Windows 7 - January 2008 Security Bulletins

Asked By Donna Buenaventura

08-Jan-08 01:14 PM

Microsoft's January 2008 Security Bulletins

As part of Microsoft's routine, monthly security update cycle, today they
released two new security bulletins that affects Windows system.
Note: There may be latency issues due to replication, if the page does not
display keep refreshing.

Critical
MS08-001 - Vulnerabilities in Windows TCP/IP Could Allow Remote Code
Execution (941644)
http://www.microsoft.com/technet/security/bulletin/MS08-001.mspx

Important
MS08-002 - Vulnerability in LSASS Could Allow Local Elevation of Privilege
(943485)
http://www.microsoft.com/technet/security/bulletin/MS08-002.mspx

Microsoft also released Non-Security, High-Priority Updates on MU, WU, and
WSUS:
- Five non-security, high-priority updates on Microsoft Update (MU) and
Windows Server Update Services (WSUS).
- Two non-security, high-priority updates for Windows on Windows Update (WU)
and WSUS.

Microsoft Windows Malicious Software Removal Tool
Microsoft has released an updated version of the Microsoft Windows Malicious
Software Removal Tool on Windows Update, Microsoft Update, Windows Server
Update Services, and the Download Center.

References:
January 2008 Security Bulletin Summary:
http://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx
Security Bulletin for end-users:
http://www.microsoft.com/protect/computer/updates/bulletins/200801.mspx
MSRC Blog: http://blogs.technet.com

Support:
Call 1-866-PCSAFETY. There is no charge for support calls that are
associated with security updates. International users should go to
http://support.microsoft.com/common/international.aspx

Security Bulletin Webcast:
Microsoft will host a Webcast tomorrow. The webcast focuses on addressing
your questions and concerns about the security bulletins. Therefore, most of
the live webcast is aimed at giving you the opportunity to ask questions and
get answers from their security experts.
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032357213&Culture=en-US

Regards,
Donna Buenaventura
Windows Security MVP
http://www.dozleng.com

08-Jan-08 08:05 PM

Not needed for the home user.
http://www.ultimatewindowssecurity.com/

--
Mike Pawlak

08-Jan-08 11:00 PM

will the lattency issue be a permanet issue if it does appear, or will the
issue resolve itself after refreshing?

09-Jan-08 03:10 PM

Windows Update automatically downloaded these last security updates on my
Windows 2000 Profession home system and initiated an system restart. When I
logged in with my username I discovered that all my settings and files
associated with my username were missing.

On closer inspection in the directory c:\documents and settings I noticed
that a new directory had been created called "\username.computername" to
which my user account was now connected.

All my old information is sitting in the folder "c:\documents and
settings\username"

Question: Why would it have done this and more importantly, when I log in,
how can I get my user to connect back to the original folder?

Any help gratefully accepted.

Thanks, Neil

09-Jan-08 08:17 PM

I would also suggest to you that you post your problem in the correct group
rather than in a general information posting, which is in security.virus -
search for windows.update in the web interface discussion group you are
using.

Antioch

09-Jan-08 04:53 PM

Latest updates broke my Tablet PC digitalizer drivers :( After installing
(943485)" the Wacom digitalizer stopped working. It uses the standard Wacom
Serial Pen driver.

Somebody had similar problems? Any idea how to solve that? All Wacom Tablet
users affected?

09-Jan-08 08:14 PM

You could start your own post in the correct group - your post here is in
reply to general information re this months Black Tuesday offerings.  I
think there is one for updates in the web interface - plus you will get a
wider audience to your problem.  You are currently in the security.virus
group.

Antioch

09-Jan-08 08:23 PM

Sorry, I though I was in windowsupdate group.

09-Jan-08 09:08 PM

NeilP, please begin a new thread in Windows Update newsgroup about your
issues.  Thank you.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

10-Jan-08 02:23 AM

Ah, did not I say something along the lines that these updates where not
needed?
Enjoy your troubles.
--
Mike Pawlak

08-Jan-08 03:11 PM

Could you - or someone - explain why WU is offering me

KB935509

Which is designated for Vista Ultimate & Vista Enterprise only?

