FYI...

- http://www.microsoft.com/technet/security/...n/ms08-jul.mspx
July 8, 2008 - "This bulletin summary lists security bulletins released for July 2008...

Important (4)

Microsoft Security Bulletin MS08-040
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
- http://www.microsoft.com/technet/security/...n/ms08-040.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows, Microsoft SQL Server...

Microsoft Security Bulletin MS08-038
Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
- http://www.microsoft.com/technet/security/...n/ms08-038.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-037
Vulnerabilities in DNS Could Allow Spoofing (953230)
- http://www.microsoft.com/technet/security/...n/ms08-037.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Spoofing...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-039
Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
- http://www.microsoft.com/technet/security/...n/ms08-039.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows...

---

ISC Analysis
- http://isc.sans.org/diary.html?storyid=4684
Last Updated: 2008-07-08 18:22:23 UTC
.

FYI...

- http://isc.sans.org/diary.html?storyid=4684
Last Updated: 2008-07-09 08:21:40 UTC ...(Version: 3)
"...MS08-037 - Windows DNS ...ZoneAlarm users report* trouble with their firewall set to "high" for the Internet zone..."
* http://forums.zonealarm.com/zonelabs/board...mp;message.id=6
07-08-2008 03:51 PM - "...We are investigating the issue with the MS update KB951748**. For the time being we suggest you uninstall KB951748 until the issue has been resolved. We will post when we have more information..."
** http://support.microsoft.com/?kbid=951748
MS08-037 ...Windows XP... (client side)

//

This post has been edited by AplusWebMaster: Jul 9 2008, 01:13 PM

Updated / CVE references:

- http://isc.sans.org/diary.html?storyid=4684
Last Updated: 2008-07-09 08:21:40 UTC ...(Version: 3)

MS08-037: Windows DNS
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1454

MS08-038: Windows explorer / Vista
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1435
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0951

MS08-039: Exchange server
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2247
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2248

MS08-040: SQL server
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0085
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0086
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0106
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0107

//

FYI...

- http://isc.sans.org/diary.html?storyid=4747
Last Updated: 2008-07-17 18:48:22 UTC - "Microsoft has issued a "Security Bulletin Major Revision" involving its DirectX products. These revisions include the following two previously released bulletins and particularly affect administrative users as the resulting compromise allows the attacker to gain user rights.

MS08-033* - Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) is rated as -critical- and states that DirectX 9.0 was added as affected software. This vulnerability can be exploited through a specially crafted media file.
* http://www.microsoft.com/technet/security/...n/MS08-033.mspx
Updated: July 16, 2008 - Version: 2.0

MS07-064** - Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) is also rated -critical- and has been updated to reflect DirectX 9.0 and 9.0a as affected software. This vulnerability can be exploited through a specially crafted media file via streaming."
** http://www.microsoft.com/technet/security/...n/ms07-064.mspx
Updated: July 16, 2008 - Version: 3.0

FYI...

- http://securitylabs.websense.com/content/Alerts/3139.aspx
07.23.2008 - "...At time of this alert, an exploit targeting this flaw has been added to Metasploit, an open source penetration testing tool that is free and publicly available. The US-CERT advisory also makes the several important “DNS best practices” recommendations. Please reference the advisory for complete details. http://www.kb.cert.org/vuls/id/800113 "

- http://www.microsoft.com/technet/security/...n/MS08-037.mspx
Revisions
• V2.1 (July 23, 2008): Affected Software table revised to add MS06-064, MS07-062, and MS08-001 as bulletins replaced by this update.

//