<<< SECURITY BULLETINS THIS MONTH>>>
![Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjVWEHNriBiYPzXk-vgDPwHLgmiXqqoZ_BdoNm0rTxa-ZYFnAw=s40-c)
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
http://www.microsoft.com/technet/security/Bulletin/ms04-oct.mspx
Critical Bulletins:
MS04-032 - Security Update for Microsoft Windows (840987)
http://www.microsoft.com/technet/security/Bulletin/ms04-032.mspx
MS04-033 - Vulnerability in Microsoft Excel Could Allow Code Execution
(886836)
http://www.microsoft.com/technet/security/Bulletin/ms04-033.mspx
MS04-034 - Vulnerability in Compressed (zipped) Folders Could Allow Code
Execution (873376)
http://www.microsoft.com/technet/security/Bulletin/ms04-034.mspx
MS04-035 - Vulnerability in SMTP Could Allow Remote Code Execution
(885881)
http://www.microsoft.com/technet/security/Bulletin/ms04-035.mspx
MS04-036 - Vulnerability in NNTP Could Allow Code Execution (883935)
http://www.microsoft.com/technet/security/Bulletin/ms04-036.mspx
MS04-037 - Vulnerability in Windows Shell Could Allow Remote Code
Execution (841356)
http://www.microsoft.com/technet/security/Bulletin/ms04-037.mspx
MS04-038 - Cumulative Security Update for Internet Explorer (834707)
http://www.microsoft.com/technet/security/Bulletin/ms04-038.mspx
Important Bulletins:
MS04-029 - Vulnerability in RPC Runtime Library Could Allow Information
Disclosure and Denial of Service (873350)
http://www.microsoft.com/technet/security/Bulletin/ms04-029.mspx
MS04-030 - Bulletin Title Vulnerability in WebDAV XML Message Handler
Could Lead to a Denial of Service (824151)
http://www.microsoft.com/technet/security/Bulletin/ms04-030.mspx
MS04-031 - Vulnerability in NetDDE Could Allow Remote Code Execution
(841533)
http://www.microsoft.com/technet/security/Bulletin/ms04-031.mspx
Re-Released Bulletins:
MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code
Execution (833987)
http://www.microsoft.com/technet/security/Bulletin/ms04-028.mspx
This represents our regularly scheduled monthly bulletin release (second
Tuesday of each month). Please note that Microsoft may release bulletins
out side of this schedule if we determine the need to do so.
--
http://www.sbslinks.com/really.htm
http://www.msmvps.com/bradley
http://www.threatcode.com
[let's get vendors to step up to the plate too]
https://www.ecora.com/ecora/jump/pm99.asp
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
I use the critical rating to determine timing of application.
All of these patches that you see here have been tested on SBS systems.
If you like... wait just a bit... say a week. Those that have test beds
will report back issues.
I'll blog about my risk analysis and procedures on my blog tonight:
http://www.msmvps.com/bradley
Adam wrote:
> Do most of you apply the critical updates from Microsoft on your SBS 2003? I
> have been a little apprehensive, thinking they may break some component.
![Kevin Weilbacher [SBS-MVP]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
Kevin Weilbacher [SBS-MVP]
- DO install the WU critical updates
- DON'T install the other WU recommended updates
- Definitely DON'T install the WU reconmmend driver updates
- DO check these newsgroups regularly after a published critical patch is
released
- DON'T assume that WU will report all critical patches - it doesn't
- DO use alternate solutions for determining required updates (HFNetChkPro,
SUS, MBSA, etc.)
- DON'T think that because you don't check for updates that you are
protected -- you're not!
--
Kevin Weilbacher [SBS-MVP]
"The days pass by so quickly now, the nights are seldom long"
"Adam" <Ad...@discussions.microsoft.com> wrote in message
news:D0F10595-1282-45AB...@microsoft.com...
> Do most of you apply the critical updates from Microsoft on your SBS 2003?
> I
> have been a little apprehensive, thinking they may break some component.
>
> "Susan Bradley, CPA aka Ebitz - SBS Rocks" wrote:
>
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
http://msmvps.com/bradley/archive/2004/10/12/15669.aspx
I don't WU drivers on my systems. Only critical security patches.
Kevin Weilbacher [SBS-MVP]
1. DON'T think that because you DON'T check for updates that you are
protected -- you're not!
2. DON'T think that because you DO check for updates that you are
protected -- you're not!
--
Kevin Weilbacher [SBS-MVP]
"The days pass by so quickly now, the nights are seldom long"
"SuperGumby [SBS MVP]" <n...@your.nellie> wrote in message
news:eJ$gNfRsE...@TK2MSFTNGP10.phx.gbl...
> just throwin' it into the wild.
>
> Kevin didn't really mean to say this.
>> - DON'T think that because you don't check for updates that you are
>> protected -- you're not!
> maybe it would make more sense if the 2nd occurrence of the word 'don't'
> was removed.
>