An ordinary guy trying to make a difference
Summary The following bulletins have undergone a minor revision increment. Please see the appropriate bulletin for more details. * MS07-047 - Important * MS07-046 - Critical * MS07-045 - Critical * MS07-044 - Critical
Bulletin Information: * MS07-047 - Important - http://www.microsoft.com/technet/security/bulletin/ms07-047.mspx - Reason for Revision: V1.1 (August 29, 2007): Bulletin revised to correct Registry Key Verification for Windows Media Player 7.1, 9, 10, and 11 on supported editions of Windows 2000 Service Pack 4, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows XP Service Pack 2 and x64 Editions. - Originally posted: August 14, 2007 - Updated: August 29, 2007 - Bulletin Severity Rating: Important - Version: 1.1
* MS07-046 - Critical - http://www.microsoft.com/technet/security/bulletin/ms07-046.mspx - Reason for Revision: Bulletin Updated: Additional information has been added to include workarounds for this vulnerability. - Originally posted: August 14, 2007 - Updated: August 29, 2007 - Bulletin Severity Rating: Critical - Version: 1.1
* MS07-045 - Critical - http://www.microsoft.com/technet/security/bulletin/ms07-045.mspx - Reason for Revision: Revised to document the functionality change of increasing the limit on cookies from 20 to 50. - Originally posted: August 14, 2007 - Updated: August 29, 2007 - Bulletin Severity Rating: Critical - Version: 1.2
* MS07-044 - Critical - http://www.microsoft.com/technet/security/bulletin/ms07-044.mspx - Reason for Revision: Bulletin updated to change download link display text for Office components in Affected Software table - Originally posted: August 14, 2007 - Updated: August 29, 2007 - Bulletin Severity Rating: Critical - Version: 1.1
941495 How to increase the per-domain cookie limit of Internet Explorer from 20 to 50
908917 The system stops responding when you access a Web page or open an HTML document on a Windows XP SP2-based computer
941450 Cumulative update package 4 for SQL Server 2005 Service Pack 2
940942 FIX: Error message when you run a stored procedure that references tables after you upgrade a database from SQL Server 2000 to SQL Server 2005: "A time-out occurred while waiting for buffer latch"
940375 FIX: Error message when you use the Copy Database Wizard to move a database from SQL Server 2000 to SQL Server 2005
939562 FIX: Error message when you run a query that fires an INSTEAD OF trigger in SQL Server 2005 Service Pack 2: "Internal Query Processor Error The query processor could not produce a query plan"
936534 FIX: Error message when the Distribution Agent tries to apply the snapshot to the subscriber in SQL Server 2005: "Must declare the scalar variable "@Variable""
938363 FIX: Data is not replicated to a subscriber in a different partition by using parameterized row filters in SQL Server 2005
940935 FIX: Error message when you run a query that is associated with a parallel execution plan in SQL Server 2005: "SQL Server Assertion: File: , line=10850 Failed Assertion = 'GetLocalLockPartition () == xactLockInfo->GetLocalLockPartition ()'"
940126 FIX: Error 9003 is logged in the SQL Server error log file when you use log shipping in SQL Server 2005
937100 FIX: Error message when you run a SQL Server 2005 Integration Services package that contains a Script Component transformation:â€Insufficient memory to continue the execution of the programâ€
940221 FIX: Error message when you try to create an Oracle publication by using the New Publication Wizard in SQL Server 2005 Service Pack 2: "OLE DB Provider 'OraOLEDB.ORACLE' for Linked server returned message"
940379 FIX: Error message when you use the UNLOAD and REWIND options to back up a database to a tape device in SQL Server 2005: "Operation on device '' exceeded retry count"
938086 FIX: A SQL Server Agent job fails when you run the SQL Server Agent job in the context of a proxy account in SQL Server 2005
936252 The file name of Cumulative Update 3 for SQL Server 2005 Service Pack 2 is incorrectly associated with Microsoft Knowledge Base article 936252
939285 FIX: Error message when you run a stored procedure that starts a transaction that contains a Transact-SQL statement in SQL Server 2005: "New request is not allowed to start because it should come with valid transaction descriptor"
940945 FIX: Performance is very slow when the same stored procedure is executed at the same time in many connections on a multiple-processor computer that is running SQL Server 2005
940378 FIX: A cursor uses the incorrect transaction isolation level after you change the transaction isolation level for the cursor in SQL Server 2005
940390 FIX: You cannot roll back changes in a transaction after you call the ITransactionLocal::Abort method by setting the fRetaining flag to TRUE in a SQL Server 2005-based application that uses the SQL Native Client OLE DB provider
