Fixlet Site - EnterpriseSecurity
Current Version: 1019	Published: Wed, 09 Jul 2008 23:46:03  GMT

New Fixlets:
============

***************************************************************
Title: MS08-037: Vulnerabilities in DNS Could Allow Spoofing - DNS Server - Windows 2000 SP4
Severity: Important
Fixlet ID: 803701
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx

Fixlet Description: Microsoft has released a security update that resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

***************************************************************
Title: MS08-037: CORRUPT PATCH - Windows 2000 SP4
Severity: Important
Fixlet ID: 803702
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx

***************************************************************
Title: MS08-037: Vulnerabilities in DNS Could Allow Spoofing - DNS Client - Windows XP SP2/SP3
Severity: Important
Fixlet ID: 803703
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx

Fixlet Description: Microsoft has released a security update that resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

***************************************************************
Title: MS08-037: CORRUPT PATCH - Windows XP SP2/SP3
Severity: Important
Fixlet ID: 803704
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx

***************************************************************
Title: MS08-037: Vulnerabilities in DNS Could Allow Spoofing - DNS Server - Windows Server 2003 SP1/SP2
Severity: Important
Fixlet ID: 803707
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx

Fixlet Description: Microsoft has released a security update that resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

***************************************************************
Title: MS08-037: CORRUPT PATCH - Windows Server 2003 SP1/SP2
Severity: Important
Fixlet ID: 803708
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx

***************************************************************
Title: MS08-037: Vulnerabilities in DNS Could Allow Spoofing - DNS Server - Windows Server 2008
Severity: Important
Fixlet ID: 803711
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx

Fixlet Description: Microsoft has released a security update that resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

***************************************************************
Title: MS08-037: Vulnerabilities in DNS Could Allow Spoofing - DNS Client - Windows 2000 SP4
Severity: Important
Fixlet ID: 803715
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx

Fixlet Description: Microsoft has released a security update that resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

***************************************************************
Title: MS08-037: CORRUPT PATCH - Windows 2000 SP4
Severity: Important
Fixlet ID: 803716
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx

***************************************************************
Title: MS08-037: Vulnerabilities in DNS Could Allow Spoofing - DNS Client - Windows Server 2003 SP1/SP2
Severity: Important
Fixlet ID: 803717
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx

Fixlet Description: Microsoft has released a security update that resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

***************************************************************
Title: MS08-037: CORRUPT PATCH - Windows Server 2003 SP1/SP2
Severity: Important
Fixlet ID: 803718
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx

***************************************************************
Title: MS08-038: Vulnerability in Windows Explorer Could Allow Remote Code Execution - Windows Vista Gold/SP1
Severity: Important
Fixlet ID: 803801
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-038.mspx

Fixlet Description: Microsoft has released a security update that resolves a publicly reported vulnerability in Windows Explorer that could allow remote code execution when a specially crafted saved-search file is opened and saved. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS08-038: Vulnerability in Windows Explorer Could Allow Remote Code Execution - Windows Server 2008
Severity: Important
Fixlet ID: 803805
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-038.mspx

Fixlet Description: Microsoft has released a security update that resolves a publicly reported vulnerability in Windows Explorer that could allow remote code execution when a specially crafted saved-search file is opened and saved. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege - SQL Server 7.0 SP4/MSDE 1.0 SP4
Severity: Important
Fixlet ID: 804001
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx

Fixlet Description: Microsoft has released a security update that resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

***************************************************************
Title: MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege - SQL Server 2000 SP4/MSDE 2000 SP4 - Default MSSQLServer Instance - GDR Branch
Severity: Important
Fixlet ID: 804003
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx

Fixlet Description: Microsoft has released a security update that resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

Important Note: SQL Server 2000 and MSDE 2000 updates that are not completed successfully may leave services that depend on the SQL Server 2000 service or on the MSDE 2000 service in a stopped state after installation. Please schedule the update to occur at a time when a service interruption is acceptable.

***************************************************************
Title: MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege - SQL Server 2000 SP4/MSDE 2000 SP4 - Non-Default MSSQLServer Instance - GDR Branch
Severity: Important
Fixlet ID: 804004
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx

Fixlet Description: Microsoft has released a security update that resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

Important Note: SQL Server 2000 and MSDE 2000 updates that are not completed successfully may leave services that depend on the SQL Server 2000 service or on the MSDE 2000 service in a stopped state after installation. Please schedule the update to occur at a time when a service interruption is acceptable.

***************************************************************
Title: MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege - SQL Server 2000 SP4/MSDE 2000 SP4 - Default MSSQLServer Instance - QFE Branch
Severity: Important
Fixlet ID: 804005
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx

Fixlet Description: Microsoft has released a security update that resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

Important Note: SQL Server 2000 and MSDE 2000 updates that are not completed successfully may leave services that depend on the SQL Server 2000 service or on the MSDE 2000 service in a stopped state after installation. Please schedule the update to occur at a time when a service interruption is acceptable.

