Description: This important security update resolves a privately reported vulnerability in Server Message Block Version 2 (SMBv2). The vulnerability could allow an attacker to tamper with data transferred via SMBv2, which could allow remote code execution in domain configurations communicating with SMBv2.

Update type: Important

Release date: December 11, 2007

Applies to: All versions

Knowledge base: support.microsoft.com/kb/942624

Download link: 32-bit | 64-bit

Comments:

Microsoft will launch the final version of the server OS at a February 27th event in Los Angeles which the company is calling ‘Heroes Happen Here,’ . Also to be unveiled is Microsoft SQL Server 2008…

[Learn More]

Description: This important security update resolves one privately reported vulnerability. A denial of service vulnerability in the remote procedure call (RPC) facility exists due to a failure in communicating with the NTLM security provider when performing authentication of RPC requests.

Update type: Important

Release date: October 9, 2007

Applies to: All versions

Knowledge base: support.microsoft.com/kb/933729

Download link: 32-bit | 64-bit

Comments: More information is available on this vulnerability:

• RPC Authentication Vulnerability Could Allow Denial of Service - CVE-2007-2228

Description: This important security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution due to an incorrectly handled malformed NNTP response. An attacker could exploit the vulnerability by constructing a specially crafted Web page.

Update type: Important

Release date: October 9, 2007

Applies to: All versions

Knowledge base: support.microsoft.com/kb/941202

Download link: 32-bit | 64-bit

Comments: More information on the vulnerability is available:

• Network News Transfer Protocol Memory Corruption Vulnerability – CVE-2007-3897

Description: This important security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerability with the most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer.

Update type: Important

Release date: October 9, 2007

Applies to: All versions

Knowledge base: support.microsoft.com/kb/939653

Download link: 32-bit | 64-bit

Comments: Following is more information on the four vulnerabilities:

• Address Bar Spoofing Vulnerability - CVE-2007-3892
• Error Handling Memory Corruption Vulnerability - CVE-2007-3893
• Address Bar Spoofing Vulnerability - CVE-2007-1091 & CVE-2007-3826

There are a number of possible side effects of this update:

• You may receive an error message that resembles the following when you try to visit a Web page in Windows Internet Explorer 7:
  

  Webpage cannot be displayed

• When you browse from one Web site to a different Web site in Microsoft Internet Explorer 6 in Windows XP, Internet Explorer 6 may crash.
• ActiveX controls that prompt before they are loaded.
• The use of monikers is no longer supported in Internet Explorer.

This update also includes a number of non-security related fixes:

• Internet Explorer 6 may exit with an access violation when the JavaScript garbage collector runs and

…

Description: Install this update to resolve a display issue that occurs during language pack installation and when accessing the Regional and Language Options control panel.

Update type: Recommended

Release date: August 27, 2007

Applies to: All versions

Knowledge base: support.microsoft.com/kb/938952

Download link: 32-bit | 64-bit

Comments: When you try to use the Chinese (Traditional) Language Pack that is downloaded from the Windows Ultimate Extras section of Windows Update, you may experience the following symptoms.

Symptom 1
If you use the Language Pack Setup tool (Lpksetup.exe) to install the language pack, the language pack is described as "Chinese (Hong Kong S.A.R.)".

Symptom 2
After the installation of the language pack finishes, the language pack is described as "Chinese (Hong Kong S.A.R.)" in the Regional and Language Options item in Control Panel.

Note: Because the Chinese (Traditional) Language pack is used in Taiwan and Hong Kong, the description will confuse users in Taiwan and Hong Kong who download the language pack.

This update will update Lpksetup.exe and the Regional and Language Options item to display a locale-neutral description for the Chinese (Traditional) Language Pack.