Microsoft Security Bulletin Summary for August 2007

Discussion in 'other security issues & news' started by NICK ADSL UK, Aug 14, 2007.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Summary for August 14 2007

    August 14 2007
    Today Microsoft released the following Security Bulletin(s).


    Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

    Bulletin Summary:
    http://www.microsoft.com/technet/security/Bulletin/ms07-Aug.mspx

    Critical Bulletins:

    Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
    http://www.microsoft.com/technet/security/Bulletin/ms07-042.mspx

    Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)
    http://www.microsoft.com/technet/security/Bulletin/ms07-043.mspx

    Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)
    http://www.microsoft.com/technet/security/Bulletin/ms07-044.mspx

    Cumulative Security Update for Internet Explorer (937143)
    http://www.microsoft.com/technet/security/Bulletin/ms07-045.mspx

    Vulnerability in GDI Could Allow Remote Code Execution (938829)
    http://www.microsoft.com/technet/security/Bulletin/ms07-046.mspx

    Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)
    http://www.microsoft.com/technet/security/Bulletin/ms07-050.mspx

    Important Bulletins:


    Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)
    http://www.microsoft.com/technet/security/Bulletin/ms07-047.mspx

    Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)
    http://www.microsoft.com/technet/security/Bulletin/ms07-048.mspx

    Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
    http://www.microsoft.com/technet/security/Bulletin/ms07-049.mspx

    Re-Released Bulletins:

    Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)
    http://www.microsoft.com/technet/security/Bulletin/ms06-038.mspx

    This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338 International customers should contact their local subsidiary

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    TechNet Webcast: Information About Microsoft August Security Bulletins (Level 200)
    Event ID: 1032344688

    Event Overview
    On August 14, 2007, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the August security bulletins. The intent of this webcast is to address your concerns. Therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from our security experts.

    Presenters: Christopher Budd, CCE, CISA, CISM, CISSP, and ISSMP Security Program Manager, Microsoft Corporation, and Mike Reavey, Lead Security Program Manager, Microsoft Corporation

    Register now for the August security bulletin webcast.
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS07-045 - Critical

    Microsoft Security Bulletin MS07-045 - Critical
    Cumulative Security Update for Internet Explorer (937143)
    Published: August 14, 2007 | Updated: August 29, 2007

    Version: 1.2

    General Information
    Executive Summary
    This critical security update resolves three privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    The security update is rated critical for supported releases of Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1. For Internet Explorer 6 for supported versions and editions of Windows XP Home and Windows XP Professional, the security update is also rated critical, otherwise it is rated moderate for other supported operating systems. For Internet Explorer 7 for supported versions and editions of Windows XP and Windows XP Professional, and Internet Explorer 7 in Windows Vista, the security update is rated Important, otherwise it is rated low. For more information, see the subsection, Affected and Non-Affected Software, in this section.

    The security update addresses two vulnerabilities by setting the kill bit for ActiveX controls, and addresses the third vulnerability by modifying the way that Internet Explorer handles certain strings in CSS files. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

    Recommendation. Microsoft recommends that customers apply the update immediately.

    http://www.microsoft.com/technet/security/bulletin/ms07-045.mspx
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS07-044 - Critical

    Microsoft Security Bulletin MS07-044 - Critical
    Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)
    Published: August 14, 2007 | Updated: August 29, 2007
    General Information
    Executive Summary

    This security update resolves a privately reported vulnerability in addition to other security issues identified during the course of the investigation. These vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    This is a critical security update for supported editions of Microsoft Office 2000. For supported editions of Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2004 for Mac, this update is rated important. This update is also rated important for the Excel Viewer 2003. For more information, see the subsection, Affected and Non-Affected Software, in this section.

    This security update addresses these vulnerabilities by modifying the way that Microsoft Excel handles specially crafted Excel files. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

    Recommendation. Microsoft recommends that customers apply the update immediately.

    Known Issues. None

    http://www.microsoft.com/technet/security/bulletin/ms07-044.mspx
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS07-046 - Critical

    Microsoft Security Bulletin MS07-046 - Critical
    Vulnerability in GDI Could Allow Remote Code Execution (938829)
    Published: August 14, 2007 | Updated: August 29, 2007

    Version: 1.1

    General Information
    Executive Summary
    This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in the Graphics Rendering Engine in the way that it handles specially crafted images. An attacker could exploit the vulnerability by constructing a specially crafted image that could potentially allow remote code execution if a user opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    This is a critical security update for all supported editions of Windows except Windows 2003 Server Service Pack 2 and Windows Vista. For more information, see the subsection, Affected and Non-Affected Software, in this section.

    This security update addresses the vulnerability by modifying the way that the Graphics Rendering Engine handles images. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

    Recommendation: Microsoft recommends that customers apply the security update immediately.

    Known Issues: None.

    http://www.microsoft.com/technet/security/bulletin/ms07-046.mspx
     
  8. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS07-047 - Important

    Microsoft Security Bulletin MS07-047 - Important
    Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)
    Published: August 14, 2007 | Updated: August 29, 2007

    Version: 1.1

    General Information
    Executive Summary
    This important security update resolves two privately reported vulnerabilities. These vulnerabilities could allow code execution if a user viewed a specially crafted file in Windows Media Player. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights

    http://www.microsoft.com/technet/security/bulletin/ms07-047.mspx
     
Loading...
Thread Status:
Not open for further replies.