Microsoft has fixed a critical error with it one patch released on Tuesday. And fixed 4 flaws with two patches.

The critical bulletin affects Microsoft XML Core Services and Internet Explorer, while the “important” bulletin affects Microsoft Server Message Block (SMB) Protocol. Both affect all versions of Windows. Starting last month, Microsoft is sharing the technical details of new vulnerabilities to give software developers a chance to update affected products before the public announcement. Microsoft is including within each bulletin an “exploitability index” to help system administrators prioritize the patches. All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS08-068: Important

Exploitability index: 1. Microsoft recommends that customers apply the update at the earliest opportunity. Titled “Vulnerability in SMB Could Allow Remote Code Execution (957097)”, this bulletin is important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and moderate for all supported editions of Windows Vista and Windows Server 2008. This bulletin addresses the vulnerability detailed in CVE-2008-4037. Microsoft says an attacker “who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.”

MS08-069: Critical

Exploitability index: 1-2. Microsoft recommends that customers apply this update immediately. Titled “Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)”, this bulletin is rated critical for Microsoft XML Core Services 3.0 and important for Microsoft XML Core Services 4.0, Microsoft XML Core Services 5.0, and Microsoft XML Core Services 6.0. This bulletin replaces MS07-042 and addresses the three vulnerabilities detailed in CVE-2007-0099, CVE-2008-4029, and CVE-2008-4033. Microsoft says that “the most severe vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer.”

****************************************************************************

Photoshop.com upgrade and CS4 to be released Soon:

Adobe will soon release its latest upgrades in Photoshop.com online service and also will release Photoshop CS4 software.

Though the release has been delayed, the upcoming Photoshop site upgrades include features to import address book entries from Hotmail, Yahoo Mail, and Gmail to improve photo sharing; an uploading tool to synchronize software on a person’s PC with the version stored online; and new pricing options.

And Photoshop CS4 Configurator, a tool to let people create customized control panels for the image-editing software. It had been due in October, but now it and another new CS4 option, the Pixel Bender filter gallery, won’t debut until later in November, John Nack, senior product manager for Photoshop, said in a blog post. Pixel Bender is a technology enabling high-performance special effects that Adobe hopes will be easier to use than earlier plug-in filter technology.

Related posts:

1. 11 Patches fixes Microsoft, clears 20 flaws.
2. Microsoft Issues Critical Security Fixes For Windows & Office
3. 11 fixed patches.
4. 11 flaws fixed with Apple’s latest updates, 8 fixes for Safari and 3 fixes for webkit.
5. Microsoft has Released Security Bulletin MS09-034