微軟在公司稱『英雄這裡發生』的洛杉磯將發射服務器OS的最終版本在2月27日事件。 並且將被揭幕是微軟SQL服務器2008年…

[學會更多]

描述： 這次重要安全更新解決私下報告的一弱點。 取消服務弱點在遠程過程調用(RPC)設施在溝通存在由於失敗與NTLM安全提供者，當進行RPC請求的認證時。

更新類型： 重要

發行日期： 2007年10月9日

適用於： 所有版本

知識庫： support.microsoft.com/kb/933729

下載鏈接： 32位 | 64位

評論： 更多信息是可利用的在這個弱點：

• RPC認證弱點能允許取消服務- CVE-2007-2228

描述： 這次重要安全更新解決私下報告的一弱點。 弱點能允許遙遠的代碼施行由於一個不正確地被處理的畸形的NNTP反應。 攻擊者能通過修建一個特別地被製作的網頁利用弱點。

更新類型： 重要

發行日期： 2007年10月9日

適用於： 所有版本

知識庫： support.microsoft.com/kb/941202

下載鏈接： 32位 | 64位

評論： 更多信息關於弱點是可利用的：

• 網絡新聞轉移規約內存損壞弱點†「 CVE-2007-3897

Description: This important security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerability with the most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer.

Update type: Important

Release date: October 9, 2007

Applies to: All versions

Knowledge base: support.microsoft.com/kb/939653

Download link: 32-bit | 64-bit

Comments: Following is more information on the four vulnerabilities:

• Address Bar Spoofing Vulnerability - CVE-2007-3892
• Error Handling Memory Corruption Vulnerability - CVE-2007-3893
• Address Bar Spoofing Vulnerability - CVE-2007-1091 & CVE-2007-3826

There are a number of possible side effects of this update:

• You may receive an error message that resembles the following when you try to visit a Web page in Windows Internet Explorer 7:
  

  Webpage cannot be displayed

• When you browse from one Web site to a different Web site in Microsoft Internet Explorer 6 in Windows XP, Internet Explorer 6 may crash.
• ActiveX controls that prompt before they are loaded.
• The use of monikers is no longer supported in Internet Explorer.

This update also includes a number of non-security related fixes:

• Internet Explorer 6 may exit with an access violation when the JavaScript garbage collector runs and you have dynamically removed a TBODY, THEAD, or TFOOT HTML tag from a table in Windows XP
• ActiveX controls are inactive when you access a Web page by using Internet Explorer 7
• Windows Internet Explorer 7 does not download an ActiveX control that is referenced in a CODEBASE attribute when you open

...

Description: Install this update to resolve a display issue that occurs during language pack installation and when accessing the Regional and Language Options control panel.

Update type: Recommended

Release date: August 27, 2007

Applies to: All versions

Knowledge base: support.microsoft.com/kb/938952

Download link: 32-bit | 64-bit

Comments: When you try to use the Chinese (Traditional) Language Pack that is downloaded from the Windows Ultimate Extras section of Windows Update, you may experience the following symptoms.

Symptom 1
If you use the Language Pack Setup tool (Lpksetup.exe) to install the language pack, the language pack is described as "Chinese (Hong Kong S.A.R.)".

Symptom 2
After the installation of the language pack finishes, the language pack is described as "Chinese (Hong Kong S.A.R.)" in the Regional and Language Options item in Control Panel.

Note: Because the Chinese (Traditional) Language pack is used in Taiwan and Hong Kong, the description will confuse users in Taiwan and Hong Kong who download the language pack.

This update will update Lpksetup.exe and the Regional and Language Options item to display a locale-neutral description for the Chinese (Traditional) Language Pack.

Description: Install this update to resolve an issue in the Background Intelligenct Transfer Service (BITS).

Update type: Important

Release date: August 27, 2007

Applies to: All versions

Knowledge base: support.microsoft.com/kb/939159

Download link: 32-bit | 64-bit

Comments: When updates are being downloaded from Windows Update on a Windows Vista-based computer, you may experience the following symptoms:

• A dialog box appears that indicates that the host process for Windows Services has stopped working.
• After you restart the computer, you receive the following error message in a Windows Update dialog box:
  

  Some Updates were not installed
  Failed: xx updates
  Error(s) Found:
  Code 800706BA

• An event that resembles the following is logged in the Application log:
  

  Event Type: Error
  Event Source: Application Error
  Event Category: None
  Event ID: 1000
  Date: date
  Time: time
  Computer: computer name
  User: N/A
  Description: Faulting application svchost.exe_BITS, version 6.0.6000.16386, time stamp 0×4549adc4, faulting module qmgr.dll, version 7.0.6000.16386, time stamp 0×4549bd9f, exception code 0xc0000005

This problem occurs because the Background Intelligent Transfer Service (BITS) state files are corrupted. This problem stops the host process for Windows Services. This behavior prevents you from using BITS to transfer files.