Alert - Critical Product Vulnerability - October 2007 Microsoft Security Bulletin

[Dr.Melzer 191]

Hi all,

 

gerade eben wurden die Microsoft Security Bulletins für Oktober 2007 veröffentlicht.

 

Weitere Infos findet Ihr auch unter: Microsoft Security Bulletin Summary für Oktober 2007 (dt.)

 

Viele Grüße und einen schönen Abend wünscht Euch

Dorothea

 

___________________________

What is this alert?

 

This alert is to provide you with an overview of the new Security Bulletin being released on 09 October 2007.

 

New Security Bulletins

 

Microsoft is releasing the following six new security bulletins for newly discovered vulnerabilities:

 

Bulletin Number Maximum Severity Affected Products Impact

MS07-055 Critical Windows 2000, Windows XP, Windows Server 2003 Remote Code Execution

MS07-056 Critical All currently supported versions of Windows Remote Code Execution

MS07-057 Critical All currently supported versions of Internet Explorer Remote Code Execution

MS07-058 Important All currently supported versions of Windows Denial of Service

MS07-059 Important Windows SharePoint Services 3.0, Office SharePoint Server 2007 Elevation of Privilege

MS07-060 Critical Word 2000, Word 2002 Remote Code Execution

 

Summaries for these new bulletins may be found at the following pages:

 

Microsoft Security Bulletin Summary for October 2007

 

Re-released Security Bulletins

 

In addition, Microsoft is re-releasing the following security bulletin:

MS05-004 - ASP.NET Path Validation Vulnerability (887219)

Microsoft Security Bulletin MS05-004: ASP.NET Path Validation Vulnerability (887219)

 

Microsoft updated security bulletin MS05-004 on 09 October 2007 to list Windows Server 2003 Service Pack 2 and Windows Vista as "Affected Software" for .NET Framework 1.0 Service Pack 3 KB886906 and .NET Framework 1.1 Service Pack 1 KB886903.

 

Customers are advised to review the information in these bulletins, test and deploy the updates immediately in their environments, if applicable.

[Dr.Melzer 191]

Microsoft Windows Malicious Software Removal Tool

 

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here: The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows XP, or Windows 2000

 

High-Priority Non-Security Updates

 

High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU) or Windows Server Update Services (WSUS) will be detailed in the following KB Article: Description of Software Update Services and Windows Server Update Services changes in content for 2007

 

 

 

TechNet Webcast: Microsoft will host a Webcast to address customer questions on these bulletins:

 

Title: Information about Microsoft October Security Bulletins (Level 200)

Date: Wednesday, October 10th, 2007 11:00 AM Pacific Time (US & Canada)

URL: TechNet Webcast: Information About Microsoft October Security Bulletins (Level 200)

Replay: Available 24 hours after webcast - same URL

[Dr.Melzer 191]

High-Priority Non-Security Updates

 

High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU) or Windows Server Update Services (WSUS) will be detailed in the following KB Article: Description of Software Update Services and Windows Server Update Services changes in content for 2007

 

 

 

TechNet Webcast: Microsoft will host a Webcast to address customer questions on these bulletins:

 

Title: Information about Microsoft October Security Bulletins (Level 200)

Date: Wednesday, October 10th, 2007 11:00 AM Pacific Time (US & Canada)

URL: TechNet Webcast: Information About Microsoft October Security Bulletins (Level 200)

Replay: Available 24 hours after webcast - same URL

 

 

New Security Bulletin Technical Details

 

In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit Microsoft Support Lifecycle.

[Dr.Melzer 191]

Bulletin Identifier Microsoft Security Bulletin MS07-055

Bulletin Title Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)

Executive Summary This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in the way that the Kodak Image Viewer, formerly known as Wang Image Viewer, handles specifically crafted images files. The vulnerability could allow an attacker to remotely execute code on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating Critical

Impact of Vulnerability Remote Code Execution

Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Affected Software Windows 2000, Windows XP, Windows Server 2003. For more information, see the Affected Software section of the bulletin referenced at the link below.

Restart Requirement You must restart your system after you apply this security update.

Removal Information Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.

Bulletins Replaced by This Update None

Full Details: http://www.microsoft.com/technet/security/bulletin/MS07-055.mspx

[Dr.Melzer 191]

Bulletin Title Security Update for Outlook Express and Windows Mail (941202)

Executive Summary This critical security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution due to an incorrectly handled malformed NNTP response. An attacker could exploit the vulnerability by constructing a specially crafted Web page.

