Microsoft Security Bulletin(s) for December 2007

NICK ADSL UK · Dec 11, 2007

Microsoft Security Bulletin(s) for 12/11/2007

December 11, 2007

Today Microsoft released the following Security Bulletin(s).

http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should
be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Critical (3)

Microsoft Security Bulletin MS07-064
Vulnerabilities in DirectX Could Allow Remote Code Execution 941568
http://go.microsoft.com/fwlink/?LinkId=104988

Microsoft Security Bulletin MS07-068
Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)
http://go.microsoft.com/fwlink/?LinkId=99075

Microsoft Security Bulletin MS07-069
Cumulative Security Update for Internet Explorer (942615)
http://go.microsoft.com/fwlink/?LinkID=101160

Important (4)

Microsoft Security Bulletin MS07-063
Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)
http://go.microsoft.com/fwlink/?LinkID=104920

Microsoft Security Bulletin MS07-065
Vulnerability in Message Queuing Could Allow Remote Code Execution (937894)
http://go.microsoft.com/fwlink/?LinkID=94666

Microsoft Security Bulletin MS07-066
Vulnerability in Windows Kernel Could Allow Elevation of Privilege 943078
http://go.microsoft.com/fwlink/?LinkID=104898

Microsoft Security Bulletin MS07-067
Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)
http://go.microsoft.com/fwlink/?LinkId=104987

This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

NICK ADSL UK · Dec 11, 2007

Malicious Software Removal Tool
Published: January 11, 2005 | Updated: December 11, 2007

New Additions
We have added detection and cleaning capabilities for the following malicious software:

• Fotomoto
http://go.microsoft.com/fwlink/?linkid=37020&name=Win32/Fotomoto

NICK ADSL UK · Dec 11, 2007

TechNet Webcast: Information About Microsoft December Security Bulletins (Level 200)
Event ID: 1032344696

Language(s): English.
Product(s): Security.
Audience(s): IT Professionals.

Duration: 60 Minutes
Start Date: Wednesday, December 12, 2007 11:00 AM Pacific Time (US & Canada)

Event Overview

On December 11, 2007, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the December security bulletins. The intent of this webcast is to address your concerns. Therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from our security experts.

Presenters: Bill Sisk, Response Communications Manager, Microsoft Corporation, and Adrian Stone, Lead Security Program Manager, Microsoft Corporation

Register now for the December security bulletin webcast.

NICK ADSL UK · Dec 12, 2007

December 2007 Security Releases ISO Image
Brief Description

This DVD5 ISO image file contains the security updates for Windows released on Windows Update on December 11th, 2007.

verview
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on December 11th, 2007. The image does not contain security updates for other Microsoft products. This DVD5 ISO image is intended for administrators that need to download multiple individual language versions of each security update and that do not use an automated solution such as Windows Server Update Services (WSUS). You can use this ISO image to download multiple updates in all languages at the same time.

Important: Be sure to check the individual security bulletins at http://www.microsoft.com/technet/security prior to deployment of these updates to ensure that the files have not been updated at a later date.

http://www.microsoft.com/downloads/...ce-9b87-411c-8147-c17f33590f96&DisplayLang=en

NICK ADSL UK · Dec 14, 2007

MS06-069 Cumulative Security Update for Internet Explorer - Bulletin Webpage Upload Times

Hi, this is Kieron, the MSRC Program Manager responsible for Internet Explorer.

On Tuesday we released MS06-069 Cumulative Security Update for Internet Explorer. Since then, we have had reports from some customers experiencing difficulties loading the Bulletin webpage. We have received reports that pages are slow to load, not found or timing out. Please be assured that this does not affect the installation or downloading of the actual package. The issue only affects the web page displaying the bulletin details.

Background on the issue

The reason customers are only experiencing these issues with the IE bulletin is due to the amount of detail in the bulletin text. Over time, the File Information section has grown. Given all Internet Explorer security updates are cumulative, the File Information section has grown with each release. We do this so customers only need to install the latest Internet Explorer security update to be protected.

We are now at a point where the page related to the bulletin text is taking too long to load, resulting in the issues customers have been reporting to us. We have therefore decided to move the File Information details into the Knowledge Base article associated with the bulletin. We have only made the change to MS06-069 Cumulative Security Update for Internet Explorer Bulletin. This will reduce the size of the page allowing it to load faster and more reliably. We had planned to move the File Information details into the Knowledge Base early next year, but because customers are affected today, we decided to make the changes sooner.

What does this mean?

* I have updated MS06-069 Cumulative Security Update for Internet Explorer and removed the File Information details.
* The File Information details have been moved to KB942615.
* No action is required of customers given the actual security packages were not changed.

We will be listening closely to customer feedback on the changes I have made to MS06-069 Cumulative Security Update for Internet Explorer. If these changes are successful, we will look at implementing this into all future security updates.

Thanks,

Kieron Shorrock
Click to expand...

http://blogs.technet.com/msrc/archi...t-explorer-bulletin-webpage-upload-times.aspx

NICK ADSL UK · Dec 19, 2007

Microsoft Security Bulletin MS07-069 - Critical
Cumulative Security Update for Internet Explorer (942615)
Published: December 11, 2007 | Updated: December 18, 2007

Version: 1.2

General Information
Executive Summary
This critical security update resolves four privately reported vulnerabilities. The most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The security update is rated moderate for Internet Explorer 6 and 7 on Windows Server 2003. For all other supported releases of Internet Explorer, this security update is rated critical. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles access to freed memory. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation. Microsoft recommends that customers apply the update immediately.

http://www.microsoft.com/technet/security/bulletin/ms07-069.mspx

Log in or Sign up

Microsoft Security Bulletin(s) for December 2007

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

Log in or Sign up

Microsoft Security Bulletin(s) for December 2007

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

Useful Searches