Out of band security patch today!

[Bill Sanderson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Microsoft Security Bulletin Advance Notification for October 2008
Issued: October 22, 2008
********************************************************************

This is an advance notification of an out-of-band security bulletin that
Microsoft is intending to release on October 23, 2008.

The full version of the Microsoft Security Bulletin Advance Notification for
October 2008 can be found at
http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx.

This bulletin advance notification will be replaced with the revised October
bulletin summary on October 23, 2008. The revised bulletin summary will
include the out-of-band security bulletin as well as the security bulletins
already released on October 14, 2008.

For more information about the bulletin advance notification service, see
http://www.microsoft.com/technet/security/Bulletin/advance.mspx.

To receive automatic notifications whenever Microsoft Security Bulletins are
issued, subscribe to Microsoft Technical Security Notifications on
http://www.microsoft.com/technet/security/bulletin/notify.mspx.

Microsoft will host a webcast to address customer questions on this
out-of-band security bulletin on October 23, 2008, at 1:00 PM Pacific Time
(US & Canada). Register for this out-of-band Security Bulletin Webcast at
http://www.microsoft.com/technet/security/bulletin/summary.mspx.

Microsoft also provides information to help customers prioritize monthly
security updates with any non-security, high-priority updates that are being
released on the same day as the monthly security updates. Please see the
section, Other Information.

This advance notification provides the software subject as the bulletin
identifier, because the official Microsoft Security Bulletin numbers are not
issued until release. The bulletin summary that replaces this advance
notification will have the proper Microsoft Security Bulletin numbers (in
the MSyy-xxx format) as the bulletin identifier. The security bulletins for
this month are as follows, in order of severity:


Critical Security Bulletin
============================

Windows Bulletin

- Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2 and
Windows XP Service Pack 3
- Windows XP Professional x64 Edition and
Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1 and
Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition and
Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems and
Windows Server 2003 with SP2 for Itanium based Systems
- Windows Vista and
Windows Vista Service Pack 1
- Windows Vista x64 Edition and
Windows Vista x64 Edition Service Pack 1
- Windows Server 2008 for 32-bit Systems
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems

- Impact: Remote Code Execution
- Version Number: 1.0


Other Information
=================

Non-Security, High-Priority Updates on MU, WU, and WSUS:
========================================================
For information about non-security releases on Windows Update and Microsoft
update, please see:
* http://support.microsoft.com/kb/894199: Microsoft Knowledge Base
Article 894199, Description of Software Update Services and
Windows Server Update Services changes in content for 2008.
Includes all Windows content.
* http://technet.microsoft.com/en-us/wsus/bb466214.aspx: New,
Revised, and Released Updates for Microsoft Products Other Than
Microsoft Windows

Recognize and avoid fraudulent e-mail to Microsoft customers:
=============================================================
If you receive an e-mail message that claims to be distributing a Microsoft
security update, it is a hoax that may contain malware or pointers to
malicious Web sites. Microsoft does not distribute security updates via
e-mail.

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all
security notifications. However, PGP is not required for reading security
notifications, reading security bulletins, or installing security updates.
You can obtain the MSRC public PGP key at
https://www.microsoft.com/technet/security/bulletin/pgp.mspx.

To receive automatic notifications whenever Microsoft Security Bulletins are
issued, subscribe to Microsoft Technical Security Notifications on
http://www.microsoft.com/technet/security/bulletin/notify.mspx.

********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS"
WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER
EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT
APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.9.0 (Build 397)
Charset: utf-8

