DigitMemo.com

Microsoft has released the latest monthly security updates for October 2007.

The updates are available for download from the Microsoft Download Center and also from Windows Update/Microsoft Update.

Critical:

• KB923810
  Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution
• KB941202
  Security Update for Outlook Express and Windows Mail
• KB939653
  Cumulative Security Update for Internet Explorer
• KB942695
  Vulnerability in Microsoft Word Could Allow Remote Code Execution

Important:

• KB933729
  Vulnerability in RPC Could Allow Denial of Service
• KB942017
  Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site

Microsoft has also released the usual update for the Windows Malicious Software Removal Tool and the Windows Mail Definition Update (x86) (x64).

openSUSE is released regularly, is stable, secure, contains the latest free and open source software, and comes with several new technologies.

Click for more on openSUSE 10.3 Public Release »

An encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state.

PGP Corporation’s widely adopted Whole Disk Encryption product apparently has an encryption bypass feature that allows an encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state if the drive is stolen when the bypass feature is enabled.

Click for more on PGP backdoor? Undocumented Bypass in Whole Disk Encryption »

Sun Microsystems has shipped patches to fix a batch of “highly critical” vulnerabilities in Sun Java JRE (Java Runtime Environment), affecting Windows, Solaris and Linux users.

According to researchers, the flaws can be exploited to bypass certain security restrictions, manipulate data, disclose sensitive/system information, or potentially compromise a vulnerable system.

Click for more on Sun issues patches for ‘highly critical’ Java flaws »

Microsoft has issued an updated Internet Explorer (IE) 7 release that no longer requires Windows Genuine Advantage (WGA) validation in order to download.

Program Manager Steve Reynolds announced the news on October 4 on Microsoft’s IE Team blog:

Because Microsoft takes its commitment to help protect the entire Windows ecosystem seriously, we’re updating the IE7 installation experience to make it available as broadly as possible to all Windows users. With today’s ‘Installation and Availability Update,’ Internet Explorer 7 installation will no longer require Windows Genuine Advantage validation and will be available to all Windows XP users.

The new download can be found here.

Some minor UI changes:

• The menu bar is now visible by default.
• The Internet Explorer 7 online tour has updated how-to’s. Also, the “first-run” experience includes a new overview.
• We’ve included a new MSI installer that simplifies deployment for IT administrators in enterprises.

The flaw, which affects Windows XP and Windows Vista machines, opens up a backdoor that could enable a hacker to break into Firefox.

The company released an update for the Windows version of QuickTime media player on Wednesday afternoon to patch what Apple calls a “command injection issue” in the way the media player handles URLs. The flaw, which affects Windows XP and Windows Vista, was first disclosed in September of 2006 by Petko D. Petkov, a penetration tester.

Click for more on Apple Finally Patches Year-old QuickTime Flaw »

Microsoft is making source code for the .Net Framework available to interested developers under its Shared Source license, the company announced on October 3.

Microsoft will be rolling out the .Net code piecemeal, after scrubbing comments. It plans to start with the .Net Base Class Libraries, ASP.Net, Windows Forms, ADO.Net, XML (System.XML) and the Windows Presentation Foundation, blogged Microsoft Developer Division General Manager Scott Guthrie. Over time, the company also plans to make available the source code for Windows Communication Foundation, Windows Workflow Foundation and Language Integrated Query (LINQ), Guthrie said.

Click for more on Microsoft to release .Net as Shared Source »

It turns out all iPhone applications run as root and any application vulnerability means winner takes all.

The iPhone has been turned into a “pocket-sized … network-enabled root shell,” said H.D. Moore, thanks to the well-known security researcher having published shell code and instructions for the smart phone on how to use it as a portable hacking platform.

Click for more on iPhone Turned into Pocket-Sized Hacking Platform »

Microsoft have released a few updates on the Microsoft Download Center to resolve various issues in Vista and Server 2008

Vista:

• KB941229 (x86, WGA Free) (x64)
  This update addresses issues with Media Center for Microsoft Vista.
• KB941651 (x86, WGA Free) (x64)
  This is a reliability update. Install this update to improve the reliability of Windows Media Player 11 for Windows Vista in certain scenarios.
• KB941600 (x86, WGA Free) (x64)
  This update resolves some reliability issues in the USB core components on the Windows Vista operating system.
• KB941649 (x86, WGA Free) (x64)
  This update resolves some compatibility and reliability issues in Windows Vista. By applying this update, you can achieve better reliability and hardware compatibility in various scenarios.

Server 2008

• KB942239 (x86) (x64) (IA64)
  Install this update for Windows Server 2008 Beta 3 to provide the same storage upgrade support that is included with Windows Server 2008 RC0.

Microsoft’s move hopes to leverage the success of their Office client software to drive users to a new online collaboration site dubbed Office Live Workspace.

To that end, the company will give registered users 250 MB of storage space, which can be used to store documents “in the cloud” or even “host” them for comments by other users equipped with just a web browser. However, and this is important: you cannot create new Office documents with this feature nor can you edit documents beyond adding comments without having a copy of Microsoft Office installed locally.

Click for more on Office Live Workspace revealed: a free 250MB "SharePoint Lite" for everyone »