Microsoft Security Bulletin Release - July 2007
Below are new Security Bulletins and re-released ones as well...
What is this alert?
This alert is to provide you with an overview of the new Security Bulletins being released on 10 July 2007.
New Security Bulletins
Microsoft is releasing the following security bulletins for newly discovered vulnerabilities:
| | | | |
| MS07-036 | Critical | All currently supported versions of Microsoft Office | Remote Code Execution |
| MS07-037 | Important | Publisher 2007 | Remote Code Execution |
| MS07-038 | Moderate | Windows Vista | Information Disclosure |
| MS07-039 | Critical | Windows 2000 servers, Windows Server 2003 | Remote Code Execution |
| MS07-040 | Critical | .NET Framework 1.0, 1.1, 2.0 | Remote Code Execution |
| MS07-041 | Important | Windows XP SP2 with IIS 5.1 installed | Remote Code Execution |
Summaries for these new bulletins may be found at the following here:
Re-released Security Bulletins
MS06-078: Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)
Notes on the re-release of MS06-078:
- The security update for Windows Media Player 6.4 (KB925398) did not correctly install on Windows Server 2003 Service Pack 2. A revised security update is now available to install on Windows Server 2003 Service Pack 2 (KB925398).
- No changes have been made to the files in the security update. This is a package change only to install on Windows Server 2003 Service Pack 2.
- Microsoft recommends that customers apply the update immediately. No action is required on systems where the security update has been successfully installed.
· Known issues documented in Microsoft Knowledge Base Article 933065 and Microsoft Knowledge Base Article 933066 are resolved. No action is required on systems where the security update has been successfully installed.
· Customers who did experience this known issue and did not install this security update will be reoffered the security update included with this security bulletin
More Information on MS06-078 - Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689):
Microsoft Windows Malicious Software Removal Tool
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here:
High-Priority Non-Security Updates on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS)
Microsoft is today also releasing High-Priority NON-SECURITY updates on WU, MU, SUS and WSUS. For complete details on non-security updates being released today please review the following KB Article:
Description of SUS and WSUS changes in content for 2007:
TechNet Webcast:
· Title: Information about Microsoft July Security Bulletins (Level 200)
· When: Wednesday, July 11, 2007 11:00 AM Pacific Time (US & Canada)
· URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032343783
· Replay: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032343783
Security Bulletin Technical Details
In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit Microsoft Support Lifecycle.
MS07-036
| Microsoft Security Bulletin MS07-036 |
| Bulletin Title | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542) |
| Executive Summary | This critical update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in addition to other security issues identified during the course of the investigation. These vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Maximum Severity Rating | Critical |
| Impact of Vulnerability | Remote Code Execution |
| Detection | Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. This update does not require a restart. |
| Affected Software | Office, Excel. For more information, see the Affected Software section of the bulletin at the link below. |
| Restart Requirement | This update does not require a restart. |
| Removal Information | Varies Depending on which version of the update is installed. |
| More information | http://www.microsoft.com/technet/security/bulletin/MS07-036.mspx |
| | |
MS07-037
| Microsoft Security Bulletin MS07-037 |
| Bulletin Title | Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (936548) |
| Executive Summary | This important security update resolves one publicly disclosed vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Microsoft Office Publisher file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required to exploit this vulnerability. |
| Maximum Severity Rating | Important |
| Impact of Vulnerability | Remote Code Execution |
| Detection | Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update does not require a restart. |
| Affected Software | Office, Publisher. For more information, see the Affected Software section of the bulletin at the link below. |
| Restart Requirement | This update does not require a restart. |
| Removal Information | Use Add or Remove Programs tool in Control Panel. |
| More information | http://www.microsoft.com/technet/security/bulletin/MS07-037.mspx |
| | |
MS07-038
| Microsoft Security Bulletin MS07-038 |
| Bulletin Title | Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807) |
| Executive Summary | This moderate security update resolves a privately reported vulnerability. This vulnerability could allow incoming unsolicited network traffic to access a network interface. An attacker could potentially gather information about the affected host. |
| Maximum Severity Rating | Moderate |
| Impact of Vulnerability | Information Disclosure |
| Detection | Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will require a restart. |
| Affected Software | Windows Vista. For more information, see the Affected Software section of the bulletin at the link below. |
| Restart Requirement | You must restart your system after you apply this security update. |
| Removal Information | To remove this update, click Control Panel, click Security, then under Windows Update, click View installed updates and select from the list of updates. |
| More information | http://www.microsoft.com/technet/security/bulletin/MS07-038.mspx |
| | |
MS07-039
| Microsoft Security Bulletin MS07-039 |
| Bulletin Title | Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) |
| Executive Summary | This critical security update resolves a privately reported vulnerability in implementations of Active Directory on Windows 2000 Server and Windows Server 2003 that could allow remote code execution or a denial of service condition. Attacks attempting to exploit this vulnerability would most likely result in a denial of service condition. However remote code execution could be possible. On Windows Server 2003 an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. |
| Maximum Severity Rating | Critical |
| Impact of Vulnerability | Remote Code Execution |
| Detection | Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will require a restart. |
| Affected Software | Windows. For more information, see the Affected Software section of the bulletin at the link below. |
| Restart Requirement | You must restart your system after you apply this security update. |
| Removal Information | Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility. |
| More information | http://www.microsoft.com/technet/security/bulletin/MS07-039.mspx |
| | |
MS07-040
| Microsoft Security Bulletin MS07-040 |
| < |