UPDATE: July 2008 Bulletin Monthly Release – SQL update detection issue


Simon here again – I just wanted to follow up on the SQL update detection issue I mentioned below. We’ve released updated WU/MU detection and an updated WSUS catalog to resolve this issue.



Release Manager, MSRC


July 2008 Monthly Bulletin Release


I’m Simon, Release Manager in the MSRC.  The July 2008 release contains 4 new bulletins, all with maximum severities of “Important”.


MS08-037            Vulnerabilities in DNS Could Allow Spoofing (953230)


MS08-038            Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)


MS08-039            Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)


MS08-040            Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)


For a technical deep dive regarding these bulletins, please visit our Security Vulnerability Research and Defence blog.


If you have the Windows Internal Database (Microsoft Windows 2003 or Microsoft Windows 2008) installed on or enabled without SQL Server 2005 SP2 and you have are opt-into Microsoft Update, the SQL Server 2005 service pack 2 update may be offered incorrectly and fail to install. The Windows Internal Database will be updated as expected, since the Windows Internal Database update is also offered.  Microsoft is working on resolving this issue and will be updating the detection logic to avoid the incorrect offering.


In addition, we’ll also be releasing an infrastructure update to the Windows Update client itself later this month, which has been standard practice for over 8 years. Windows Vista customers who select “never check for updates” (and Windows XP customers who select “turn off Automatic Update”) in their WU settings will not receive this WU infrastructure update unless they elect to install it manually by visiting Windows Update. For more information, please visit the Microsoft Update blog.


Please join us for the regular monthly security bulletin webcast, Wednesday July 9, 11:00 PDT (GMT -7). We’ll have an overview of the July bulletins, and you’ll have the opportunity to ask us questions around the release.






*This posting is provided “AS IS” with no warranties, and confers no rights.*