Revision Note: July 2, 2008: Updated the Suggested Actions. Advisory Summary:Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed. Safari is not installed with Windows XP or Windows Vista by default; it must be installed independently or through the Apple Software Update application. Customers running Safari on Windows should review this advisory.
Microsoft Security Advisory (954960): Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates - 6/30/2008
Revision Note: Advsiory published. Advisory Summary:Microsoft is investigating public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft is aware of reports from customers who are experiencing this issue.
Microsoft Security Advisory (954462): Rise in SQL Injection Attacks Exploiting Unverified User Data Input - 6/25/2008
Revision Note: June 25, 2008: Removed erroneous references to form field and cookie value testing from the HP Scrawlr tool description. Advisory Summary:Microsoft is aware of a recent escalation in a class of attacks targeting Web sites that use Microsoft ASP and ASP.NET technologies but do not follow best practices for secure Web application development. These SQL injection attacks do not exploit a specific ibcbet software vulnerability, but instead target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. When a SQL injection attack succeeds, an attacker can compromise data stored in these databases and possibly execute remote code. Clients browsing to a compromised server could be forwarded unknowingly to malicious sites that may install malware on the client machine.