How are the Windows 7 Service Pack 1 Beta and Windows Server 2008 R2 Service Pack 1 Beta releases affected by this vulnerability? Windows 7 Service Pack 1 Beta and Windows Server 2008 R2 Service Pack 1 Beta are affected by the vulnerabilities described in this bulletin. Customers running these beta releases are encouraged to download and apply the update to their systems. Security updates are available from Microsoft Update and Windows Update. The security update is also available for download from the Microsoft Download Center.
I am running Internet Explorer for Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2. Does this mitigate this vulnerability? Yes. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted Web content on a server. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone.
Mdac 2.8 Sp2 Download Server 2008
Download Zip: https://urlcod.com/2vFyRX
This chapter excerpt on Reporting Services Deployment Scenarios (download PDF) is taken from the book Microsoft SQL Server 2008 Reporting Services Unleashed. This book can help solutions providers to use SQL Server 2008 Reporting Services to deliver business intelligence services to customers, learn about new features in SQL Server 2008 R2, manage report data sources and models and more.
A remote code execution vulnerability exists in the way that Microsoft XML Core Services handles objects in memory. The vulnerability could allow remote code execution if a user views a website that contains specially crafted content. (CVE-2012-1889)Affected Software:This security update is rated Critical for Microsoft XML Core Services 3.0, 4.0, and 6.0 on all supported editions of Windows XP, Windows Vista, and Windows 7 and is rated Moderate on all supported editions of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2; it is also rated Critical for Microsoft XML Core Services 5.0 for all supported editions of Microsoft Office 2003, Microsoft Office 2007, Microsoft Office Word Viewer, Microsoft Office Compatibility Pack, Microsoft Expression Web, Microsoft Office SharePoint Server 2007, and Microsoft Groove Server 2007.Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):[Product Update] July 2012 Security Updates Are On ECE For XPe SP3 and Standard 2009 (KB2719985)August 2012 Security Updates are Live on ECE for XPe and Standard 2009 (KB2719985)ConsequenceSuccessfully exploiting this vulnerability might allow a remote attacker to execute arbitrary code.SolutionPatch:Following are links for downloading patches to fix the vulnerabilities:Windows XP Service Pack 3 (Microsoft XML Core Services 3.0)Windows XP Service Pack 3 (Microsoft XML Core Services 4.0)Windows XP Service Pack 3 (Microsoft XML Core Services 6.0)Windows XP Professional x64 Edition Service Pack 2 (Microsoft XML Core Services 3.0)Windows XP Professional x64 Edition Service Pack 2 (Microsoft XML Core Services 4.0)Windows XP Professional x64 Edition Service Pack 2 (Microsoft XML Core Services 6.0)Windows Server 2003 Service Pack 2 (Microsoft XML Core Services 3.0)Windows Server 2003 Service Pack 2 (Microsoft XML Core Services 4.0)Windows Server 2003 Service Pack 2 (Microsoft XML Core Services 6.0)Windows Server 2003 x64 Edition Service Pack 2 (Microsoft XML Core Services 3.0)Windows Server 2003 x64 Edition Service Pack 2 (Microsoft XML Core Services 4.0)Windows Server 2003 x64 Edition Service Pack 2 (Microsoft XML Core Services 6.0)Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft XML Core Services 3.0)Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft XML Core Services 4.0)For a complete list of patch download links, please refer to Microsoft Security Bulletin MS12-043.Workaround:1) Deploy the Enhanced Mitigation Experience Toolkit2) Configure Internet Explorer to prompt before running Active Scripting or disable Active Scripting in the Internet and Local intranet security zoneMicrosoft Internet Explorer Cumulative Security Update (MS12-044)SeverityCritical4Qualys ID100118Vendor ReferenceMS12-044CVE ReferenceCVE-2012-1522, CVE-2012-1524CVSS ScoresBase 9.3 / Temporal 7.7DescriptionMicrosoft Internet Explorer is a Web browser available for Microsoft Windows.Internet Explorer is prone to multiple vulnerabilities that could allow remote code execution.Microsoft has released a security update that addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory.This security update is rated Critical for Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 9 on Windows servers.ConsequenceSuccessfully exploiting this vulnerability could cause execution of arbitrary code.SolutionPatch:Following are links for downloading patches to fix the vulnerabilities:Windows Vista Service Pack 2 (Internet Explorer 9)Windows Vista x64 Edition Service Pack 2 (Internet Explorer 9)Windows Server 2008 for 32-bit Systems Service Pack 2 (Internet Explorer 9)Windows Server 2008 for x64-based Systems Service Pack 2 (Internet Explorer 