Security Quest #17: Microsoft Edition

Another second Tuesday of the month and another set of Microsoft patches. I realize it’s important to patch vulnerabilities as soon as possible and this monthly release schedule tends to go against that, but I like the consistency and ability to plan.

Anyway, this week brought two patches. The first is MS08-001 titled “Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution”. This affects all supported desktop OS’s. It’s rated as Important for Windows 2000 and Critical for all flavors of Windows XP and Windows Vista. I didn’t have any problems applying this update to my two Windows XP SP2 installations. There wasn’t any update through Windows Update for my Vista SP1 RC1 install so I don’t have any experience with that one.

MS08-002 is titled “Vulnerability in LSASS Could Allow Local Elevation of Privilege” and is for Windows 2000 and Windows XP on the desktop. It rated as important. If someone already has logon credentials they can use this vulnerability to elevate their privileges.

There’s no cumulative IE update or any Office updates this month.

 

Microsoft Security Resources

Additional security resources from Microsoft:

Microsoft Security Newsletter is a monthly e-mail covering security topics from Microsoft. To subscribe you’ll need a Microsoft Live ID (formerly passport) although the newsletter can go to any email address.  You’ll also be required to provide a name. By default the box to also receive other Microsoft emails is checked so be sure to uncheck it (unless you want the emails). You can also view the latest newsletter‘ without subscribing.

Microsoft provides several levels of security notifications via several methods. They provide either basic or comprehensive alerts along with additional non-vulnerability advisories and a blog. Delivery system include email, rss, Windows Live Alerts and the website.

A security bulletin search is provided that allows searching by date, product and severity rating.

They also have a new (at least to me) Malware Protection Center that lists information about malware and provides links to Microsoft tools.

Spam Counts

This weeks spam counts:

Primary Mailbox 30-day spam count: 2

This is down one from last week and none of it is new.

Public Mailbox 30-day spam count: 156

Down 20 from last week with new spam this week at 21 pieces.

Website comment and trackback spam: 7,573

This is up 73 from last week.