New MSSECURE.XML/EST Version 2006.12.12 Available

New MSSECURE.XML/EST Version 2006.12.12 Available

Post by Charles We » Thu, 14 Dec 2006 06:39:32



MSSECURE.XML Data Version 2006.12.12.0 for use with MBSA 1.2.1 (SMS 2.0
or 2003 with Software Update Inventory Tool (SUIT)) was last modified today,
December 12th, 2006, and is now available for all supported languages
(English, French, German and Japanese). Today's release contains 7 new
bulletins and 1 re-release bulletin, 4 of which are fully supported by MBSA
1.2.1. The standalone EST tool is required to support detection for
MS06-073, MS06-076, MS06-077, and partial detection (along with MSSECURE.XML
used in MBSA 1.2.1) for MS06-078.

More information on each of the bulletins listed below can be found at
http://www.yqcomputer.com/

Critical Updates:

Microsoft Security Bulletin MS06-072 Supported by MBSA 1.2.1
Cumulative Security Update for Internet Explorer (925454)

Microsoft Security Bulletin MS06-073 Supported by EST
Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution
(925674)

Microsoft Security Bulletin MS06-078 Supported by MBSA 1.2.1 and EST
Vulnerability in Windows Media Format Could Allow Remote Code Execution
(923689)


Important Updates:

Microsoft Security Bulletin MS06-074 Supported by MBSA 1.2.1
Vulnerability in SNMP Could Allow Remote Code Execution (926247)

Microsoft Security Bulletin MS06-075 Supported by MBSA 1.2.1
Vulnerability in Windows Could Allow Elevation of Privilege (926255)

Microsoft Security Bulletin MS06-076 Supported by EST
Cumulative Security Update for Outlook Express (923694)

Microsoft Security Bulletin MS06-077 Supported by EST
Vulnerability in Remote Installation Service Could Allow Remote Code
Execution (926121)


What is the Enterprise Update Scanning Tool (EST)? As part of an ongoing
commitment to provide detection tools for complex updates for bulletin-class
issues that are not supported by MBSA 1.2, a stand-alone tool may be
provided for certain bulletins. Microsoft will evaluate the detection and
deployment complexity of each bulletin, and provide detection support based
on the specifics of each release. When a detection tool is created for a
specific bulletin, customers will be able to script running the tool from a
command line interface, and process the results using an XML output file.
Detailed documentation will be provided with the tool to ensure customers
can leverage it quickly. See the following link for details
http://www.yqcomputer.com/

NOTE: The EST tool is only for use with MBSA 1.2 to support limitations in
the MBSA 1.2 scan tool to ensure complete security update detection support
for all bulletins released this month.



Note: This is announcement is not for MBSA 2.0/MBSA 2.0.1 since it is based
on Microsoft Update technology and has the same product and platform support
as Microsoft Update and WSUS Server (see TechNet for details).


Charles Weidner [MSFT]
XXXX@XXXXX.COM

This posting is provided "AS IS" with no warranties, and confers no rights.

If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for support on the Microsoft
Baseline
Security Analyzer (MBSA). Information is available at the following link:
http://www.yqcomputer.com/

This e-mail address does not receive e-mail, but is used for newsgroup
postings only.
 
 
 

New MSSECURE.XML/EST Version 2006.12.12 Available

Post by Charles We » Thu, 11 Jan 2007 06:23:21

MSSECURE.XML Data Version 2007.01.09.0 for use with MBSA 1.2.1 (SMS 2.0 or
2003 with Software Update Inventory Tool (SUIT)) was last modified today,
January 9th, 2007, and is now available for all supported languages
(English, French, German and Japanese). Today's release contains 4 new
bulletins, 3 of which are supported by MBSA 1.2.1 (see bulletins for further
details). The standalone EST tool is required to support detection for
MS07-004.


More information on each of the bulletins listed below can be found at
http://www.yqcomputer.com/


Critical Updates:

Microsoft Security Bulletin MS07-002 Supported by MBSA 1.2.1
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
(927198)

Microsoft Security Bulletin MS07-003 Supported by MBSA 1.2.1
Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution
(925938)

Microsoft Security Bulletin MS07-004 Supported by EST
Vulnerability in Vector Markup Language Could Allow Remote Code Execution
(929969)

Important Updates:

Microsoft Security Bulletin MS07-001 Supported by MBSA 1.2.1
Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker
Could Allow Remote Code Execution (921585)


What is the Enterprise Update Scanning Tool (EST)? As part of an ongoing
commitment to provide detection tools for complex updates for bulletin-class
issues that are not supported by MBSA 1.2, a stand-alone tool may be
provided for certain bulletins. Microsoft will evaluate the detection and
deployment complexity of each bulletin, and provide detection support based
on the specifics of each release. When a detection tool is created for a
specific bulletin, customers will be able to script running the tool from a
command line interface, and process the results using an XML output file.
Detailed documentation will be provided with the tool to ensure customers
can leverage it quickly. See the following link for details
http://www.yqcomputer.com/

NOTE: The EST tool is only for use with MBSA 1.2 to support limitations in
the MBSA 1.2 scan tool to ensure complete security update detection support
for all bulletins released this month.



Note: This is announcement is not for MBSA 2.0/MBSA 2.0.1 since it is based
on Microsoft Update technology and has the same product and platform support
as Microsoft Update and WSUS Server (see TechNet for details).


Charles Weidner [MSFT]
XXXX@XXXXX.COM

This posting is provided "AS IS" with no warranties, and confers no rights.

If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for support on the Microsoft
Baseline
Security Analyzer (MBSA). Information is available at the following link:
http://www.yqcomputer.com/

This e-mail address does not receive e-mail, but is used for newsgroup
postings only.