9)Windows 7 for 32-bit Systems (Internet Explorer 9)Windows 7 for 32-bit Systems Service Pack 1 (Internet Explorer 9)Windows 7 for x64-based Systems (Internet Explorer 9)Windows 7 for x64-based Systems Service Pack 1 (Internet Explorer 9)Windows Server 2008 R2 for x64-based Systems (Internet Explorer 9)Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Internet Explorer 9)Refer to Microsoft Security Bulletin MS12-044 for further details.Workaround:Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones.Configure IE to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones; add trusted sites to the IE trusted sites zone. Note: Disabling or restricting scripting can severely impact the usability of the browser.Microsoft Data Access Components Remote Code Execution Vulnerability (MS12-045)SeverityUrgent5Qualys ID90817Vendor ReferenceMS12-045CVE ReferenceCVE-2012-1891CVSS ScoresBase 9.3 / Temporal 6.9DescriptionMicrosoft Data Access Components (MDAC) is a collection of components that make it easy for programs to access databases and then to manipulate the data within them.A remote code execution vulnerability exists in the way that Microsoft Data Access Components accesses an object in memory that has been improperly initialized. (CVE-2012-1891)Affected Software:Microsoft Data Access Components 2.8 Service Pack 1 - Windows XP Service Pack 3Microsoft Data Access Components 2.8 Service Pack 2 - Windows XP Professional x64 Edition Service Pack 2 - Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 with SP2 for Itanium-based SystemsWindows Data Access Components 6.0 - Windows Vista Service Pack 2 - Windows Vista x64 Edition Service Pack 2 - Windows Server 2008 for 32-bit Systems Service Pack 2 - Windows Server 2008 for x64-based Systems Service Pack 2 - Windows Server 2008 for Itanium-based Systems Service Pack 2 - Windows 7 for 32-bit Systems - Windows 7 for 32-bit Systems Service Pack 1 - Windows 7 for x64-based Systems - Windows 7 for x64-based Systems Service Pack 1 - Windows Server 2008 R2 for x64-based Systems - Windows Server 2008 R2 for x64-based Systems Service Pack 1 - Windows Server 2008 R2 for Itanium-based Systems - Windows Server 2008 R2 for Itanium-based Systems Service Pack 1This security update is rated Critical.Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):[Product Update] July 2012 Security Updates Are On ECE For XPe SP3 and Standard 2009 (KB2698365)August 2012 Security Updates are Live on ECE for XPe and Standard 2009 (KB2698365)ConsequenceAn attacker who successfully exploits this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.SolutionPatch:Following are links for downloading patches to fix the vulnerabilities:Windows XP Service Pack 3Windows XP Professional x64 Edition Service Pack 2Windows Server 2003 Service Pack 2Windows Server 2003 x64 Edition Service Pack 2Windows Server 2003 with SP2 for Itanium-based SystemsWindows Vista Service Pack 2Windows Vista x64 Edition Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for Itanium-based Systems Service Pack 2Windows 7 for 32-bit SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based SystemsWindows 7 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for Itanium-based SystemsWindows Server 2008 R2 for Itanium-based Systems Service Pack 1For a complete list of patch download links, please refer to Microsoft Security Bulletin MS12-045.Microsoft Visual Basic for Applications Remote Code Execution Vulnerability (MS12-046)SeverityCritical4Qualys ID110184Vendor ReferenceMS12-046CVE ReferenceCVE-2012-1854CVSS ScoresBase 6.9 / Temporal 6DescriptionMicrosoft VBA is a development technology for developing client desktop packaged applications and integrating them with existing data and systems. Microsoft VBA is based on the Microsoft Visual Basic development system. Microsoft Office products include VBA and make use of VBA to perform certain functions. VBA can also be used to build customized applications around an existing host application.The security update addresses the vulnerability by correcting how Microsoft Visual Basic for Applications loads external libraries. This security update is rated Important for all supported versions of Microsoft Visual Basic for Applications SDK and third-party applications that use Microsoft Visual Basic for Applications.ConsequenceThe vulnerability could allow remote code execution if a user opens a legitimate Microsoft Office file (such as a .docx file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.SolutionPatch:Following are links for downloading patches to fix the vulnerabilities:Microsoft Office 2003 Service Pack 3Microsoft Office 2007 Service Pack 2Microsoft Office 2007 Service Pack 3Microsoft Office 2010 Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 Microsoft Office 2010 Service Pack 1 Microsoft Office 2010 Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 Microsoft Office 2010 