LANDesk^® Patch Manager and Security Suite ("LDSS") provide customers with the latest security and application patches and updates for the most utilized software in your business. Maintaining a safe and secure environment helps to avoid downtime that will affect employees and productivity. The following items are the patch and update highlights from this past week.

Windows Content

Vulnerability Definitions - This week was highlighted by a number of updates to Microsoft's email filters. There were also several updates to previously released security bulletins and a couple of content releases for package updates.

• Vulnerability ID: 956077

• LANDesk Patch News Bulletin: The Junk E-Mail for Microsoft Office Outlook 2003 - September 2008

• http://support.microsoft.com/kb/956077

• Vulnerability ID: 905866v24

• LANDesk Patch News Bulletin: Microsoft Windows Mail Definition Update - September 2008

• http://support.microsoft.com/kb/905866

• Vulnerability ID: 956080

• LANDesk Patch News Bulletin: Updated Junk E-mail Filter for MIcrosoft Office Outlook 2007 - September 2008

• http://support.microsoft.com/kb/956080

• Vulnerability ID: SILVERLIGHTv1.0.30716.0_Manual

• LANDesk Patch News Bulletin: Microsoft Silverlight 1.0 Update Version 1.0.30716.0 is Available 17-SEP-2008

• http://support.microsoft.com/kb/955305

• Vulnerability ID: 941422v2

• LANDesk Patch News Bulletin: Microsoft Windows SharePoint Services 3.0 hotfix Package is Available 17-SEP-2008

• http://support.microsoft.com/kb/941422

• Vulnerability ID: 953405_ENU

• LANDesk Patch News Bulletin: Microsoft has Released KB 953405 to Resolve a Security Vulnerability in MS Office XP 18-SEP-2008

• http://support.microsoft.com/kb/953405

• Vulnerability ID: MS08-053v2(NOR)

• LANDesk Patch News Bulletin: Microsoft Revision to MS08-053 for Norwegian 18-SEP-2008

• http://www.microsoft.com/technet/security/Bulletin/MS08-053.mspx

• Vulnerability ID: MS08-054v2(NOR)

• LANDesk Patch News Bulletin: Microsoft Re-Release of MS08-054 for Norwegian 18-SEP-2008

• http://www.microsoft.com/technet/security/Bulletin/MS08-054.mspx

• Vulnerability ID: VC2K8SP1REDIST

• LANDesk Patch News Bulletin: Microsoft Visual C++ 2008 SP1 Redistributable Package is Available 18-SEP-2008

• http://www.microsoft.com/downloads/details.aspx?FamilyID=a5c84275-3b97-4ab7-a40d-3802b2af5fc2&DisplayLang=en

• Vulnerability ID: IE7MUI

• LANDesk Patch News Bulletin: Microsoft Internet Exporer 7 MUI Pack is Available 18-SEP-2008

• http://www.microsoft.com/downloads/details.aspx?familyid=F29D348A-78F9-47AD-92EB-632F9621BC84&displaylang=en

Blocked Application Content

Vulnerability Definitions - Twenty three new vulnerability definitions were added this week to the Blocked Applications content. See the second link below for some advice on "Best Practices".

• Vulnerability ID: See community bulletin below for details

• LANDesk Patch News Bulletin: Blocked Application Content for September 2008

• Blocked Applications best practices

LANDesk Updates

Vulnerability Definitions - A new LANDesk Update was released this week to address a vulnerability in the Intel QIP service which could result in remote execution of code. One vulnerability is for LDMS 8.7 and the other is for LDMS 8.8. See the links below for more details.

• Vulnerability ID: LD-QIP-16209-875 & LD-QIP-16209-882

• LANDesk Patch News Bulletin: LANDesk Update Patch for Intel QIP Service Vulnerability 19-SEP-2008

• Vulnerability in Intel QIP Service

Mac Content

Vulnerability Definitions - Apple released its security update for this month as well as the latest Leopard update, 10.5.5. It is recommended that these be applied as soon as possible.

• Vulnerability ID: There are multiple vulnerabilities for this release see community bulletin below for details

• LANDesk Patch News Bulletin: Apple has Released Security Update 2008-006 16-SEP-2008

• http://www.apple.com/support/downloads/index.html

• Vulnerability ID: There are multiple vulnerabilities for this release see community bulletin below for details

• LANDesk Patch News Bulletin: Apple has Released the 10.5.5 Update for Mac OS X Leopard 16-SEP-2008

• http://www.apple.com/support/downloads/index.html

Linux Content

Vulnerability Definitions

Spyware Updates

Definitions

• LRD Version 331

• LANDesk Patch News Bulletin: Spyware LRD 331 is available on 16-SEP-2008

• Community.LANDesk.com

• Core.aawdef Version 119

• LANDesk Patch News Bulletin: Core.Aawdef 119 is Available on 16-SEP-2008

• Community.LANDesk.com

Antivirus Updates

Definitions

• Sometimes a virus shows up that does not have a definition yet. This is true for all viruses when they are first written. These are called "zero day" viruses. The following link provides instructions on how these samples can be sent to LANDesk for inclusion in our Antivirus pattern files.

• How to send LANDesk an infected or suspicious file

• Community.LANDesk.com

• Virus Watch from our partner Kaspersky Lab

• Virus Watch

LANDesk^® Tips

LDMS 8.8 SP2 offers more than just bugfixes

• Last week, LANDesk released Service Pack 2 for LANDesk^® Management Suite 8.8*. In addition to bugfixes, SP2 delivers some exciting new functionality. The LANDesk^® LaunchPad helps administrators manage applications simply and efficiently, while advanced Power Management capabilities provide a way to support business productivity while reducing energy costs. Read more below:*

• LDMS 8.8 SP2 is Available

• Download the latest Service Pack for LANDesk Software products

Security News

Are you "HIP"S with security?

• This week's security article is an interesting one about "Carpet Bombing" and "Directory Poisoning" attacks executed through Web browsers your end-user maybe using. This article provides two possible ways of protecting your environment from these kinds of attacks, but fails to point out one other way you can protect your network.

What do you do if your end-users don't want to run Vista or change their browser settings? Try using LANDesk Security Suite's Host Intrusion Prevention System (HIPS). With HIPS a LANDesk Administrator has the ability to control which programs can and cannot create files on the system.

• Carpet Bombing and Directory Poisoning

• CERT - Home of the well-known CRT Coordination Center

Where to Send Feedback

At LANDesk, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you-our partners and customers-in providing the best possible solutions to meet your needs now and in the future. Please continue to provide feedback by contacting our local support organization.

Best regards,

LANDesk Product Support

Copyright © 2008 LANDesk Software. All rights reserved. LANDesk is either a registered trademark or trademark of LANDesk Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.

Information in this document is provided for information purposes only. The information presented here is subject to change without notice. This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDesk disclaims any liability with respect to this document and LANDesk has no responsibility or liability for any third party products of any content contained on any site referenced herein. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit [http://www.landesk.com/].