AP - The Pentagon has banned, at least temporarily, the use of external computer flash drives because of a virus threat officials detected on Defense Department networks.

AFP - Some Defense Department computer networks have been infected with a "global virus" and steps are being taken to mitigate it, the Pentagon said Friday.

AFP - China has developed a sophisticated cyber warfare program and stepped up its capacity to penetrate US computer networks to extract sensitive information, a US congressional panel warned.

CNET - Teens and young adults interested in downloading High School Musical-related music and video on peer-to-peer networks should be wary of malware, warns Panda Security.

Revision Note: November 12, 2008: Removed an incorrect reference that Windows Server 2008 Server Core installation is affected. Added an entry to Frequently Asked Questions to communicate that users with Windows Server 2008 Server Core installation will still be offered but do not need to install this update. Advisory Summary:Microsoft is releasing a new set of ActiveX kill bits with this advisory.

Revision Note: Advisory published Advisory Summary:Security Advisory

Revision Note: October 9, 2008: Added information regarding the public availability of exploit code. Advisory Summary:Security Advisory

Revision Note: August 13, 2008: Updated to include links to HP’s Advisories Advisory Summary:Microsoft is releasing a new set of ActiveX kill bits with this advisory.

Revision Note: Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a private report of this vulnerability. We have issued MS08-041 to address this issue. For more information about this issue, including download links for an available security update, please review MS08-041. The vulnerability addressed is the Snapshot Viewer Arbitrary File Download Vulnerability - CVE-2008-2463.

Revision Note: August 12, 2008: Added entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update to communicate that the re-release of the update to fix a known installation issue with Windows Server 2008 systems is now available via Microsoft Update. Advisory Summary:Microsoft has completed the investigation into public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft confirmed those reports and has released an update to correct this issue under Microsoft Knowledge Base Article 954960. Microsoft encourages customers affected by this issue to review and install this update.

Revision Note: Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS08-042 to address this issue. For more information about this issue, including download links for an available security update, please review MS08-042. The vulnerability addressed is the Word Record Parsing Vulnerability - CVE-2008-2244.

Revision Note: July 25, 2008: Advisory published. Advisory Summary:Microsoft released Microsoft Security Bulletin MS08-037, Vulnerabilities in DNS Could Allow Spoofing (953230), on July 8, 2008, offering security updates to protect customers against Windows Domain Name System (DNS) spoofing attacks. Microsoft released this update in coordination with other DNS vendors who were also similarly impacted. Since the coordinated release of these updates, the threat to DNS systems has increased due to a greater public understanding of the attacks, as well as detailed exploit code being published on the Internet.

Revision Note: July 2, 2008: Updated the Suggested Actions. Advisory Summary:Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed. Safari is not installed with Windows XP or Windows Vista by default; it must be installed independently or through the Apple Software Update application. Customers running Safari on Windows should review this advisory.

Revision Note: June 25, 2008: Removed erroneous references to form field and cookie value testing from the HP Scrawlr tool description. Advisory Summary:Microsoft is aware of a recent escalation in a class of attacks targeting Web sites that use Microsoft ASP and ASP.NET technologies but do not follow best practices for secure Web application development. These SQL injection attacks do not exploit a specific software vulnerability, but instead target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. When a SQL injection attack succeeds, an attacker can compromise data stored in these databases and possibly execute remote code. Clients browsing to a compromised server could be forwarded unknowingly to malicious sites that may install malware on the client machine.