***************************************************************
Title: MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege - SQL Server 2000 SP4/MSDE 2000 SP4 - Non-Default MSSQLServer Instance - QFE Branch
Severity: Important
Fixlet ID: 804006
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx

Fixlet Description: Microsoft has released a security update that resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

Important Note: SQL Server 2000 and MSDE 2000 updates that are not completed successfully may leave services that depend on the SQL Server 2000 service or on the MSDE 2000 service in a stopped state after installation. Please schedule the update to occur at a time when a service interruption is acceptable.

***************************************************************
Title: MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege - SQL Server 2005 SP2 - Non-Default MSSQLServer Instance - GDR Branch
Severity: Important
Fixlet ID: 804007
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx

Fixlet Description: Microsoft has released a security update that resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

Important Note: SQL Server 2005 updates that are not completed successfully may leave services that depend on the SQL Server service in a stopped state after installation. Please schedule the update to occur at a time when a service interruption is acceptable.

***************************************************************
Title: MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege - SQL Server 2005 SP2 - Default MSSQLServer Instance - GDR Branch
Severity: Important
Fixlet ID: 804008
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx

Fixlet Description: Microsoft has released a security update that resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

Important Note: SQL Server 2005 updates that are not completed successfully may leave services that depend on the SQL Server service in a stopped state after installation. Please schedule the update to occur at a time when a service interruption is acceptable.

***************************************************************
Title: MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege - SQL Server 2005 SP2 - Non-Default MSSQLServer Instance - QFE Branch
Severity: Important
Fixlet ID: 804009
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx

Fixlet Description: Microsoft has released a security update that resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

Important Note: SQL Server 2005 updates that are not completed successfully may leave services that depend on the SQL Server service in a stopped state after installation. Please schedule the update to occur at a time when a service interruption is acceptable.

***************************************************************
Title: MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege - SQL Server 2005 SP2 - Default MSSQLServer Instance - QFE Branch
Severity: Important
Fixlet ID: 804010
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx

Fixlet Description: Microsoft has released a security update that resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

Important Note: SQL Server 2005 updates that are not completed successfully may leave services that depend on the SQL Server service in a stopped state after installation. Please schedule the update to occur at a time when a service interruption is acceptable.

***************************************************************
Title: MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege - SQL Server 2005 SP2 - Default MSSQLServer Instance - GDR Branch (x64)
Severity: Important
Fixlet ID: 804011
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx

Fixlet Description: Microsoft has released a security update that resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

Important Note: SQL Server 2005 update that are not completed successfully may leave services that depend on the SQL Server 2005 service in a stopped state after installation. Please schedule the update to occur at a time when a service interruption is acceptable.

***************************************************************
Title: MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege - SQL Server 2005 SP2 - Non-Default MSSQLServer Instance - GDR Branch (x64)
Severity: Important
Fixlet ID: 804012
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx

Fixlet Description: Microsoft has released a security update that resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

Important Note: SQL Server 2005 update that are not completed successfully may leave services that depend on the SQL Server 2005 service in a stopped state after installation. Please schedule the update to occur at a time when a service interruption is acceptable.

***************************************************************
Title: MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege - SQL Server 2005 SP2 - Default MSSQLServer Instance - QFE Branch (x64)
Severity: Important
Fixlet ID: 804013
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx

Fixlet Description: Microsoft has released a security update that resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

Important Note: SQL Server 2005 update that are not completed successfully may leave services that depend on the SQL Server 2005 service in a stopped state after installation. Please schedule the update to occur at a time when a service interruption is acceptable.

***************************************************************
Title: MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege - SQL Server 2005 SP2 - Non-Default MSSQLServer Instance - QFE Branch (x64)
Severity: Important
Fixlet ID: 804014
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx

Fixlet Description: Microsoft has released a security update that resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

Important Note: SQL Server 2005 update that are not completed successfully may leave services that depend on the SQL Server 2005 service in a stopped state after installation. Please schedule the update to occur at a time when a service interruption is acceptable.

***************************************************************
Title: MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege - Microsoft SQL Server 2000 Desktop Engine (WMSDE)
Severity: Important
Fixlet ID: 804020
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx

Fixlet Description: Microsoft has released a security update that resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

Important Note: Due to the complexity of the installation, this update must be completed manually.

***************************************************************
Title: MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege - Windows Internal Database (WYukon) SP2
Severity: Important
Fixlet ID: 804025
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx

Fixlet Description: Microsoft has released a security update that resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.

***************************************************************
Title: MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege - Windows Internal Database (WYukon) SP2 (x64)
Severity: Important
Fixlet ID: 804027
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx

Fixlet Description: Microsoft has released a security update that resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. After downloading and installing this update, affected computers will no longer be susceptible to these vulnerabilities. 

Important Note: There are known issues associated with the installation of this update. See the Known Issues section of the security bulletin for more information.