Microsoft Security Bulletin(s) October 2007

Microsoft Security Bulletin(s) for 10/09/2007

Note: There may be latency issues due to replication, if the page does not display keep refreshing

October 9, 2007
Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://www.microsoft.com/technet/security/Bulletin/ms07-Oct.mspx

Critical Bulletins:
Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)
http://www.microsoft.com/technet/security/Bulletin/ms07-055.mspx

Security Update for Outlook Express and Windows Mail (941202)
http://www.microsoft.com/technet/security/Bulletin/ms07-056.mspx

Cumulative Security Update for Internet Explorer (939653)
http://www.microsoft.com/technet/security/Bulletin/ms07-057.mspx

Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)
http://www.microsoft.com/technet/security/Bulletin/ms07-060.mspx

Important Bulletins:

Vulnerability in RPC Could Allow Denial of Service (933729)
http://www.microsoft.com/technet/security/Bulletin/ms07-058.mspx

Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)
http://www.microsoft.com/technet/security/Bulletin/ms07-059.mspx

This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

TechNet Webcast: Information About Microsoft October Security Bulletins (Level 200)
Event ID: 1032344692
Register Online [/B]

Language(s): English.
Product(s): Security.
Audience(s): IT Professionals.

Duration: 60 Minutes
Start Date: Wednesday, October 10, 2007 11:00 AM Pacific Time (US & Canada)

Event Overview

On October 9, 2007, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the October security bulletins. The intent of this webcast is to address your concerns. Therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from our security experts.

Presenters: Christopher Budd, Security Program Manager, Microsoft Corporation, and Mike Reavey, Group Manager MSRC, Microsoft Corporation

Register now for the October security bulletin webcast.

 

Malicious Software Removal Tool
Published: January 11, 2005 | Updated: October 9, 2007

New Additions
We have added detection and cleaning capabilities for the following malicious software:

• Rjump

http://go.microsoft.com/fwlink/?linkid=37020&name=Win32/Rjump

 

Title: Microsoft Security Bulletin Re-Release
Issued: October 10, 2007
********************************************************************

Summary
=======
The following bulletin has undergone a major revision increment.
Please see the bulletin for more detail.

Bulletin Information:
=====================

MS07-056 - Critical
http://www.microsoft.com/technet/security/bulletin/ms07-056.mspx
Reason for Revision: Revised to include Windows XP Professional
x64 Edition in the Affected Software section; Known Issues
set to none; Corrected missing file information to the
bulletin text for Outlook Express 6.0 Service Pack 1 on
Windows 2000 Service pack 4 and Outlook Express 5.5 Service
Pack 2 on Windows 2000 Service pack 4.
Originally posted: October 9, 2007
Updated: October 10, 2007
Bulletin Severity Rating: Critical
Version: 2.0

 

********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: October 17, 2007
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS07-055 - Critical
* MS07-060 - Critical

Bulletin Information:
=====================

* MS07-055 - Critical
http://www.microsoft.com/technet/security/bulletin/ms07-055.mspx


- Reason for Revision: Bulletin updated to include Windows XP x64
Edition among non-affected software.
- Originally posted: October 9, 2007
- Updated: October 17, 2007
- Bulletin Severity Rating: Critical
- Version: 1.1


* MS07-060 - Critical

http://www.microsoft.com/technet/security/bulletin/ms07-060.mspx

- Reason for Revision: Bulletin updated: Vulnerability FAQ updated
to explain the nature of the update and plans for addressing
similar stability issues.
- Originally posted: October 9, 2007
- Updated: October 17, 2007
- Bulletin Severity Rating: Critical
- Version: 1.2

 

Microsoft Security Advisory (943521)
URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution
Published: October 10, 2007 | Updated: October 25, 2007

Microsoft is investigating public reports of a remote code execution vulnerability in supported editions of Windows XP and Windows Server 2003 with Windows Internet Explorer 7 installed. Microsoft is aware of proof of concept code that has been posted publicly and is continuing to investigate public reports. We are also aware of attacks that try to use the reported vulnerability.

This vulnerability does not affect Windows Vista or any supported editions of Windows where Internet Explorer 7 is not installed.

Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.

International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

http://www.microsoft.com/technet/security/advisory/943521.mspx