Security Bulletin: October 2007
It's that time again. Time for another round of security updates. Please see details below.
What is this alert?
This alert is to provide you with an overview of the new Security Bulletin being released on 09 October 2007.
New Security Bulletins
Microsoft is releasing the following six new security bulletins for newly discovered vulnerabilities:
Bulletin Number |
Maximum Severity |
Affected Products |
Impact |
MS07-055 |
Critical |
Windows 2000, Windows XP, Windows Server 2003 |
Remote Code Execution |
MS07-056 |
Critical |
All currently supported versions of Windows |
Remote Code Execution |
MS07-057 |
Critical |
All currently supported versions of Internet Explorer |
Remote Code Execution |
MS07-058 |
Important |
All currently supported versions of Windows |
Denial of Service |
MS07-059 |
Important |
Windows SharePoint Services 3.0, Office SharePoint Server 2007 |
Elevation of Privilege |
MS07-060 |
Critical |
Word 2000, Word 2002 |
Remote Code Execution |
Summaries for these new bulletins may be found at the following pages:
https://www.microsoft.com/technet/security/bulletin/ms07-Oct.mspx
Re-released Security Bulletins
In addition, Microsoft is re-releasing the following security bulletin:
MS05-004 - ASP.NET Path Validation Vulnerability (887219)
https://www.microsoft.com/technet/security/bulletin/ms05-004.mspx
Microsoft updated security bulletin MS05-004 on 09 October 2007 to list Windows Server 2003 Service Pack 2 and Windows Vista as "Affected Software" for .NET Framework 1.0 Service Pack 3 KB886906 and .NET Framework 1.1 Service Pack 1 KB886903.
Customers are advised to review the information in these bulletins, test and deploy the updates immediately in their environments, if applicable.
Microsoft Windows Malicious Software Removal Tool
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here: https://go.microsoft.com/fwlink/?LinkId=40573
High-Priority Non-Security Updates
High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU) or Windows Server Update Services (WSUS) will be detailed in the following KB Article: https://support.microsoft.com/?id=894199
TechNet Webcast: Microsoft will host a Webcast to address customer questions on these bulletins:
Title: Information about Microsoft October Security Bulletins (Level 200)
Date: Wednesday, October 10th, 2007 11:00 AM Pacific Time (US & Canada)
URL: https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032344692
Replay: Available 24 hours after webcast - same URL
Technorati Tags: Security, Patches, Updates
Cheers, Jeffa
Comments
- Anonymous
October 11, 2007
Hi Jeffa, When my computer restarted - presumably after the patches were installed - on Tuesday my Windows XP (Media Center 2002) failed to start. When I tried choosing any of the options (Start Windows, Go back to last good configuration, Safe Mode, etc.) the same options screen would inevitably appear after a few seconds. Do you have any suggestions for resolving this issue? Thanks, Rich