Fixlet Site - EnterpriseSecurity Current Version: 918 Published: Thu, 08 Nov 2007 00:30:25 GMT *************************************************************** Title: 941412: Daylight Savings Time Update for Sharepoint Services 2.0 SP2 - Windows Server 2003 Severity: Fixlet ID: 94141201 Fixlet Link: http://support.microsoft.com/kb/941412/ Fixlet Description: Microsoft has released a hotfix rollup package that contains multiple software updates for Sharepoint Services 2.0 SP2 including an update to accomodate the New Zealand government's announcement that the daylight saving time (DST) dates have changed for New Zealand in 2007. To comply with the DST changes, you must update both Windows SharePoint Services 2.0 and the operating system that you are using. *************************************************************** Title: 941412: Daylight Savings Time Update for Windows Sharepoint Services 2.0 SP2 - Windows Server 2003 (x64) Severity: Fixlet ID: 94141203 Fixlet Link: http://support.microsoft.com/kb/941412/ Fixlet Description: Microsoft has released a hotfix rollup package that contains multiple software updates for Sharepoint Services 2.0 SP2 including an update to accomodate the New Zealand government's announcement that the daylight saving time (DST) dates have changed for New Zealand in 2007. To comply with the DST changes, you must update both Windows SharePoint Services 2.0 and the operating system that you are using. *************************************************************** Title: 944653: Vulnerability in Macrovision SECDRV.SYS Driver on Windows Could Allow Elevation of Privilege - Windows XP/2003 Severity: Fixlet ID: 94465301 Fixlet Link: http://www.microsoft.com/technet/security/advisory/944653.mspx Fixlet Link: http://www.macrovision.com/promolanding/7352.htm Fixlet Description: Microsoft is working with Macrovision, investigating new public reports of a vulnerability in the Macrovision secdrv.sys driver on supported editions of Windows Server 2003 and Windows XP. An attacker with local access to a system could successfully exploit this vulnerability to gain elevation of privilege on an affected system. Macrovision has released a driver update that addresses this vulnerability. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability. Important Note: Client machines may briefly display a dialog box during action execution. If the cancel button is pressed on this dialog box, the action may fail. To prevent this behavior, you may want to deploy this action with the user constraint "Run only when no user is present" or display a message box before action execution instructing the user not to press the cancel button. Important Note: Follow the link for the 'Macrovision SECDRV.SYS Driver' download on this page or below. The file "SECDRVSYS.ZIP" must be downloaded and extracted manually. The extracted file "SECDRV.SYS" must be renamed "bbc51c66f57cbdb0f30a7365f00d9462f4a95156", and the extracted file "SecDrv.inf" must be renamed "02982e7ce7ccf82751204e605d187a0a0cbfc97e"; and both placed in the BES Server download cache for this action to complete successfully. For more information about manually caching file downloads on the BES Server, please see the following BigFix Support Knowledge Base article. *************************************************************** Title: 944653: Vulnerability in Macrovision SECDRV.SYS Driver on Windows Could Allow Elevation of Privilege - Windows XP/2003 (x64) Severity: Fixlet ID: 94465302 Fixlet Link: http://www.microsoft.com/technet/security/advisory/944653.mspx Fixlet Link: http://www.macrovision.com/promolanding/7352.htm Fixlet Description: Microsoft is working with Macrovision, investigating new public reports of a vulnerability in the Macrovision secdrv.sys driver on supported editions of Windows Server 2003 and Windows XP. An attacker with local access to a system could successfully exploit this vulnerability to gain elevation of privilege on an affected system. Macrovision has released a driver update that addresses this vulnerability. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability. Important Note: Client machines may briefly display a dialog box during action execution. If the cancel button is pressed on this dialog box, the action may fail. To prevent this behavior, you may want to deploy this action with the user constraint "Run only when no user is present" or display a message box before action execution instructing the user not to press the cancel button. Important Note: Follow the link for the 'Macrovision SECDRV.SYS Driver' download on this page or below. The file "SECDRVSYS.ZIP" must be downloaded and extracted manually. The extracted file "SECDRV.SYS" must be renamed "bbc51c66f57cbdb0f30a7365f00d9462f4a95156", and the extracted file "SecDrv.inf" must be renamed "02982e7ce7ccf82751204e605d187a0a0cbfc97e"; and both placed in the BES Server download cache for this action to complete successfully. For more information about manually caching file downloads on the BES Server, please see the following BigFix Support Knowledge Base article.