wsFVAwUBSP/4MFKuubOIpnsTAQI0ahAAj6r/fZpWPEJlIAk1+KWvHE3xeOr6f5/Z
cDS8VZqYq/ktHJ5KsOALuxTtixO/mFA6c9OTJTNJCQ2MhVecgHttX58MmgdR9svs
ybnywOCJkiJ4vwpWzbnpCvC9uheMuCLPOAeaTbtqvz+05wCvB6Ka1C4caML2JTHX
mw38NHPfEMIIQT5cFcs1g1b6ekQTWaef1zSRxYl+tdEEo7j1zQI29an7nEiEl/QO
dM+JSLuXDl49hntJhQObren4kj4V97mPZmbNGG+9Lj1UpiWkfqdsquhzXgKVlhft
zvFuKNz9C2ROI+q1nVgf28yayKUDZm1DBZgyYrgI1kEj6QuJ4nTeCOE1x+q3Zn8r
Qb+Ym0dmsLyOAhxbUcxPjhOjJeuiLmq7Z7LQp4+hA9SCEusu1oJVzZCoRPSRPDOe
y1O94KLmhvQPMnvtBVk+FEpDmE/eAmIVHVSh+esJ0GjNpahtia9+jWrngBAksNtw
ePtwiyLnEVbSA1C99roCkC4uOBL8smuuOMN2KUnKHK7Y9gEp30Dx/3JuALSjCmaG
BKzZr4PIsjv8MmKYpRp+r3FjZg0OCHc6Vp4XjZOa9RjBWBMeY3MAIcbaTwJXF5zQ
EGB6x08j9WzgrTumRs5C0OXoCpiZdtV7Op93h/lvrZGMGbiAGPgYp/pmdTr/bf4s
V+1lO1yCC7E=
=vVcQ
-----END PGP SIGNATURE-----


To cancel your subscription to this newsletter, reply to this message with
the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at the
Microsoft.com web site <http://www.microsoft.com/misc/unsubscribe.htm>. You
can manage all your Microsoft.com communication preferences at this site.

Legal Information <http://www.microsoft.com/info/legalinfo/default.mspx>.

This newsletter was sent by the Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052

 

[Engel]

Hi Bill,

There are here:

Security Update for Windows Vista (KB958644)
Definition Update for Windows Defender - KB915597 (Definition 1.45.1012.0)

Thank you
-=-

 

[Anonymous Bob]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Microsoft Security Bulletin Advance Notification for October 2008
Issued: October 22, 2008
********************************************************************

Installed on W2K and Xp Pro with no problems to report.

 

[Bill Sanderson]

I'm having trouble getting it onto the only Windows 2000 server I have left
to work with. Otherwise, no problems at all except those pesky users who
insist on working until the end of the working day, and who I don't feel
like blowing out of the water with a reboot!

 

[Alan D]

My installation was unusual insofar as it installed OK but the machine (XP
SP2) wouldn't reboot at the first try. So I shut it down and tried again and
it seems fine now.

Just another mystery to file along with the Marie Celeste, the Yeti, and
UFOs.

 

[Bill Sanderson]

That's going to be a thick file!

(One school of thought about patching is that you should always reboot
BEFORE patching just to be sure that you've eliminated other causes for that
issue. I'm not sure I know anyone who actually does this, but it isn't a
bad idea.)



--

 

[Alan D]

(One school of thought about patching is that you should always reboot
BEFORE patching just to be sure that you've eliminated other causes for
that issue. I'm not sure I know anyone who actually does this, but it
isn't a bad idea.)

On this occasion, installing the patch was the first thing I did after
switching on, so effectively I suppose I'd done what you suggest, Bill. My
guess is that the failure was as likely to be coincidence as not, and that
this was just one of those occasional instances when Windows gets itself
into a tangle during boot up. Either that, or my computer was momentarily
interfered with by ghostly alien Yetis who'd beamed down, leaving behind
their mysteriously deserted UFO.

 

[Bill Sanderson]

I'd be hard pressed to give precise probability figures for those
alternatives....
<G>

 

[robinb]

it is interesting that MS issued an out of sequence security update
This one must be a real biggy
robin

 

[Stu]

Naa!! I detect a touch of Sigourney Weaver creepeing in here.. UFO? Aliens?

Stu

 

[Stu]

Even worse !! .. Microsoft? ... <just kidding>

Stu

 

[Engel]

Hello Stu,

Ninjas may have broken into your house in the dead of night, and replaced
your processor and motherboard with a secret replacement system that
captures everything you do, compresses it 500% (by the simple expedient of
zipping it over and over), and sends it back to their flying island
headquarters where squadrons of highly trained hedgehogs analyse the data
for credit card information.

