Microsoft Security Bulletin Summary for April 2007

Microsoft Security Bulletin Summary for April 2007
Published: April 3, 2007

Version: 1.0

This bulletin summary lists security bulletins released for April 2007.

The bulletin summary released on April 3, 2007 includes Microsoft Security Bulletin MS07-017. Microsoft will update this bulletin summary with any other security bulletins that release on April 10 or on any other day of the month, as deemed appropriate

http://www.microsoft.com/technet/security/bulletin/ms07-apr.mspx

Critical (1)
Bulletin Identifier Microsoft Security Bulletin MS07-017
Bulletin Title
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
Executive Summary
This update resolves vulnerabilities in GDI that could allow remote code execution
http://www.microsoft.com/technet/security/bulletin/ms07-017.mspx

Please note the above updates are now available from the Microsoft update website
http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

TechNet Webcast: Information About Microsoft April Security Bulletins (Level 200)
Event ID: 1032327017


Language(s): English.
Product(s): Security.
Audience(s): IT Professional.

Duration: 60 Minutes
Start Date: Wednesday, April 11, 2007 11:00 AM Pacific Time (US & Canada)




Event Overview

On April 10, 2007, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the April security bulletins. The intent of this webcast is to address your concerns. Therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from our security experts.

Presenters: Christopher Budd, CISA, CISM, CISSP, ISSMP Security Program Manager, PSS Security, Microsoft Corporation and Mike Reavey, Lead Security Program Manager, Microsoft Corporation

Register now for the May security bulletin webcast.

 

April 2007 Advance Notification
Hello everyone,

 

Microsoft Security Bulletin(s) for 4/10/2007


April 10, 2007
Today Microsoft released the following Security Bulletin(s).

This Microsoft Security Bulletin Summary for April 2007 courtesy of Melissa Travers (Microsoft MVP Lead Security)

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://www.microsoft.com/technet/security/Bulletin/ms07-Apr.mspx

Critical Bulletins:

Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939)
http://www.microsoft.com/technet/security/Bulletin/ms07-018.mspx

Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261)
http://www.microsoft.com/technet/security/Bulletin/ms07-019.mspx

Vulnerability in Microsoft Agent Could Allow Remote Code Execution 932168
http://www.microsoft.com/technet/security/Bulletin/ms07-020.mspx

Vulnerabilities in CSRSS Could Allow Remote Code Execution 930178
http://www.microsoft.com/technet/security/Bulletin/ms07-021.mspx


Released out of band on April 3rd – Critical Bulletin
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
http://www.microsoft.com/technet/security/Bulletin/ms07-017.mspx

Important Bulletins:

Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784)
http://www.microsoft.com/technet/security/Bulletin/ms07-022.mspx

This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338 International customers should contact their local subsidiary

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Malicious Software Removal Tool
Published: January 11, 2005 | Updated: April 10, 2007

New Additions
We have added detection and cleaning capabilities for the following malicious software:

Funner
http://go.microsoft.com/fwlink/?linkid=37020&name=Win32/Funner

See the complete list of malicious software cleaned by this tool.
http://www.microsoft.com/security/malwareremove/families.mspx

 

April 2007 Security Releases ISO Image
Brief Description
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on April 10th, 2007.

Overview
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on April 10th, 2007. The image does not contain security updates for other Microsoft products. This DVD5 ISO image is intended for corporate administrators who manage large multinational organizations, who need to download multiple individual language versions of each security update and who do not use an automated solution such as WSUS. Use this image to download multiple updates in all languages at the same time.

Caution: Be sure to check the individual security bulletins at http://www.microsoft.com/technet/security prior to deployment of these updates to ensure that the files have not been updated at a later date.

http://www.microsoft.com/downloads/...4b-de00-47d8-bc4c-b57cd3b37cf3&DisplayLang=en

 

Microsoft Security Bulletin Minor Revisions
Title: Microsoft Security Bulletin Minor Revisions Issued: April 10, 2007

The following bulletins have undergone a minor revision increment. Please see the appropriate bulletin for more details.

* MS07-020

http://www.microsoft.com/technet/security/bulletin/ms07-020.mspx

- Reason for Revision: Bulletin Revised: Updated the File Information table for Windows Server 2003 platforms to include all updated files and correct file versions.

- Originally posted: April 10, 2007 - Updated: April 10, 2007 - Bulletin Severity Rating: Critical - Version: 1.1

* MS05-026

- http://www.microsoft.com/technet/security/bulletin/ms05-026.mspx

- Reason for Revision: Bulletin supersedence table in the FAQsection revised to include MS02-055.

- Originally posted: June 14, 2005 - Updated: April 10, 2007 - Bulletin Severity Rating: Critical - Version: 1.2