I'm using Vista Home Premium (32) and WU is offering this Update along with
6 others today.

What happens if I install this Update on a system that it shouldn't be
offered to? Should I uncheck this Update and proceed with the others?

Thanks.

08-Jan-08 03:45 PM

Since you have the option at any time to "upgrade" to these versions, I
suspect MS is putting them in as preventive maintenance.

This is one of 3 (?) updates that will come out prior to SP1 that will be
released as prerequisites.

08-Jan-08 03:58 PM

Any reason none of these updates apply to my Vista Business 32bit system
with SP1RC?

08-Jan-08 04:06 PM

Appreciate the reply. That possibility crossed my mind, but for whatever
reason it just doesn't seem right to me.

Why then would the KB article specifically state that KB935509 only applies
to Ultimate & Enterprise if it was to be offered to Home Premium as well, in
light of possible future upgrades?

Suffice to say; I don't trust WU very much. It's already offered me "updated
drivers" for audio components that did not match my system...

08-Jan-08 05:19 PM

See below posted a few hours ago by PA BEAR - a quote from MS.

http://windowsvistablog.com/blogs/windowsvista/archive/2008/01/07/non-security-update-rolls-out-tomorrow-with-sp1-prereq.aspx

It might explain some - but not why you have been offered this update.
Stick it in the Hidden Folder in WINUPDATE Home until you feel you need it -
then at least you will not keep getting pestered to install.

Antioch

08-Jan-08 06:26 PM

Perhaps more significantly it also says
for versions of Windows Vista that include the Windows BitLocker
Drive Encryption feature

Do you have that feature on your OS?   If so, then your observation
might be explained as a simple documentation error.    ; )


To try to determine what is actually happening you could
activate verbose logging (ref.  KB902093)
and then trace the context with ProcMon.




Typically updates fail if their prerequisites or dependencies are missing.
Again, it might help to run the update with its verbose logging (if any)
to clarify exactly what it was trying to do and why it failed.   And again,
running  ProcMon  concurrently could help supplement the context
of any log messages.

If you have to install  Vista SP1 and that fails you could then take another
look at this one:

Note This software update is a prerequisite for Windows Vista Service Pack 1 (SP1).
This update helps improve reliability when you install or remove Windows Vista SP1.


Good luck

Robert Aldwinckle
---



...

09-Jan-08 08:08 AM

Had to look around a bit, but, interested parties who may also have been
erroneously offered KB935509 please see the replies here:

http://windowshelp.microsoft.com/communities/newsgroups/en-us/default.mspx?dg=microsoft.public.windowsupdate&tid=8ee104d5-3dcc-4ddd-9f59-5f2bb00accb9&p=1

It appears that those not running Vista Ultimate or Vista Enterprise should
not have been offered KB935509, but, supposedly, even installing it on
non-applicable systems will have no negative impact. That's what they say
anyway.

I can confirm that WU is no longer offering KB935509 for my Vista Home
Premium system.

Guess I'll go ahead with other Updates and hope that I'm not negatively
impacted by these updates as some others seem to have been. Fingers crossed.

Thanks to all who responded to my initial inquiry.

10-Jan-08 03:17 AM

Thanks - I have now done so.  To be honest I did not know where to start!


Neil

12-Jan-08 05:24 AM

n
d

n,

sdfdasfasdf

09-Jan-08 09:07 PM

Crossposting eliminated.

[<psst> Donna crossposted the original message to Security.Virus,
Security.HomeUsers, Win2K Security, Windows Update, and WinXP General
newsgroups.]
--
~PA Bear

14-Jan-08 10:37 AM

We have about 10 Vista machines her running Vista 32 bit Enterprise.

After the patches, every Vista machine now takes over 3 minutes to login.
It previously took about 40 seconds.

Also, opening up MMC's now take minutes instead of seconds and some database
programs take minutes to open up each record.

Trying to get WSUS to uninstall but having difficulty doing that too.

Robert

14-Jan-08 10:56 AM

Next time. Wait until any MS OS is version II or later before using it.



--
http://www.bootdisk.com/