Microsoft Security Bulletin Summary for February, 2007

Discussion in 'other security issues & news' started by NICK ADSL UK, Feb 13, 2007.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Summary for February, 2007
    Published: February 12, 2007
    Version: 1.0

    http://www.microsoft.com/technet/security/bulletin/ms07-feb.mspx


    Critical (6)
    Bulletin Identifier Microsoft Security Bulletin MS07-008
    Bulletin Title
    Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843)
    Executive Summary
    This update resolves a vulnerability in HTML Help that could allow remote code execution
    http://go.microsoft.com/fwlink/?LinkId=81191


    Bulletin Identifier Microsoft Security Bulletin MS07-009
    Bulletin Title
    Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution(927779)
    Executive Summary
    This update resolves a vulnerability in Microsoft Data Access Components that could allow remote code execution.
    http://go.microsoft.com/fwlink/?LinkId=80877

    Bulletin Identifier Microsoft Security Bulletin MS07-010
    Bulletin Title
    Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135)
    Executive Summary
    This update resolves a vulnerability in the Microsoft Malware Protection Engine that could allow remote code execution
    http://go.microsoft.com/fwlink/?LinkId=82708

    Bulletin Identifier Microsoft Security Bulletin MS07-014
    Bulletin Title
    Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434)
    Executive Summary
    This update resolves vulnerabilities in Microsoft Word that could allow remote code execution.
    http://go.microsoft.com/fwlink/?LinkId=82736

    Bulletin Identifier Microsoft Security Bulletin MS07-015

    Bulletin Title
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554)
    Executive Summary
    This update resolves vulnerabilities in Microsoft Office that could allow remote code execution.
    http://go.microsoft.com/fwlink/?LinkId=82738

    Bulletin Identifier Microsoft Security Bulletin MS07-016
    Bulletin Title
    Cumulative Security Update for Internet Explorer (928090)
    Executive Summary
    This update resolves vulnerabilities in Internet Explorer that could allow remote code execution
    http://go.microsoft.com/fwlink/?LinkId=79655

    Important (6)
    Bulletin Identifier Microsoft Security Bulletin MS07-005
    Bulletin Title
    Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)
    Executive Summary
    This update resolves a vulnerability in Step-by-Step Interactive Training that could allow remote code execution. User interaction is required to exploit this vulnerability.
    http://go.microsoft.com/fwlink/?LinkId=73911

    Bulletin Identifier Microsoft Security Bulletin MS07-006
    Bulletin Title
    Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)
    Executive Summary
    This update resolves a vulnerability in Windows Shell that could allow elevation of privilege
    http://go.microsoft.com/fwlink/?LinkId=81736

    Bulletin Identifier Microsoft Security Bulletin MS07-007
    Bulletin Title
    Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802)
    Executive Summary
    This update resolves a vulnerability in the Windows Image Acquisition Service that could allow elevation of privilege.
    http://go.microsoft.com/fwlink/?LinkId=77834

    Bulletin Identifier Microsoft Security Bulletin MS07-011
    Bulletin Title
    Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436)
    Executive Summary
    This update resolves a vulnerability in Microsoft OLE Dialog that could allow remote code execution. User interaction is required to exploit this vulnerability
    http://go.microsoft.com/fwlink/?LinkId=78518


    Bulletin Identifier Microsoft Security Bulletin MS07-012

    Bulletin Title
    Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667)
    Executive Summary
    This update resolves a vulnerability in Microsoft MFC that could allow remote code execution. User interaction is required to exploit this vulnerability
    http://go.microsoft.com/fwlink/?LinkId=78446


    Bulletin Identifier Microsoft Security Bulletin MS07-013
    Bulletin Title
    Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution 918118
    Executive Summary
    This update resolves a vulnerability in Microsoft RichEdit that could allow remote code execution. User interaction is required to exploit this vulnerability
    http://go.microsoft.com/fwlink/?LinkId=80463

    Please note that all of the above updates are now available from the Microsoft update website
    http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us


    This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Webcast
    Microsoft will host a webcast tomorrow. The webcast focuses on addressing your questions and concerns about the security bulletins. Therefore, most of the live webcast is aimed at giving you the opportunity to ask questions and get answers from their security experts.

