Microsoft has issued its July security update
Microsoft issues monthly security pack
/v3-uk/news/1978430/microsoft-issues-monthly-security-pack
09 Jul 2008, Shaun Nichols , V3
Microsoft has issued the July edition of its monthly Patch Tuesday security update.
Four bulletins address nine software vulnerabilities in various components of Windows, Outlook and Exchange Server.
Each bulletin carries a maximum security rating of 'important', marking the first time since March 2007 that Microsoft has not issued a 'critical' security fix in its monthly update.
The first bulletin addresses a pair of flaws in Windows DNS which could allow an attacker to reroute web traffic.
Another update addresses a flaw in Windows Explorer which could allow an attacker to remotely take control of a targeted system.
Microsoft also fixed two vulnerabilities in Exchange Server 2003 and 2007 which could be exploited by an attacker to gain elevated privileges on a server.
The fourth bulletin addresses four vulnerabilities in SQL components for Windows 2000, Server 2003, 2007 and 2008. The most severe could allow an attacker to remotely execute code on a targeted system.
A flaw in an ActiveX control for Office was not patched in the update. Microsoft is still investigating the attacks and has not yet said when a fix will be released.
Dave Marcus, director of security research and communications at McAfee, insisted that, despite the low risk of the patched flaws, administrators should still install the update as normal.
"July offers a summer break for patching and, although this is a minor patch, McAfee encourages all customers to update according to their risk management strategy and protect the integrity of their systems and data," he said.
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
Problems with the patch?
I have just installed the latest XP updates on two machines. After installation, both machines refused to connect to the internet via Internet Explorer. One machine is connected to Logmein and this also refused to connect. I restored the computers back to before the upate and they are okay again. Could this be a problem with the patch?
Posted by Terry, 09 Jul 2008
July updates problem
After installing Windows Updates for July, my computer would not connect to the internet. Going back to a previous Restore Point cured the problem. Can install the sql server update ok, but tried the others again with no success.
Posted by Diane, 09 Jul 2008
XP Security Update
I have just done the same today, no internet connection after download. System restore to yesterday got me back online.
Posted by Ian, Yorkshire, 09 Jul 2008
Same for me
I had the same problem as Shaun. Installed the update on my desktop, with XP SP2. When that seemed to block access to my internet, I fired up my laptop (XP SP3) to see if that worked. It worked fine, until I shut it off again. I had forgotten that I had it set for automatic Win Update Install. After rebooting with the new software, it also was blocked from the internet. Like the previous poster, I uninstalled the update, and am now working again.
Posted by Grandma Vegas, 10 Jul 2008
Bad Patch conflict with zone alarm
Microsoft DNS patch KB951748 incompatible with Zonealarm Jul 09 2008 06:24PM
KB951748
http://www.securityfocus.com/archive/1/494108
Microsoft DNS patch KB951748 incompatible with Zonealarm Jul 09 2008 06:24PM
Pages-Web.com - Services internet (info pages-web com)
The latest auto update patch KB951748 (Windows all versions) cuts
connectivity for all users with ZoneAlarm set to 'high' security for the
internet zone
Workaround :
- Uninstall KB951748
- shutdown ZoneAlarm
- temporarily set ZoneAlarm 'security level' to medium
Posted by Dennis, 10 Jul 2008
Windows Update Fault
I too installed Microsoft's latest updates (July) and have experienced the same problem as Shaun Nichols, my PC would no longer connect to the internet nor would oulook express collect emails. I have now reported this issue to Microsoft.
Posted by Leon, 10 Jul 2008