issues after
>>>> installation. HAs anyone else heard or experienced any issues with the
>>>> install??
>>>>
>>>> Thanks,
>>>> Joseph
>>>>
>>>> "InfoSecGuru" wrote:
>>>>
>>>>> does this affect XP Embedded?
>>>>>
>>>>> ==================================
>>>>>
>>>>> "PA Bear [MS MVP]" wrote:
>>>>>
>>>>>> Microsoft Security Bulletin Advance Notification for October 2008
>>>>>> http://www.microsoft.com/technet/security/...n/ms08-oct.mspx
>>>>>>
>>>>>>
>>>>>> This is an advance notification of an out-of-band security bulletin
>>>>>> that
>>>>>> Microsoft is intending to release on Thursday, 23 October 2008.
>>>>>>
>>>>>> Critical Security Bulletin (1)
>>>>>> ============================================================
>>>>>>
>>>>>> Windows Bulletin
>>>>>>
>>>>>> - Affected Software:
>>>>>>
>>>>>> - Microsoft Windows 2000 Service Pack 4
>>>>>> - Windows XP Service Pack 2 and Windows XP Service Pack 3
>>>>>> - Windows XP Professional x64 Edition and Windows XP Professional
>>>>>> x64
>>>>>> Edition Service Pack 2
>>>>>> - Windows Server 2003 Service Pack 1 and Windows Server 2003
>>>>>> Service
>>>>>> Pack 2
>>>>>> - Windows Server 2003 x64 Edition and Windows Server 2003 x64
>>>>>> Edition
>>>>>> Service Pack 2
>>>>>> - Windows Server 2003 with SP1 for Itanium-based Systems and
>>>>>> Windows
>>>>>> Server 2003 with SP2 for Itanium based Systems
>>>>>> - Windows Vista and Windows Vista Service Pack 1
>>>>>> - Windows Vista x64 Edition and Windows Vista x64 Edition Service
>>>>>> Pack 1
>>>>>> - Windows Server 2008 for 32-bit Systems (Windows Server 2008
>>>>>> Server
>>>>>> Core installation affected)
>>>>>> - Windows Server 2008 for x64-based Systems (Windows Server 2008
>>>>>> Server Core installation affected)
>>>>>> - Windows Server 2008 for Itanium-based Systems
>>>>>>
>>>>>> - Impact: Remote Code Execution
>>>>>> - Restart Requirement: The update requires a restart
>>>>>> - Version Number: 1.0
>>>>>>
>>>>>> © 2008 Microsoft Corporation
>>>>>>
>>>>>>
>>>>>> Microsoft will host a webcast to address customer questions on this
>>>>>> out-of-band security bulletin on October 23, 2008, at 1:00 PM Pacific
>>>>>> Time (US & Canada). Register for this out-of-band Security Bulletin
>>>>>> Webcast at the link above.
>>>>>>
>>>>>> [Crossposted to Security, Security Home Users, and Windows Update
>>>>>> newsgroups; Followup To set for Security newsgroup]
>>>>>> --
>>>>>> ~Robear Dyer (PA Bear)
>>>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>>>> AumHa VSOP & Admin http://aumha.net
>>>>>> DTS-L http://dts-l.net/
 
You must log in or register to reply here.
Back
Top