Microsoft (securitynotifications@e-mail.microsoft.com)
Sent:
Wed 4/21/10 6:09 PM
To:
paindoctor@hotmail.com
******************************************************************** Title: Microsoft Security Bulletin Major Revision Issued: April 21, 2010 ********************************************************************
Summary ======= The following bulletins have undergone a major revision increment. Please see the appropriate bulletin for more details.
* MS10-025 - Critical
Bulletin Information: =====================
* MS10-025 - Critical
- http://www.microsoft.com/technet/security/bulletin/ms10-025.mspx - Reason for Revision: V2.0 (April 21, 2010): Revised bulletin to inform customers that the original security update did not protect systems from the vulnerability described in this bulletin. Microsoft recommends that customers apply one of the workarounds described in this bulletin to help mitigate the impact to affected systems until a revised security update is made available. - Originally posted: April 13, 2010 - Updated: April 21, 2010 - Bulletin Severity Rating: Critical - Version: 2.0
Other Information =================
Recognize and avoid fraudulent e-mail to Microsoft customers: ============================================================= If you receive an e-mail message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious Web sites. Microsoft does not distribute security updates via e-mail.
To receive automatic notifications whenever Microsoft Security Bulletins and Microsoft Security Advisories are issued or revised, subscribe to Microsoft Technical Security Notifications on http://www.microsoft.com/technet/security/bulletin/notify.mspx.
******************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ********************************************************************
To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at the Microsoft.com web site <http://www.microsoft.com/misc/unsubscribe.htm>. You can manage all your Microsoft.com communication preferences at this site.
The bulletin you cited only applies to users running Windows 2000 Server (Service Pack 4). Is that what you have? If not, you have nothing to about which to be concerned: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability described in this bulletin.
And if you are in fact running win2000 Server SP4, keep in mind that: By default, Windows Media Services is not enabled on Microsoft Windows 2000 Server. In order for a Microsoft Windows 2000 Server to be vulnerable, the server would have to be configured as a streaming media server by adding the Windows Media Services component in the Windows Components Wizard.
Given these stipulations, are you actually impacted by this vulnerability?
ky331, In the bulletin, I thought it did not exclude XP. I have a VPN that is connected to CITRIX and a Windows server. Is this a danger? If, indeed, XP is excluded, I am greatly relieved.
All I know is what I see on that page... Under the heading
Affected and Non-Affected Software
it clearly indicates that Microsoft Windows 2000 Server Service Pack 4 is affected, but that
Windows XP Service Pack 2 ; Windows XP Service Pack 3 ; Windows XP Professional x64 Edition Service Pack 2 are non-affected.
So unless I'm grossly misreading (or misinterpreting) something, your XP should be okay.
Did you use Windows (or Automatic) Updates to determine which updates were actually needed/applicable for your particular system? Does your installation history show that you installed this update???
Did you use Windows (or Automatic) Updates to determine which updates were actually needed/applicable for your particular system? Does your installation history show that you installed this update???
Yes I did. The original update of April 13, referred to in the bulletin, did automatically appear.and download. So, as the Shadow sais, "Who knows what evil lurks..."
Thanks for your sympathy. I still think the security alert may have included all versions of Windows, At least I now know where the edit button is. I did not look for labels with the pointer, but I should have done so. I am not yet comfortable with the improved forum. I guess old habits are hard to change.
Gosh, I thought it was just I who longed for the forums of old. Navigating thoough this new and unimproved forum format is frustrating anf time consuming.
You are all quite right. On a communication to me, the revision refers only to the server 2000. I have no idea why I got a security update download, but my system is probably secure.
ky331
3 Apprentice
•
15.6K Posts
0
April 23rd, 2010 12:00
Lawrence,
Can you give us a link to the particular security alert/bulletin, so that we can know exactly what you're referring to?
Dr. Lawrence Ho
2 Intern
•
2K Posts
0
April 23rd, 2010 13:00
ky331
3 Apprentice
•
15.6K Posts
0
April 23rd, 2010 13:00
The bulletin you cited only applies to users running Windows 2000 Server (Service Pack 4). Is that what you have? If not, you have nothing to about which to be concerned: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability described in this bulletin.
And if you are in fact running win2000 Server SP4, keep in mind that: By default, Windows Media Services is not enabled on Microsoft Windows 2000 Server. In order for a Microsoft Windows 2000 Server to be vulnerable, the server would have to be configured as a streaming media server by adding the Windows Media Services component in the Windows Components Wizard.
Given these stipulations, are you actually impacted by this vulnerability?
Dr. Lawrence Ho
2 Intern
•
2K Posts
0
April 23rd, 2010 14:00
ky331, In the bulletin, I thought it did not exclude XP. I have a VPN that is connected to CITRIX and a Windows server. Is this a danger? If, indeed, XP is excluded, I am greatly relieved.
ky331
3 Apprentice
•
15.6K Posts
0
April 23rd, 2010 15:00
Lawrence,
All I know is what I see on that page... Under the heading
Affected and Non-Affected Software
it clearly indicates that Microsoft Windows 2000 Server Service Pack 4 is affected, but that
Windows XP Service Pack 2 ; Windows XP Service Pack 3 ; Windows XP Professional x64 Edition Service Pack 2 are non-affected.
So unless I'm grossly misreading (or misinterpreting) something, your XP should be okay.
Did you use Windows (or Automatic) Updates to determine which updates were actually needed/applicable for your particular system? Does your installation history show that you installed this update???
Dr. Lawrence Ho
2 Intern
•
2K Posts
0
April 23rd, 2010 16:00
Yes I did. The original update of April 13, referred to in the bulletin, did automatically appear.and download. So, as the Shadow sais, "Who knows what evil lurks..."
Dr. Lawrence Ho
2 Intern
•
2K Posts
0
April 23rd, 2010 16:00
I can't find an edit button. SAYS.
ky331
3 Apprentice
•
15.6K Posts
0
April 23rd, 2010 17:00
the EDIT button is the "pencil", toward the lower left of your posts, next to the yellow triangle with exclamation point.
not sure what else to say here... perhaps someone else has another thought. don't know why you'd have received that update, if you're running XP
Bugbatter
3 Apprentice
•
20.5K Posts
0
April 23rd, 2010 21:00
http://blogs.technet.com/msrc/archive/2010/04/23/update-on-ms10-025.aspx
Dr. Lawrence Ho
2 Intern
•
2K Posts
0
April 24th, 2010 11:00
Thanks for your sympathy. I still think the security alert may have included all versions of Windows, At least I now know where the edit button is. I did not look for labels with the pointer, but I should have done so. I am not yet comfortable with the improved forum. I guess old habits are hard to change.
Dr. Lawrence Ho
2 Intern
•
2K Posts
0
April 24th, 2010 12:00
I Emailed tech suopport at Microsoft. I will post the answer when it comes.
ky331
3 Apprentice
•
15.6K Posts
0
April 24th, 2010 14:00
"the improved forum..."
NEW? yes!
improved? ha ha ha
Dr. Lawrence Ho
2 Intern
•
2K Posts
0
April 25th, 2010 11:00
Gosh, I thought it was just I who longed for the forums of old. Navigating thoough this new and unimproved forum format is frustrating anf time consuming.
Bugbatter
3 Apprentice
•
20.5K Posts
0
April 25th, 2010 14:00
Dr. Lawrence Ho
2 Intern
•
2K Posts
0
April 27th, 2010 12:00
You are all quite right. On a communication to me, the revision refers only to the server 2000. I have no idea why I got a security update download, but my system is probably secure.