    Start Time: Wednesday, February 14th, 2007 11:00 AM Pacific Time (US & Canada)
    End Time: Wednesday, February 14th, 2007 12:00 PM Pacific Time (US & Canada)


    Presenter: Christopher Budd, CISA, CISM, CISSP, ISSMP Security Program Manager, PSS Security, Microsoft Corporation and Mike Reavey, Lead Security Program Manager, Microsoft Corporation

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Revised: Microsoft Security Bulletin MS07-006
    V1.1 (February, 15 2007):

    Bulletin updated to reflect the appropriate registry key to use on Windows Server 2003 (all versions) to verify the files that this security update has installed. Also clarified the recommendation in the impact of the “Disable the Shell Hardware Detection service” workaround.

    http://www.microsoft.com/technet/security/bulletin/MS07-006.mspx
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft correction for hotfix package 916089
    You receive an access violation when you try to install an update from Windows Update after you apply hotfix package 916089

    SYMPTOMS
    Consider the following scenario. You apply the hotfix package that is described in Microsoft Knowledge Base article 916089. Then, you try to install an update from Windows Update or from Microsoft Update. In this scenario, the Svchost.exe process that runs Windows Update stops responding. Additionally, you receive an access violation. This access violation stops the Server services and the Workstation service. For more information about the symptoms that are addressed by installing the 916089 hot fix, click the following article number to view the article in the Microsoft Knowledge Base:
    916089 http://support.microsoft.com/kb/916089/ When you run Windows Update to scan for updates that use Windows Installer, including Office updates, CPU utilization may reach 100 percent for prolonged periods


    Update replacement information
    This update replaces update 916089.


    Please note that this fix is specific to the following article 916089 and no other Also be sure to read all of the notes with regards this update

    http://support.microsoft.com/?kbid=927891
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Windows Genuine Advantage Notification (KB905474) 2/21/2007

    --------------------------------------------------------------------------------

    Windows Genuine Advantage Notification (KB905474)
    Date last published: 2/21/2007
    Download size: 1.2 MB

    The Windows Genuine Advantage Notification tool notifies you if your copy of Windows is not genuine. If your system is found to be a non-genuine, the tool will help you obtain a licensed copy of Windows.

    Please note this is now available from the Microsoft update website
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    ********************************************************************
    Title: Microsoft Security Bulletin Minor Revisions
    Issued: February 21, 2007
    ********************************************************************

    Summary
    =======
    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS07-016
    * MS07-013
    * MS07-012
    * MS07-011
    * MS06-078

    Bulletin Information:
    =====================

    * MS07-016

    - http://www.microsoft.com/technet/security/bulletin/ms07-016.mspx
    - Reason for Revision: Bulletin revised to correct installation
    verification keys for Windows Internet Explorer 7. Removal
    information for Windows Server 2003 updated with correct folder
    - Originally posted: February 13, 2007
    - Updated: February 21, 2007
    - Bulletin Severity Rating: Critical
    - Version: 1.1

    * MS07-013

    - http://www.microsoft.com/technet/security/bulletin/ms07-013.mspx
    - Reason for Revision: Bulletin Updated: additional clarification
    has been added to the e-mail attack vector. An attacker could
    also attempt to exploit this vulnerability when a user
    interacts with a malformed embedded OLE object within a Rich
    Text e-mail message
    - Originally posted: February 13, 2007
    - Updated: February 21, 2007
    - Bulletin Severity Rating: Important
    - Version: 1.1

    * MS07-012

    - http://www.microsoft.com/technet/security/bulletin/ms07-012.mspx
    - Reason for Revision: Bulletin Updated: additional clarification
    has been added to the e-mail attack vector. An attacker could
    also attempt to exploit this vulnerability when a user
    interacts with a malformed embedded OLE object within a Rich
    Text e-mail message
    - Originally posted: February 13, 2007
    - Updated: February 21, 2007
    - Bulletin Severity Rating: Important
    - Version: 1.1

    * MS07-011

    - http://www.microsoft.com/technet/security/bulletin/ms07-011.mspx
    - Reason for Revision: BulletinUpdated: additional clarification
    has been added to the e-mail attack vector. An attacker could
    also attempt to exploit this vulnerability when a user
    interacts with a malformed embedded OLE object within a Rich
    Text e-mail message
    - Originally posted: February 13, 2007
    - Updated: February 21, 2007
    - Bulletin Severity Rating: Important
    - Version: 1.1

    * MS06-078

    - http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx
    - Reason for Revision: Bulletin updated to provide additional
    clarity around known issues customers may experience when
    they install this security update: See Microsoft Knowledge
    Base Article 933065 : Error message when you install the
    original version of security update 923689 on Korean Windows
    2000 and Microsoft Knowledge Base Article 933066 : Error
    dialog when you install the security update 923689 on Windows
    XP SP2.
    - Originally posted: December 12, 2006
    - Updated: February 21, 2007
    - Bulletin Severity Rating: Critical
    - Version: 2.2

    This update courtesy of fellow MVP Donna Buenaventura
     
Loading...
Thread Status:
Not open for further replies.