Maximum Severity Rating Critical

Impact of Vulnerability Remote Code Execution

Detection Microsoft Baseline Security Analyzer and Enterprise Update Scan Tool can detect whether your computer system requires this update.

Affected Software Windows, Outlook Express, Windows Mail. For more information, see the Affected Software section of the bulletin referenced at the link below.

Restart Requirement This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.

 

Removal Information For Outlook Express on Windows 2000, Windows XP or Windows Server 2003, use Add or Remove Program tool in Control Panel. For Windows Mail on Vista: click Control Panel, click Security, then under Windows Update, click View installed updates and select from the list of updates.

Bulletins Replaced by This Update MS06-076 on Windows 2000

Full Details: Microsoft Security Bulletin MS07-056 - Critical: Security Update for Outlook Express and Windows Mail (941202)

[Dr.Melzer 191]

Bulletin Identifier Microsoft Security Bulletin MS07-057

Bulletin Title Cumulative Security Update for Internet Explorer (939653)

Executive Summary This critical security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerability with the most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating Critical

Impact of Vulnerability Remote Code Execution

Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Affected Software Windows, Internet Explorer. For more information, see the Affected Software section of the bulletin referenced at the link below.

Restart Requirement The update will require a restart.

Removal Information For this update on Windows 2000, Windows XP or Windows Server 2003, use Add or Remove Program tool in Control Panel or the Spuninst.exe utility. For this update on Windows Vista: click Control Panel, click Security, then under Windows Update, click View installed updates and select from the list of updates.

Bulletins Replaced by This Update MS07-045

Full Details: http://www.microsoft.com/technet/security/bulletin/MS07-057.mspx

[Dr.Melzer 191]

Bulletin Identifier Microsoft Security Bulletin MS07-058

Bulletin Title Vulnerability in RPC Could Allow Denial of Service (933729)

Executive Summary This important update resolves a privately reported vulnerability. A denial of service vulnerability exists in the remote procedure call (RPC) facility due to a failure in communicating with the NTLM security provider when performing authentication of RPC requests.

Maximum Severity Rating Important

Impact of Vulnerability Denial of Service

Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Affected Software Windows 2000, Windows XP, Windows Server 2003, Windows Vista. For more information, see the Affected Software section of the bulletin referenced at the link below.

Restart Requirement You must restart your system after you apply this security update.

Removal Information For this update on Windows 2000, Windows XP, Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility. For this update on Windows Vista: Please see the bulletin for more details.

Bulletins Replaced by This Update MS06-031 on Windows 2000

Full Details: Microsoft Security Bulletin MS07-058 - Important: Vulnerability in RPC Could Allow Denial of Service (933729)

[Dr.Melzer 191]

Bulletin Identifier Microsoft Security Bulletin MS07-059

Bulletin Title Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)

Executive Summary This security update resolves a publicly reported vulnerability in Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007. The vulnerability could allow an attacker to run arbitrary script that could result in elevation of privilege within the SharePoint site, as opposed to elevation of privilege within the workstation or server environment. The vulnerability could also allow an attacker to run arbitrary script to modify a user’s cache, resulting in information disclosure at the workstation.

Maximum Severity Rating Important

Impact of Vulnerability Elevation of Privilege

Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will not require a restart, except in certain situations.

Affected Software Windows, Office. For more information, see the Affected Software section of the bulletin referenced at the link below.

Restart Requirement This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.

 

Removal Information N/A: Please see the security bulletin referenced below for more details.

Bulletins Replaced by This Update None

Full Details: Microsoft Security Bulletin MS07-059 - Important: Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)

[Dr.Melzer 191]

Bulletin Identifier Microsoft Security Bulletin MS07-060

Bulletin Title Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)

 

Executive Summary This security update resolves a privately reported vulnerability in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file with a malformed string. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating Critical

Impact of Vulnerability Remote Code Execution

Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Affected Software Office. For more information, see the Affected Software section of the bulletin referenced at the link below.

Restart Requirement The update will not require a restart.

Removal Information Varies depending on the component being updated. Please see the bulletin referenced below for full details.

Bulletins Replaced by This Update MS07-024

Full Details: Microsoft Security Bulletin MS07-060 - Critical: Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)

[Dr.Melzer 191]

PLEASE VISIT TechNet Security Center FOR THE MOST CURRENT INFORMATION ON THESE ALERTS.

 

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

 

Thank you,

 

Microsoft CSS Security Team