Disclaimer: the above is my personal opinion and is not the opinion of my
employer, my wife, or the hundreds of little green men that have been
following me all day.

Squawking Mode 3 code 0000

Ǝиçεl
-=-

PS
Stu, need a break - take a look at this :

The Movie 405
http://www.405themovie.com/download405.asp

 

[Bill Sharpe, BullDawg]

Black Helicopters?

BullDawg

Hello Stu,

Ninjas may have broken into your house in the dead of night, and replaced
your processor and motherboard with a secret replacement system that
captures everything you do, compresses it 500% (by the simple expedient of
zipping it over and over), and sends it back to their flying island
headquarters where squadrons of highly trained hedgehogs analyse the data
for credit card information.

Disclaimer: the above is my personal opinion and is not the opinion of my
employer, my wife, or the hundreds of little green men that have been
following me all day.

Squawking Mode 3 code 0000

??ç?l
-=-

PS
Stu, need a break - take a look at this :

The Movie 405
http://www.405themovie.com/download405.asp

 

[Alan D]

Utterly convincing, particularly the hedgehog part. It's a little known fact
that hedgehogs are chosen for this task not for their analytical skills, but
because of their bravery - most other animals being spineless.

 

[Bill Sanderson]

Indeed. That fact alone (aside from Engel's usual reputation for veracity,
authenticity, and general tenacity) made it clear to me that he is in the
know--and has the true facts.

 

[Engel]

Hi Bill,

FYI

I was feeling down until I read your post, and that make me feel much better.

Thank you.



Ǝиçεl
-=-

 

[Engel]

Hi BullDawg,

Black Helicopters?

Naw, Only the transponder requirements

FAR 91.215 Transponder Requirements
MODE 3 - civilian usage
CODE 0000 block, has some general usage in the system



--Any airborne aircraft with a transponder is required to have it on. Mode
C, if available, must be used.

--VFR use requires that Mode C be on when within 30 nautical miles of the
primary airport of Class B airspace. See Sectional.

--Mode C is required in Class B airspace, and positive control areas (above
18,000'),

--Mode C is required in Class C airspace and above the lateral limits of the
Class C airspace to 10,000'.

--Mode C is required above 12,500', below a positive control area (Classes B
and C) if over 2,500' above ground level.

--Mode C is also required within 10 nm or airports at Billings, Montana, and
Fargo, North Dakota. (Trivia question)
MODE 1 - military usage
MODE 2 - military usage
MODE 3 - civilian usage
MODE 3/A basic 4,096 code equipment
MODE 3/B not used
MODE 3/C altitude encoder equipment
MODE 4 - military usage

Then there is the occasional older aircraft that will waddle through the
system with the old 64 code MARK "X" or
MODE "X" box.

MODE 3A
CODE 1200 through code 1267 are VFR with the vast majority of aircraft
simply using 1200.


Codes 1270 through 1277 are allocated to Govt. agencies for use as a
ground/surface based alignment of radar systems. These reply on the assigned
discrete code 3/A and a special 3/C return not associated with the elevation
of the target.

CODE 0000 block has some general usage in the system
CODE 0100 through 0700 are allocated for terminal radar approach control use.
CODE 1000 through 7400 are allocated by ARTCCs.
CODE 7500 = hijack
CODE 7600 = radio failure (NORDO)
CODE 7700= emergency.

MODE 3/C - Altitude encoded signals transmit down to the ground based on as
altimeter reading of 29.92. Upon receipt of the signal the ATC computer
converts the 29.92 value to actual altimeter setting for the computer area
concerned. The computer transmits in 100-foot increments only.

If ATC shows you at 1,500 feet MSL, your aircraft would continue to transmit
that value so long as you operated not lower then 1,450 feet and not higher
then 1,549 feet.
-=-


Ǝиçεl
-=-

 

[Bill Sanderson]

Great! - I'm happy 'cause the Phillies won last night, and I'm still trying
to decode your response to BullDawg.