Infosecurity.US

**************************************
Microsoft Security Bulletin Advance Notification for November 2008
Issued: November 6, 2008
**************************************

This is an advance notification of security bulletins that
Microsoft is intending to release on November 11, 2008.

The full version of the Microsoft Security Bulletin Advance
Notification for November 2008 can be found at
http://www.microsoft.com/technet/security/bulletin/ms08-nov.mspx.

This bulletin advance notification will be replaced with the
November bulletin summary on November 11, 2008. For more information
about the bulletin advance notification service, see
http://www.microsoft.com/technet/security/Bulletin/advance.mspx.

To receive automatic notifications whenever Microsoft Security
Bulletins are issued, subscribe to Microsoft Technical Security
Notifications on
http://www.microsoft.com/technet/security/bulletin/notify.mspx.

Microsoft will host a webcast to address customer questions on
these bulletins on Wednesday, November 12, 2008,
at 11:00 AM Pacific Time (US & Canada). Register for the November
Security Bulletin Webcast at
http://www.microsoft.com/technet/security/bulletin/summary.mspx.

Microsoft also provides information to help customers prioritize
monthly security updates with any non-security, high-priority
updates that are being released on the same day as the monthly
security updates. Please see the section, Other Information.

This advance notification provides the software subject as the
bulletin identifier, because the official Microsoft Security
Bulletin numbers are not issued until release. The bulletin summary
that replaces this advance notification will have the proper
Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the
bulletin identifier. The security bulletins for this month are as
follows, in order of severity:

Critical Security Bulletins
===========================

Windows Bulletin 1

- Affected Software:
- Microsoft XML Core Services 3.0 on
Microsoft Windows 2000 Service Pack 4
- Microsoft XML Core Services 4.0 when installed on
Microsoft Windows 2000 Service Pack 4
- Microsoft XML Core Services 6.0 when installed on
Microsoft Windows 2000 Service Pack 4
- Microsoft XML Core Services 3.0 on
Windows XP Service Pack 2 and
Windows XP Service Pack 3
- Microsoft XML Core Services 4.0 when installed on
Windows XP Service Pack 2 and
Windows XP Service Pack 3
- Microsoft XML Core Services 6.0 when installed on
Windows XP Service Pack 2 and
Windows XP Service Pack 3
- Microsoft XML Core Services 3.0 on
Windows XP Professional x64 Edition and
Windows XP Professional x64 Edition Service Pack 2
- Microsoft XML Core Services 4.0 when installed on
Windows XP Professional x64 Edition and
Windows XP Professional x64 Edition Service Pack 2
- Microsoft XML Core Services 6.0 when installed on
Windows XP Professional x64 Edition and
Windows XP Professional x64 Edition Service Pack 2
- Microsoft XML Core Services 3.0 on
Windows Server 2003 Service Pack 1 and
Windows Server 2003 Service Pack 2
- Microsoft XML Core Services 4.0 when installed on
Windows Server 2003 Service Pack 1 and
Windows Server 2003 Service Pack 2
- Microsoft XML Core Services 6.0 when installed on
Windows Server 2003 Service Pack 1 and
Windows Server 2003 Service Pack 2
- Microsoft XML Core Services 3.0 on
Windows Server 2003 x64 Edition and
Windows Server 2003 x64 Edition Service Pack 2
- Microsoft XML Core Services 4.0 when installed on
Windows Server 2003 x64 Edition and
Windows Server 2003 x64 Edition Service Pack 2
- Microsoft XML Core Services 6.0 when installed on
Windows Server 2003 x64 Edition 1 and
Windows Server 2003 x64 Edition Service Pack 2
- Microsoft XML Core Services 3.0 on
Windows Server 2003 with SP1 for Itanium-based Systems and
Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft XML Core Services 4.0 when installed on
Windows Server 2003 with SP1 for Itanium-based Systems and
Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft XML Core Services 6.0 when installed on
Windows Server 2003 with SP1 for Itanium-based Systems and
Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft XML Core Services 3.0 on
Windows Vista and
Windows Vista Service Pack 1
- Microsoft XML Core Services 4.0 when installed on
Windows Vista and
Windows Vista Service Pack 1
- Microsoft XML Core Services 6.0 when installed on
Windows Vista and
Windows Vista Service Pack 1
- Microsoft XML Core Services 3.0 on
Windows Vista x64 Edition and
Windows Vista x64 Edition Service Pack 1
- Microsoft XML Core Services 4.0 when installed on
Windows Vista x64 Edition and
Windows Vista x64 Edition Service Pack 1
- Microsoft XML Core Services 6.0 when installed on
Windows Vista x64 Edition and
Windows Vista x64 Edition Service Pack 1
- Microsoft XML Core Services 3.0 on
Windows Server 2008 for 32-bit Systems
(Windows Server 2008 Server Core installation not affected)
- Microsoft XML Core Services 4.0 when installed on
Windows Server 2008 for 32-bit Systems
(Windows Server 2008 Server Core installation not affected)
- Microsoft XML Core Services 6.0 when installed on
Windows Server 2008 for 32-bit Systems
(Windows Server 2008 Server Core installation not affected)
- Microsoft XML Core Services 3.0 on
Windows Server 2008 for x64-based Systems
(Windows Server 2008 Server Core installation not affected)
- Microsoft XML Core Services 4.0 when installed on
Windows Server 2008 for x64-based Systems
(Windows Server 2008 Server Core installation not affected)
- Microsoft XML Core Services 6.0 when installed on
Windows Server 2008 for x64-based Systems
(Windows Server 2008 Server Core installation not affected)
- Microsoft XML Core Services 3.0 on
Windows Server 2008 for Itanium-based Systems
- Microsoft XML Core Services 4.0 when installed on
Windows Server 2008 for Itanium -based Systems
- Microsoft XML Core Services 6.0 when installed on
Windows Server 2008 for Itanium -based Systems
- Microsoft XML Core Services 5.0 on
Microsoft Office 2003 Service Pack 3
- Microsoft XML Core Services 5.0 on
Microsoft Word Viewer 2003 Service Pack 3
- Microsoft XML Core Services 5.0 on
2007 Microsoft Office System and
2007 Microsoft Office System Service Pack 1
- Microsoft XML Core Services 5.0 on
Microsoft Office Compatibility Pack for Word, Excel, and
PowerPoint 2007 File Formats and
Microsoft Office Compatibility Pack for Word, Excel, and
PowerPoint 2007 File Formats Service Pack 1
- Microsoft XML Core Services 5.0 on
Microsoft Expression Web and
Microsoft Expression Web 2
- Microsoft XML Core Services 5.0 on
Microsoft Office SharePoint Server 2007 and
Microsoft Office SharePoint Server 2007 Service Pack 1
(32-bit editions)
- Microsoft XML Core Services 5.0 on
Microsoft Office SharePoint Server 2007 and
Microsoft Office SharePoint Server 2007 Service Pack 1
(64-bit editions)
- Microsoft XML Core Services 5.0 on
Microsoft Office Groove Server 2007

- Impact: Remote Code Execution
- Version Number: 1.0

Important Security Bulletins
============================

Windows Bulletin 2

- Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2 and
Windows XP Service Pack 3
- Windows XP Professional x64 Edition and
Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1 and
Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition and
Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems and
Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista and
Windows Vista Service Pack 1
- Windows Vista x64 Edition and
Windows Vista x64 Edition Service Pack 1
- Windows Server 2008 for 32-bit Systems
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems

- Impact: Remote Code Execution
- Version Number: 1.0