Service Pack 1 Microsoft Visual Basic for ApplicationsRefer to Microsoft Security Bulletin MS12-046 for further details.Microsoft Windows Kernel-Mode Drivers Elevation of Privilege Vulnerability (MS12-047)SeverityCritical4Qualys ID90816Vendor ReferenceMS12-047CVE ReferenceCVE-2012-1890, CVE-2012-1893CVSS ScoresBase 7.2 / Temporal 5.6DescriptionThe Windows kernel is the core of the operating system. It provides system-level services such as device management and memory management, allocates processor time to processes, and manages error handling.An elevation of privilege vulnerability exists in the way that the Windows kernel-mode driver handles specific keyboard layouts. (CVE-2012-1890)An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly validates parameters when creating a hook procedure. (CVE-2012-1893)Affected Software:Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows 7 for 32-bit Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for Itanium-based Systems Windows Server 2008 R2 for Itanium-based Systems Service Pack 1This security update is rated Important.Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):[Product Update] July 2012 Security Updates Are On ECE For XPe SP3 and Standard 2009 (KB2718523)ConsequenceAn attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.SolutionPatch:Following are links for downloading patches to fix the vulnerabilities:Windows XP Service Pack 3Windows XP Professional x64 Edition Service Pack 2Windows Server 2003 Service Pack 2Windows Server 2003 x64 Edition Service Pack 2Windows Server 2003 with SP2 for Itanium-based SystemsWindows Vista Service Pack 2Windows Vista x64 Edition Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for Itanium-based Systems Service Pack 2Windows 7 for 32-bit SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based SystemsWindows 7 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for Itanium-based SystemsWindows Server 2008 R2 for Itanium-based Systems Service Pack 1Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2For a complete list of patch download links, please refer to Microsoft Security Bulletin MS12-047.Microsoft Windows Shell Remote Code Execution Vulnerability (MS12-048)SeverityCritical4Qualys ID90818Vendor ReferenceMS12-048CVE ReferenceCVE-2012-0175CVSS ScoresBase 9.3 / Temporal 6.9DescriptionMicrosoft Windows is prone to a vulnerability that may allow remote code execution if a user opens a file or directory with a specially crafted name.Microsoft has released a security update that addresses the vulnerabilities by modifying the way that Windows handles files and directories with specially crafted names. This security update is rated Important for all supported releases of Microsoft Windows. Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):[Product Update] July 2012 Security Updates Are On ECE For XPe SP3 and Standard 2009 (KB2691442)August 2012 Security Updates are Live on ECE for XPe and Standard 2009 (KB2691442)ConsequenceSuccessfully exploiting this vulnerability might allow an attacker to execute arbitrary code.SolutionPatch:Following are links for downloading patches to fix the vulnerabilities:Windows XP Service Pack 3Windows XP Professional x64 Edition Service Pack 2Windows Server 2003 Service Pack 2Windows Server 2003 x64 Edition Service Pack 2Windows Server 2003 with SP2 for Itanium-based SystemsWindows Vista Service Pack 2Windows Vista x64 Edition Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for Itanium-based Systems Service Pack 2Windows 7 for 32-bit SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based SystemsWindows 7 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for Itanium-based SystemsWindows Server 2008 R2 for Itanium-based Systems Service Pack 1Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2For a complete list of patch download links, please refer to Microsoft Security Bulletin MS12-048.Microsoft Windows TLS Information Disclosure Vulnerability (MS12-049)SeveritySerious3Qualys ID90815Vendor ReferenceMS12-049CVE ReferenceCVE-2012-1870CVSS ScoresBase 4.3 / Temporal 3.4DescriptionSecure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) are cryptographic protocols that provide communication security over the Internet. This security update resolves a publicly disclosed vulnerability in TLS. The security update addresses the vulnerability by modifying the way that the Windows Secure Channel (SChannel) and the Cryptography API: Next Generation (CNG) components handle encrypted network packets.Affected Versions:Windows XPWindows Server 2003Windows Vista Windows Server 2008 Windows 7This security update is rated Important for all supported releases of Microsoft Windows. Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):[Product Update] July 2012 Security Updates Are On ECE For XPe SP3 and Standard 2009 (KB2655992)August 2012 Security Updates are Live on ECE for XPe and Standard 2009 (KB2655992)ConsequenceThe vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. All cipher suites that do not use CBC mode are not affected.SolutionPatch:Following are links for downloading patches to fix the vulnerabilities:Windows XP Service Pack 3Windows XP Professional x64 Edition Service Pack 2Windows Server 2003 Service Pack 2Windows Server 2003 x64 Edition Service Pack 2Windows Server 2003 with SP2 for Itanium-based SystemsWindows Vista Service Pack 2Windows Vista x64 Edition Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for Itanium-based Systems Service Pack 2Windows 7 for 32-bit SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based SystemsWindows 7 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for Itanium-based SystemsWindows Server 2008 R2 for Itanium-based Systems Service Pack 1Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2For a complete list of patch download links, please refer to Microsoft Security Bulletin MS12-049.Microsoft SharePoint Privilege Escalation Vulnerability (MS12-050)SeverityCritical4Qualys ID110185Vendor ReferenceMS12-050CVE ReferenceCVE-2012-1858, CVE-2012-1859, CVE-2012-1860, CVE-2012-1861, CVE-2012-1862, CVE-2012-1863CVSS ScoresBase 6.8 / Temporal 5.6DescriptionMicrosoft SharePoint is prone to multiple vulnerabilities that could allow an attacker to conduct privilege escalation attacks.Microsoft has released a security update that addresses the vulnerabilities by modifying the way that HTML strings are sanitized and by correcting the way that Microsoft SharePoint validates and sanitizes user input.This security update is rated Important for supported editions of Microsoft InfoPath 2007, Microsoft InfoPath 2010, Microsoft SharePoint Server 2007, Microsoft SharePoint Server 2010, and Microsoft Groove Server 2010; and for supported versions of Microsoft Windows SharePoint Services 3.0 and SharePoint Foundation 2010.ConsequenceExploitation could result in elevation of privilege or information disclosure.SolutionPatch:Following are links for downloading patches to fix the vulnerabilities:Microsoft InfoPath 2007 Service Pack 2Microsoft InfoPath 2007 Service Pack 2Microsoft InfoPath 2007 Service Pack 3Microsoft InfoPath 2007 Service Pack 3Microsoft InfoPath 2010 Microsoft InfoPath 2010 Microsoft InfoPath 2010 Service Pack 1 Microsoft InfoPath 2010 Service Pack 1 Microsoft InfoPath 2010 Microsoft InfoPath 2010 Microsoft InfoPath 2010 Service Pack 1 Microsoft InfoPath 2010 Service Pack 1 Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions) (Microsoft Office SharePoint Server 2007 Service Pack 2 )Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions) (Microsoft Office SharePoint Server 2007 Service Pack 2 )Microsoft Office SharePoint Server 2007 Service Pack 3 (32-bit editions) (Microsoft Office SharePoint Server 2007 Service Pack 3 )Microsoft Office SharePoint Server 2007 Service Pack 3 (32-bit editions) (Microsoft Office SharePoint Server 2007 Service Pack 3 )Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions) (Microsoft Office SharePoint Server 2007 Service Pack 2 )Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions) (Microsoft Office SharePoint Server 2007 Service Pack 2 )For a complete list of patch download links, please refer to Microsoft Security Bulletin MS12-050.Microsoft Office for Mac Could Allow Elevation of Privileges (MS12-051)SeverityCritical4Qualys ID110186Vendor ReferenceMS12-051CVE ReferenceCVE-2012-1894CVSS ScoresBase 6.9 / Temporal 5.1DescriptionMicrosoft Office for Macintosh is a proprietary suite of Office applications. An elevation of privilege vulnerability exists in the way that folder permissions are set in certain Microsoft Office for Mac installations.This security update is rated Important Affected Version:Microsoft Office 2011 for MacConsequenceSuccessful exploitation allows elevation of privilege or information disclosure.SolutionPatch:Following link is a patch to fix the vulnerability:Microsoft Office 2011 for MacWorkaround:The following workaround would not correct the underlying vulnerability but would help block known attack vectors before you apply the update.Remove write permission from others in affected folders./usr/bin/sudo /bin/chmod -R -P o-w /Library/Internet\ Plug-Ins/SharePointWebKitPlugin.webplugin//usr/bin/sudo /bin/chmod -R -P o-w /Library/Internet\ Plug-Ins/SharePointBrowserPlugin.plugin//usr/bin/sudo /bin/chmod -R -P o-w /Library/Fonts/Microsoft//usr/bin/sudo /bin/chmod -R -P o-w /Library/Automator//usr/bin/sudo /bin/chmod -R -P o-w /Applications/Microsoft\ Office\ 2011/These new vulnerability checks are included in Qualysvulnerability signature2.2.169-3.Each Qualys account is automatically updated with the latestvulnerability signatures as they become available. To view thevulnerability signature version in your account, from theQualys Help menu, select the About tab. 2ff7e9595c
Comments