Jump to content

Level 2 - Critical Product Vulnerability - January 2007 Microsoft Security Bulletin R


Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Empfohlene Beiträge

Hallo zusammen, nachfolgende Security Bulletins sind gestern Abend veröffentlich worden.

 

Weitere Infos findet Ihr auch unter: Microsoft Security Bulletin Summary für Januar 2007 (dt.)

 

 

____________________________________

 

 

What is this alert?

 

This alert is to provide you with an overview of Security Bulletins released by Microsoft on 09 January 2007.

 

New Security Bulletins:

 

Microsoft is releasing the following security bulletins for newly discovered vulnerabilities:

 

MAXIMUM SEVERITY BULLETIN NUMBER PRODUCTS AFFECTED IMPACT

Important MS07-001 Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Remote Code Execution

Critical MS07-002 Vulnerabilities in Microsoft Excel Remote Code Execution

Critical MS07-003 Vulnerabilities in Microsoft Outlook Remote Code Execution

Critical MS07-004 Vulnerability in Vector Markup Language Remote Code Execution

 

 

Summaries for these new bulletins may be found at the following page:

 

Microsoft Security Bulletin Summary for January, 2007

 

Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable.

 

Microsoft Windows Malicious Software Removal Tool:

 

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here:

 

The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows XP, or Windows 2000

 

High-Priority Non-Security Updates on Microsoft Update (MU), Windows Update (WU),

Windows Server Update Services (WSUS) and Software Update Services (SUS)

 

Microsoft is today also making the following High-Priority NON-SECURITY updates available on WU, MU, SUS and WSUS:

 

KB NUMBER TITLE AVAILABLE VIA

925254 Update for Outlook Junk Email Filter 2003 MU

925534 Update for Outlook 2003 WU, MU

 

 

TechNet Webcast:

 

TechNet Webcast: Information about Microsoft's January Security Bulletins (Level 200)

Wednesday, January 10, 2007, 11:00 AM (GMT-08:00) Pacific Time (US & Canada

WWE - Event Details - Live Webcast

 

The on-demand version of the Webcast will be available 24 hours after the live Webcast at:

WWE - Event Details - Live Webcast

Link zu diesem Kommentar

Security Bulletin Details:

 

MS07-001

 

Title: Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585)

 

Affected Software:

Microsoft Office 2003 Service Pack 2 (Brazilian Portuguese Version)

Microsoft Word 2003

Microsoft Excel 2003

Microsoft Outlook 2003

Microsoft Access 2003

Microsoft OneNote 2003

Microsoft PowerPoint 2003

Microsoft Publisher 2003

Microsoft Access 2003

Microsoft InfoPath 2003

Microsoft FrontPage 2003

Microsoft Visio 2003

Microsoft Visio Enterprise Architects 2003

Microsoft Office Multilingual User Interface 2003 Service Pack 2

Microsoft Project Multilingual User Interface 2003 Service Pack 2

Microsoft Visio Multilingual User Interface 2003 Service Pack 2

Microsoft Office Proofing Tools 2003 Service Pack 2

 

Non-Affected Software:

Microsoft Office 2000

Microsoft Office XP

Microsoft Office 2007

Microsoft Office v.X for Mac

Microsoft Office 2004 for Mac

 

Impact of Vulnerability: Remote Code Execution

 

Maximum Severity Rating: Important

 

Security Update Replacement: None

 

Caveats: None

 

Restart Requirement: To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.

 

Removal Information: To remove this security update, use Add or Remove Programs in Control Panel.

 

More information on this vulnerability is available at: Microsoft Security Bulletin MS07-001: Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker That Could Allow Remote Code Execution (921585)

 

******************************************************************

MS07-002

 

Title: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)

 

Affected Software:

Microsoft Office 2000 Service Pack 3

Microsoft Excel 2000

Microsoft Office XP Service Pack 3

Microsoft Excel 2002

Microsoft Office 2003 Service Pack 2

Microsoft Excel 2003

Microsoft Office Excel Viewer 2003

Microsoft Works Suites:

Microsoft Works Suite 2004

Microsoft Works Suite 2005

Microsoft Office 2004 for Mac

Microsoft Office v. X for Mac

 

Non-Affected Software:

2007 Microsoft Office system

Microsoft Office Excel 2007

Microsoft Works Suites:

Microsoft Works Suite 2006

 

Impact of Vulnerability: Remote Code Execution

 

Maximum Severity Rating: Critical

 

Security Update Replacement: This bulletin replaces a prior security update. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

 

Caveats: None

 

Restart Requirement: Varies depending on which product version is being updated. Please see the bulletin’s Security Update Information section for more details.

 

Removal Information: Varies depending on which product version is being updated. Please see the bulletin’s Security Update Information section for more details.