941105 Error messages after SQL Server 2005 has been running for some time: "Failed to load FileName.dll" and "Attempts to load any type of dll might fail within the SQL Server process with errors pointing to LoadLibrary failure"
941154 The "SQL Server:SSIS Pipeline" performance object does not appear in the "Performance object" list after you install Integration Services from a 64-bit version of SQL Server 2005
941039 Some reports generate incorrect information after you install the Simplified Chinese version of SMS 2003 ITMUv3
Summary The following bulletins have undergone a minor revision increment. Please see the appropriate bulletin for more details. * MS07-045 - Critical * MS07-050 - Critical
Bulletin Information: * MS07-045 - Critical - http://www.microsoft.com/technet/security/bulletin/ms07-045.mspx - Reason for Revision: Revised to correct Registry Key Verification for Internet Explorer 7 for all supported 32-bit editions, 64-bit editions, and Itanium-based editions of Windows Server 2003. - Originally posted: August 14, 2007 - Updated: August 22, 2007 - Bulletin Severity Rating: Critical - Version: 1.1
* MS07-050 - Critical - http://www.microsoft.com/technet/security/bulletin/ms07-050.mspx - Reason for Revision: Revised to correct Registry Key Verification for Internet Explorer 7 for all supported 32-bit editions, 64-bit editions, and Itanium-based editions of Windows Server 2003 - Originally posted: August 14, 2007 - Updated: August 22, 2007 - Bulletin Severity Rating: Critical - Version: 1.2
937143 MS07-045: Cumulative Security Update for Internet Explorer
938127 MS07-050: Vulnerability in Vector Markup Language could allow remote code execution
928780 Event ID: 6036 is logged in the System log when you connect to an instance of SQL Server 2005 or to an instance of SQL Server 2000 from a Windows Vista-based computer
927186 FIX: Error message when you create a merge replication for tables that have computed columns in SQL Server 2000 Service Pack 4: "The process could not log conflict information"
940281 FIX: An access violation may occur, and you may receive an error message, when you query the sys.dm_exe_sessions dynamic management view in SQL Server 2005
940220 FIX: Error message when you run a SQL Server 2005 Integration Services package that contains an FTP task: "An error occurred in the requested FTP operation"
940223 FIX: Error message when you synchronize a subscription by using Windows Synchronization Manager in SQL Server 2005: "The merge process failed to get correct information about the Interactive Resolver component from the Registry"
940937 FIX: Error message when you try to update the index key columns of a non-unique clustered index in SQL Server 2005: "Cannot insert duplicate key row in object 'ObjectName' with unique index 'IndexName'"
941232 How to apply a hotfix for SQL Server 2005 in a replication topology
940370 FIX: The event information that is generated by a child package does not have a "User:" prefix in Integration Services in SQL Server 2005 Service Pack 2
936200 The software inventory process may stop responding when the Delete Aged System Center Reporting task is enabled on a site server that is running SMS 2003 with SP2
941440 The scan process fails when the SMS 2003 Inventory Tool for Microsoft Updates tries to scan Microsoft Windows 2000-based SMS 2003 client computers for compliance
Summary The following bulletins have undergone a minor revision increment. Please see the appropriate bulletin for more details. * MS07-050 - Critical * MS07-042 - Critical
Bulletin Information: * MS07-050 - Critical - http://www.microsoft.com/technet/security/bulletin/ms07-050.mspx - Reason for Revision: Correct file information for Microsoft Internet Explorer 7 for Windows 2003 - Originally posted: August 14, 2007 - Updated: August 15, 2007 - Bulletin Severity Rating: Critical - Version: 1.1
* MS07-042 - Critical - http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx - Reason for Revision: Bulletin Updated: corrected file manifest information for Microsoft XML Core Services 4.0. - Originally posted: August 14, 2007 - Updated: August 15, 2007 - Bulletin Severity Rating: Critical - Version: 1.1
Busy month this month with 6 Critical and 3 Important updates:
Critical Security Bulletins MS07-042 - Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227) - Affected Software: - Microsoft XML Core Services 3.0 (KB936021) on Microsoft Windows 2000 Service Pack 4 - Microsoft XML Core Services 3.0 (KB936021) on Windows XP Service Pack 2 - Microsoft XML Core Services 3.0 (KB936021) on Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 - Microsoft XML Core Services 3.0 (KB936021) on Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 - Microsoft XML Core Services 3.0 (KB936021) on Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 - Microsoft XML Core Services 3.0 (KB936021) on Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems - Microsoft XML Core Services 3.0 (KB936021) on Windows Vista - Microsoft XML Core Services 3.0 (KB936021) on Windows Vista x64 Edition - Microsoft XML Core Services 4.0 (KB936181) when installed on Microsoft Windows 2000 Service Pack 4 - Microsoft XML Core Services 4.0 (KB936181) on Windows XP Service Pack 2 - Microsoft XML Core Services 4.0 (KB936181) when installed on Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 - Microsoft XML Core Services 4.0 (KB936181) when installed on Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 - Microsoft XML Core Services 4.0 (KB936181) when installed on Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 - Microsoft XML Core Services 4.0 (KB936181) when installed on Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems - Microsoft XML Core Services 4.0 (KB936181) when installed on Windows Vista - Microsoft XML Core Services 4.0 (KB936181) when installed on Windows Vista x64 Edition - Microsoft XML Core Services 6.0 (KB933579) when installed on Microsoft Windows 2000 Service Pack 4 - Microsoft XML Core Services 6.0 (KB933579) when installed on Windows XP Service Pack 2 - Microsoft XML Core Services 6.0 (KB933579) when installed on Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 - Microsoft XML Core Services 6.0 (KB933579) when installed on Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 - Microsoft XML Core Services 6.0 (KB933579) when installed on Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 - Microsoft XML Core Services 6.0 (KB933579) when installed on Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems - Microsoft XML Core Services 6.0 (KB933579) on Windows Vista - Microsoft XML Core Services 6.0 (KB933579) on Windows Vista x64 Edition - Microsoft Office 2003 Service Pack 2 with Microsoft XML Core Services 5.0 (KB936048) - 2007 Office System with Microsoft XML Core Services 5.0 (KB936960) - Microsoft Office Groove Server 2007 with Microsoft XML Core Services 5.0 (KB936056) - Microsoft Office SharePoint Server with Microsoft XML Core Services 5.0 (KB936056) - Impact: Remote Code Execution - Version Number: 1.0
MS07-043 - Vulnerability in OLE Automation Could Allow Remote Code Execution (921503) - Affected Software: - Microsoft Windows 2000 Service Pack 4 - Windows XP Service Pack 2 - Windows XP Professional x64 Edition - Windows XP Professional x64 Edition Service Pack 2 - Windows Server 2003 Service Pack 1 - Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 with SP1 for Itanium-based Systems - Windows Server 2003 with SP2 for Itanium-based Systems - Microsoft Office 2004 for Mac - Microsoft Visual Basic 6.0 Service Pack 6 (KB924053) - Impact: Remote Code Execution - Version Number: 1.0
MS07-044 - Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965) - Affected Software: - Microsoft Office 2000 Service Pack 3 - Microsoft Office XP Service Pack 3 - Microsoft Office 2003 Service Pack 2 - Microsoft Excel Viewer 2003 - Microsoft Office 2004 for Mac - Impact: Remote Code Execution - Version Number: 1.0
MS07-045 - Cumulative Security Update for Internet Explorer (937143) - Affected Software: - Microsoft Windows 2000 Service Pack 4 - Windows XP Service Pack 2 - Windows XP Professional x64 Edition - Windows XP Professional x64 Edition Service Pack 2 - Windows Server 2003 Service Pack 1 - Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 with SP1 for Itanium-based Systems - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Vista - Windows Vista x64 Edition - Impact: Remote Code Execution - Version Number: 1.0
MS07-046 - Vulnerability in GDI Could Allow Remote Code Execution (938829) - Affected Software: - Microsoft Windows 2000 Service Pack 4 - Windows XP Service Pack 2 - Windows XP Professional x64 Edition - Windows Server 2003 Service Pack 1 - Windows Server 2003 x64 Edition - Windows Server 2003 with SP1 for Itanium-based Systems - Impact: Remote Code Execution - Version Number: 1.0
MS07-050 - Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127) - Affected Software: - Microsoft Windows 2000 Service Pack 4 - Windows XP Service Pack 2 - Windows XP Professional x64 Edition - Windows XP Professional x64 Edition Service Pack 2 - Windows Server 2003 Service Pack 1 - Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 with SP1 for Itanium-based Systems - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Vista - Windows Vista x64 Edition - Impact: Remote Code Execution - Version Number: 1.0
Important Security Bulletins MS07-047 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (936782) - Affected Software: - Windows Media Player 7.1 on Microsoft Windows 2000 Service Pack 4 - Windows Media Player 9 when installed on Microsoft Windows 2000 Service Pack 4 - Windows Media Player 9 on Windows XP Service Pack 2 - Windows Media Player 10 when installed on Windows XP Service Pack 2 - Windows Media Player 10 on Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 - Windows Media Player 10 on Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 - Windows Media Player 10 on Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 - Windows Media Player 11 when installed on Windows XP Service Pack 2 - Windows Media Player 11 on Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 - Windows Media Player 11 in Windows Vista - Windows Media Player 11 in Windows Vista x64 Edition - Impact: Remote Code Execution - Version Number: 1.0
