Microsoft Security Bulletin Summary for January 2007

Microsoft Security Bulletin Summary for January 2007

http://www.microsoft.com/technet/security/bulletin/ms07-jan.mspx

Critical (3)
Bulletin Identifier Microsoft Security Bulletin MS07-002
Bulletin Title
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution 927198
Executive Summary
This update resolves vulnerabilities in Excel that could allow remote code execution.
http://go.microsoft.com/fwlink/?LinkId=76262

Bulletin Identifier Microsoft Security Bulletin MS07-003
Bulletin Title
Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution 925938
Executive Summary
This update resolves vulnerabilities in Outlook that could allow remote code execution.
http://go.microsoft.com/fwlink/?LinkId=75735

Bulletin Identifier Microsoft Security Bulletin MS07-004
Bulletin Title
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)
Executive Summary
This update resolves vulnerabilities in Internet Explorer that could allow remote code execution.
http://go.microsoft.com/fwlink/?LinkId=79967

Important (1)
Bulletin Identifier Microsoft Security Bulletin MS07-001
Bulletin Title
Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585)
Executive Summary
This update resolves a vulnerability in Office that could allow remote code execution. User interaction is required for an attacker to exploit these vulnerabilities.
http://go.microsoft.com/fwlink/?LinkId=80464

Affected Software and Download Locations
http://www.microsoft.com/technet/security/bulletin/ms07-jan.mspx

This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Webcast
Microsoft will host a webcast tomorrow. The webcast focuses on addressing your questions and concerns about the security bulletins. Therefore, most of the live webcast is aimed at giving you the opportunity to ask questions and get answers from their security experts.

Start Time: Wednesday, Janauary 10th, 2007 11:00 AM Pacific Time (US & Canada)
End Time: Wednesday, Janauary 10th, 2007 12:00 PM Pacific Time (US & Canada)

Presenter: Christopher Budd, CISA, CISM, CISSP, ISSMP Security Program Manager, PSS Security, Microsoft Corporation and Mike Reavey, Lead Security Program Manager, Microsoft Corporation

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Malicious Software Removal Tool
Published: January 11, 2005 | Updated: Janauary 9 2007


The Microsoft Windows Malicious Software Removal Tool checks computers running Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom—and helps remove any infection found. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed.

Microsoft releases an updated version of this tool on the second Tuesday of each month, and as needed to respond to security incidents. The tool is available from Microsoft Update, Windows Update and the Microsoft Download Center.

Note The version of the tool delivered by Microsoft Update and Windows Update runs in the background and then reports if an infection is found. If you would like to run this tool more than once a month, use the version on this Web page or install the version that is available in the Download Center.

Because computers can appear to function normally when infected, Microsoft advises you to run this tool even if your computer seems to be fine. You should also use up-to-date antivirus software to help protect your computer from other malicious software.

To download the latest version of this tool, please visit the Microsoft Download Center.
http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us

 

Windows Malicious Software Removal Tool - January 2007 (KB890830)
Malicious Software Encyclopedia: Win32/Haxdoor

Win32/Haxdoor is a family of rootkit-capable backdoor trojans which gather and send private user data to remote attackers. Collected data might include user names and passwords, credit card numbers, bank logon credentials, or other sensitive financial information. Files and processes related to a Win32/Haxdoor infection may be hidden by a kernel-mode rootkit component, detected by Microsoft as WinNT/Haxdoor. Win32/Haxdoor can also disable security-related software and redirect the infected user’s URL connection requests. Depending on the version of the operation system infected, Win32/Haxdoor may perform other malicious actions, such as clearing CMOS settings, destroying disk data, and shutting down Windows unexpectedly.

New Additions

We have added detection and cleaning capabilities for the following malicious software:

Haxdoor/ Technical Analysis
http://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32/Haxdoor