 

More information on this vulnerability is available at: Microsoft Security Bulletin MS07-002: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)

Link zu diesem Kommentar

Security Bulletin Details:

 

MS07-001

 

Title: Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585)

 

Affected Software:

Microsoft Office 2003 Service Pack 2 (Brazilian Portuguese Version)

Microsoft Word 2003

Microsoft Excel 2003

Microsoft Outlook 2003

Microsoft Access 2003

Microsoft OneNote 2003

Microsoft PowerPoint 2003

Microsoft Publisher 2003

Microsoft Access 2003

Microsoft InfoPath 2003

Microsoft FrontPage 2003

Microsoft Visio 2003

Microsoft Visio Enterprise Architects 2003

Microsoft Office Multilingual User Interface 2003 Service Pack 2

Microsoft Project Multilingual User Interface 2003 Service Pack 2

Microsoft Visio Multilingual User Interface 2003 Service Pack 2

Microsoft Office Proofing Tools 2003 Service Pack 2

 

Non-Affected Software:

Microsoft Office 2000

Microsoft Office XP

Microsoft Office 2007

Microsoft Office v.X for Mac

Microsoft Office 2004 for Mac

 

Impact of Vulnerability: Remote Code Execution

 

Maximum Severity Rating: Important

 

Security Update Replacement: None

 

Caveats: None

 

Restart Requirement: To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.

 

Removal Information: To remove this security update, use Add or Remove Programs in Control Panel.

 

More information on this vulnerability is available at: Microsoft Security Bulletin MS07-001: Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker That Could Allow Remote Code Execution (921585)

 

******************************************************************

MS07-002

 

Title: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)

 

Affected Software:

Microsoft Office 2000 Service Pack 3

Microsoft Excel 2000

Microsoft Office XP Service Pack 3

Microsoft Excel 2002

Microsoft Office 2003 Service Pack 2

Microsoft Excel 2003

Microsoft Office Excel Viewer 2003

Microsoft Works Suites:

Microsoft Works Suite 2004

Microsoft Works Suite 2005

Microsoft Office 2004 for Mac

Microsoft Office v. X for Mac

 

Non-Affected Software:

2007 Microsoft Office system

Microsoft Office Excel 2007

Microsoft Works Suites:

Microsoft Works Suite 2006

 

Impact of Vulnerability: Remote Code Execution

 

Maximum Severity Rating: Critical

 

Security Update Replacement: This bulletin replaces a prior security update. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

 

Caveats: None

 

Restart Requirement: Varies depending on which product version is being updated. Please see the bulletin’s Security Update Information section for more details.

 

Removal Information: Varies depending on which product version is being updated. Please see the bulletin’s Security Update Information section for more details.

 

More information on this vulnerability is available at: Microsoft Security Bulletin MS07-002: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)

Link zu diesem Kommentar

Security Bulletin Details:

MS07-003

 

Title: Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)

 

Affected Software:

Microsoft Office 2000 Service Pack 3

Microsoft Outlook 2000

Microsoft Office XP Service Pack 3

Microsoft Outlook 2002

Microsoft Office 2003 Service Pack 2

Microsoft Outlook 2003

 

Non-Affected Software:

Microsoft Office 2007

Microsoft Office Outlook 2007

 

Impact of Vulnerability: Remote Code Execution

 

Maximum Severity Rating: Critical

 

Security Update Replacement: This bulletin replaces a prior security update. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

 

Caveats: Microsoft Knowledge Base Article 925938 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues.

 

Restart Requirement: To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.

 

Removal Information: Varies depending on which product version is being updated. Please see the bulletin’s Security Update Information section for more details.

 

More information on this vulnerability is available at: Microsoft Security Bulletin MS07-003: Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)

Link zu diesem Kommentar

MS07-004

 

Title: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)

 

Affected Software:

Microsoft Windows 2000 Service Pack 4

Microsoft Windows XP Service Pack 2

Microsoft Windows XP Professional x64 Edition

Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

Microsoft Windows Server 2003 x64 Edition

 

Non-Affected Software:

Windows Vista

 

Affected Components:

Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4

Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4

Internet Explorer 7 on Microsoft Windows XP Service Pack 2

Internet Explorer 7 on Microsoft Windows XP Professional x64 Edition

Internet Explorer 7 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

Internet Explorer 7 on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

Internet Explorer 7 on Microsoft Windows Server 2003 x64 Edition

 

Impact of Vulnerability: Remote Code Execution

 

Maximum Severity Rating: Critical

 

Restart Requirement: You must restart your system after you apply this security update.

 

Removal Information: To remove this security update, use the Add or Remove Programs tool in Control Panel. System administrators can also use the Spuninst.exe utility to remove this security update.

 

More information on this vulnerability is available at: Microsoft Security Bulletin MS07-004: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)

 

******************************************************************

 

Notes and Disclaimers:

 

Regarding Affected Software listed above and in the Security Bulletins:

 

• The software listed in the sections above has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site:

 

http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle

 

• Security updates for Microsoft Windows Server 2003, Windows Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also apply to Windows Server 2003 R2.

 

Regarding information consistency:

 

We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Security Bulletins posted to the web are occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in the web-based security bulletin, the information in the web-based security bulletin is authoritative.

 

******************************************************************

 

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

 

Thank you,

Microsoft PSS Security Team

Link zu diesem Kommentar
Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Schreibe einen Kommentar

Du kannst jetzt antworten und Dich später registrieren. Falls Du bereits ein Mitglied bist, logge Dich jetzt ein.

Gast
Auf dieses Thema antworten...

×   Du hast formatierten Text eingefügt.   Formatierung jetzt entfernen

  Only 75 emoji are allowed.

×   Dein Link wurde automatisch eingebettet.   Einbetten rückgängig machen und als Link darstellen

×   Dein vorheriger Inhalt wurde wiederhergestellt.   Editor-Fenster leeren

×   Du kannst Bilder nicht direkt einfügen. Lade Bilder hoch oder lade sie von einer URL.

×
×
  • Neu erstellen...