Microsoft Security Advisories 927891 and 937696 Released

[Dr.Melzer 191]

Akteuell eingetroffen:

 

What is this alert?

 

This alert is to notify you that Microsoft has released Security Advisory 927891 - Fix for Windows Installer (MSI) - on 22 May 2007.

 

Also, Microsoft released Security Advisory 937696 - Release of Microsoft Office Isolated Conversion Environment (MOICE) and File Block Functionality for Microsoft Office – yesterday, 21 May 2007.

 

Summary for Security Advisory 927821 - Fix for Windows Installer (MSI):

 

Today, 22 May 2007, we are announcing the availability of an update that does not address a security vulnerability, but is a high priority for customers in keeping their systems updated. The update addresses the following issue:

 

Your system may appear to become unresponsive when Windows Update or Microsoft Update is scanning for updates that use Windows installer, and you may notice that the CPU usage for the svchost process is showing 100%.

 

When you try to install an update from Windows Update or from Microsoft Update, you experience the following symptoms:

 

• Your system may appear to become unresponsive when Windows Update or Microsoft Update is scanning for updates that use Windows Installer.

• You receive an access violation error in svchost.exe. This access violation stops the Server service and the Workstation service.

• A memory leak occurs when Windows Update or Microsoft Update is scanning for updates that use Windows Installer.

• Windows Update or Microsoft Update scans take a very long time, sometimes hours, to complete.

 

We encourage Windows customers to review and install this update. This update will be offered automatically through Automatic Updates. For more information about this issue, including download links for the available non-security update, please review Microsoft Knowledge Base Article 927891 (http://support.microsoft.com/kb/927891).

 

Please note that this update is the first part of a two-part fix that is the comprehensive solution to the problem. In June, another update will involve the Windows Update client. The update for the Windows Update client will also be automatically offered through Automatic Updates.

 

Summary for Security Advisory 937696 - Release of Microsoft Office Isolated Conversion Environment (MOICE) and File Block Functionality for Microsoft Office:

 

Yesterday, 21 May 2007, Microsoft announced the availability of the Microsoft Office Isolated Conversion Environment (MOICE) feature and more widely notified customers of the File Block functionality for Microsoft Office 2003 and the 2007 Microsoft Office system. Both features are designed to make it easier for customers to protect themselves from Office files that may contain malicious software, such as unsolicited Office files received from unknown or known sources. MOICE makes it easier by providing new security mitigation technologies designed to convert specific Microsoft Office files types, while File Block provides a mechanism that can control and block the opening of specific Microsoft Office file types.

[Dr.Melzer 191]

The Microsoft Office Isolated Conversion Environment (MOICE) uses the 2007 Microsoft Office system converters to convert Office 2003 binary documents to the newer Office open XML format. The Conversion process helps protect customers by converting the Office 2003 binary file format to the Office open XML format in an isolated environment. In summary, MOICE provides a mechanism for customers to pre-process potentially unsafe Office 2003 binary documents, by virtue of the conversions process it provides customers with a greater degree of certainty that the document can be considered safe.

 

We encourage Microsoft Office customers to review the related Knowledge base article and consider whether MOICE can help protect users in your IT environment. For more information about this release, see Microsoft Knowledge Base Article 935865.

 

The File Block Functionality for Microsoft Office 2003 and the 2007 Microsoft Office system allows administrators to restrict via registry and Group Policy specific Office file types that can or cannot be opened when using Microsoft Word, PowerPoint, and Excel. Blocking specific Office file types allows administrators to temporarily deny users the ability to open certain files, such as when a threat of attack from a given Office file type exists.

 

We encourage Microsoft Office customers to review the related Knowledge base article and consider whether File Block can help protect users in your IT environment. For more information about this release, see Microsoft Knowledge Base Article 922849, Microsoft Knowledge Base Article 922848 and Microsoft Knowledge Base Article 922847.

 

When MOICE and File Block are used together they are an effective mitigation strategy for customers when the threat of attack using certain Office types exists. This enables customers to continue using Microsoft Office with a high degree of assurance that the files being opened are considered safe and will not infect users with malicious software.

 

Additional Resources:

 

Security Advisory 927891

 

• Microsoft Security Advisory 927891 - Fix for Windows Installer (MSI): Microsoft Security Advisory (927891): Fix for Windows Installer (MSI)

• Microsoft Knowledgebase Article 927891 - You receive an access violation error when you try to install an update from Windows Update or from Microsoft Update after you apply hotfix package KB916089: You receive an access violation error and the system may appear to become unresponsive when you try to install an update from Windows Update or from Microsoft Update

 

Security Advisory 937696

 

• Microsoft Security Advisory 937696 - Release of Microsoft Office Isolated Conversion Environment (MOICE) and File Block Functionality for Microsoft Office: Microsoft Security Advisory (937696): Release of Microsoft Office Isolated Conversion Environment (MOICE) and File Block Functionality for Microsoft Office

• Microsoft Knowledgebase Article 935865: Description of the Microsoft Office Isolated Conversion Environment update for the Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

• Microsoft Knowledgebase Article 922849: You receive an error message when you try to open or to save a file type that was blocked by your registry policy settings in Word 2007 or in Word 2003

• Microsoft Knowledgebase Article 922848: You receive an error message when you try to open or to save a file type that was blocked by your registry policy settings in Excel 2007 or in Excel 2003

• Microsoft Knowledgebase Article 922847: You receive an error message when you try to open or to save a file type that was blocked by your registry policy settings in PowerPoint 2007 or in PowerPoint 2003

 

Other:

 

• MSRC Blog: The Microsoft Security Response Center (MSRC)

 

 

Regarding Information Consistency:

 

We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Security Advisories posted to the web are occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in the web-based Security Advisory, the information in the web-based Security Advisory is authoritative.

 

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

 

Thank you,

Microsoft PSS Security Team