MS07-048 - Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123) - Affected Software: - Windows Vista - Windows Vista x64 Edition - Impact: Remote Code Execution - Version Number: 1.0
MS07-049 - Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986) - Affected Software: - Microsoft Virtual PC 2004 - Microsoft Virtual PC 2004 Service Pack 1 - Microsoft Virtual Server 2005 Standard Edition - Microsoft Virtual Server 2005 Enterprise Edition - Microsoft Virtual Server 2005 R2 Standard Edition - Microsoft Virtual Server 2005 R2 Enterprise Edition - Microsoft Virtual PC for Mac Version 6.1 - Microsoft Virtual PC for Mac Version 7 - Impact: Elevation of Privilege - Version Number: 1.0
914300 MFC ActiveX controls that belong to one Web page may remain present in all the Web pages when you use the Back and Forward buttons in Internet Explorer 6
939290 The value in the "CSP" field appears as "Loading" when you use the Advanced Certificate Request page to submit a certificate request to an enterprise CA in Internet Explorer
939537 Cumulative update package 3 for SQL Server 2005 Service Pack 2
940128 FIX: You receive error 8623 when you run a complex query in SQL Server 2005
939563 FIX: Error message when you synchronize a merge replication in Microsoft SQL Server 2005: "MSmerge_del_, Line 42 String or binary data would be truncated"
938672 FIX: The population operation may be very slow when you populate a full-text index that uses a column that is the varchar data type in SQL Server 2005
940210 FIX: Error message when you try to insert more than 3 megabytes of data into a distributed partitioned view in SQL Server 2005: "A system assertion check has failed"
940384 FIX: You receive a System.InvalidCastException exception when you run an application that calls the Server.JobServer.Jobs.Contains method on a computer that has SQL Server 2005 Service Pack 2 installed
940545 FIX: The performance of insert operations against a table that contains an identity column may be slow in SQL Server 2005
937086 The full-text crawl takes a long time to finish when you create a full-text index on a column that has the varchar data type in SQL Server 2005
940971 SQL Server 2005 Service Pack 2 installation fails, and a "The Transaction Manager is not available" error message is logged in the Summary.txt file
940181 Event ID 5102 is logged when you end a Remote Assistance session from a Systems Management Server 2003 Administrator console on a computer that has Internet Explorer 7 installed
939305 Error result when you run the Systems Management Server 2003 Service Pack 3 Deployment Readiness Wizard: "Site Database SQL version less than 7.0 SP3"
936465 In a three-tier SMS 2003 hierarchy, packages may not be decompressed or copied to the distribution point of the secondary site
935943 You cannot use Internet Explorer to connect to a Microsoft Virtual Server 2005 Administration Web site and then connect to another Virtual Server
938441 The appropriate tables and stored procedures are not created successfully when you install the Windows Key Management Service Management Pack for Microsoft Operations Manager 2005
938439 The Reporting DTS task does not run and reports do not work when Microsoft Operations Manager (MOM) 2005 fails over to the secondary node of a server cluster
934740 FIX: A Full-Text query against a Full-Text catalog that contains both the simplified Chinese word breaker and the traditional Chinese word breaker may not return some words in SQL Server 2000
937533 FIX: Error message when you run a query in SQL Server 2005: "Cannot insert duplicate key row in object with unique index "
940287 FIX: Error message when you use Service Broker in SQL Server 2005: "An error occurred while receiving data: '64(The specified network name is no longer available.)'"
940286 FIX: A Service Broker endpoint stops passing messages in a database mirroring session of SQL Server 2005
918757 FIX: The value of a cell is not updated correctly when you use multiple UPDATE CUBE statements inside a single transaction in SQL Server 2005 Analysis Services
938243 FIX: Error message when you run a full-text query against a catalog in SQL Server 2005: “The execution of a full-text query failed. The content index is corrupt.â€
938671 FIX: The Distribution Agent may skip some rows when you configure a transactional replication that uses the "-SkipErrors" parameter in SQL Server 2005
940254 Error message when you try to set a witness in a database mirroring session in SQL Server 2005: "The ALTER DATABASE command could not be sent to the remote server instance 'TCP://:'"
940182 The Windows Update Agent version is not inventoried after the hardware inventory runs on Systems Management Server (SMS) 2003 Service Pack 2 or on SMS 2003 Service Pack 3-based clients