New
#1
Thanks.:)
This is an advance notification of security bulletins that
Microsoft is intending to release on February 8, 2011.
Microsoft Security Bulletin Advance Notification for February 2011
I followed the OP's link and under Non-Security I went to this link.
Description of Software Update Services and Windows Server Update Services changes in content for 2011 and then Bing gave me this when I looked for one of the updates. KB2487426
MS probably wont post the KB articles until Feb 8 so will have to wait for the official information. Maybe SP1 has not been released because of some install problems.
Jim
Thought about that..that's also maybe why they putted a new flavor of the kb2454826.
Download details: Update for Windows 7 for x64-based Systems (KB2454826)
I am wondering about up dates vs SP1. I have loaded SP1 and since the only updates I am getting are the ones for MSE. Will the rigs with SP1 be getting the updates or are they not available?
Microsoft To Patch Three Zero Day Vulnerabilities
Tuesday will bring 22 fixes from Microsoft, as well as Adobe patches for Acrobat and Reader.
By Mathew J. Schwartz , InformationWeek
February 7, 2011 10:54 AM
Microsoft's February Patch Tuesday will see the release this week of 12 security bulletins, patching a total of 22 vulnerabilities, including three that could be exploited via zero-day attacks.
According to Wolfgang Kandek, CTO of Qualys, "these vulnerabilities have seen limited exploits in the wild, so applying the update is highly recommended."
One of those bugs, a CSS-related vulnerability that affects all versions of Internet Explorer, was disclosed in late 2010 by a Google researcher. By early January, security firms reported that attackers were actively exploiting the bug.
Microsoft will also patch a zero-day vulnerability in the Windows Graphics Rendering Engine. Attackers could exploit the flaw using malicious thumbnail images, and execute arbitrary code at the user's permission level.
The third zero-day vulnerability to be patched is an FTP service bug, first acknowledged in December 2010, that affects Internet Information Service (IIS) 7.0 and 7.5, although not IIS Web Services. While attackers could exploit this vulnerability to create a denial of service, Microsoft said it was unlikely they could remotely execute code. Also, most organizations that use IIS likely won't be vulnerable, since IIS FTP service is not installed by default, and even when installed, not enabled by default.
complete article on link aboveTwo zero-day exploits currently targeting Microsoft products, however, won't be addressed in Tuesday's security update. Notably, a recently disclosed vulnerability in MHTML affects all versions of Windows. Microsoft acknowledged the bug 10 days ago and released a temporary workaround while it develops a permanent fix.
Since my Win 7 pro clean/install using SP-1 on Feb. 1, I've only received updates for WSE. I too use Windows Mail workaround. None of todays MS Updates are available to me.
Prior to my recent clean/install using SP-1, I received all MS updates just fine. I been using the Windows Mail workaround for a long time.
Thanks for any suggustions:)