Microsoft drops 6 bulletins, fixing 11 vulnerabilities
section: microsoft, for your questions: KezNews forum, 11.7.2007
Tip: Click here to update all your PC's outdated driversMicrosoft’s Patch Tuesday train arrived today with six bulletins covering at least 11 vulnerabilities, most carrying the company’s highest severity rating.
As previously reported, four three of the six bulletins are rated “critical. These cover code execution holes in Microsoft Excel, Windows Active Directory and the .Net Framework.
The two three other bulletins deal with a “moderate” information disclosure flaw in the Vista Firewall, and two”important” issues affecting IIS 5.1 on Windows XP SP2 and Microsoft Office Publisher 2007.
The July Patch Tuesday cheat-sheet:
MS07-036 – Covers three different vulnerabilities in Microsoft Excel that could lead to complete PC takeover attacks. One of the three bugs was publicly disclosed before this patch release. These flaws affect the latest 2007 Microsoft Office System but the severity is downgraded for this version because of defense-in-depth mitigations built into the product.
MS07-037 — This covers a remote code execution hole in Microsoft Office Publisher 2007. An attacker could exploit the vulnerability by constructing a specially crafted Publisher (.pub) page. When a user views the .pub page, the vulnerability could allow remote code execution. Rated “important,” it was discovered by researchers at eEye Digital Security in February, meaning that it took Microsoft about six months to deliver a fix. eEye reckons this patch is 73 days overdue.
[ ALSO SEE: Skeletons in Microsoft’s Patch Day closet ]
MS07-038 — This is the only patch in this month’s batch that affects Windows Vista. It is an information disclosure issue in Windows Vista that could allow a remote anonymous attacker to send inbound network traffic to the affected system. It would be possible for the attacker to gain information about the system over the network. The bug was privately reported to Microsoft by Jim Hoagland and Ollie Whitehouse of Symantec.
MS07-039 — Covers a pair of “critical” vulnerabilities in implementations of Active Directory on Windows 2000 Server and Windows Server 2003 that could allow remote code execution or a denial of service condition.
MS07-040 — This update fixes at least three vulnerabilities in the .Net Framework. Microsoft says two of these bugs could allow remote code execution on client systems with .NET Framework installed, and one could allow information disclosure on Web servers running ASP.NET. One of these flaws was “partially disclosed” at the recent SyScan conference in Singapore and there were rumblings that Microsoft kept pushing off patching this issue for several months. Keep your eyes on Security-Assessment for more on this.
MS07-041 — Contains a patch for an “important” remote code execution vulnerability in Microsoft Internet Information Services (IIS). An attacker could send specially crafted URL requests to a Web page hosted by Internet Information Services (IIS) 5.1 on Windows XP Professional Service Pack 2 to take complete control of an affected system. IIS 5.1 is not part of a default install of Windows XP Professional Service Pack 2.
source:
blogs.zdnet.com
>> Click Here to Run a Free Scan for PC Errors <<
Send link 2 friend | Permalink
MORE RELATED ARTICLES:
Microsoft to issue 6 bulletins for July patch Tuesday || Microsoft Patch Tuesday for November 2009: six bulletins || Next Version of Office for Mac Drops in 2010 || Nero 9 Compatible with Windows 7 Drops in October 2009 || Windows 7 Drops on October 22, RTM in Mid-July
Comments(9)
i installed this update and then i have to activate windows vista again (by phone because
internet activation doesn't work).
windows vista home premium x64 with legal key.
hi!
wich one is the one that makes the activation nessesary... :)
can someone confirm this on a oem cracked vista ultimate?
vista guy!
i don't have the guts to install this update... i don't wanna mess with the licence key
anymore... i skip this file until someone can proove that it's harmless... my ultimate is
"registrated" with a crack from this page (not timerstopper)...
yes me too, can someone please confirm that this crack is harmless, i have ultimate 32bit
activated with one of those bios oem activators
i had no problems with this update. i rebooted my pc 3 times after the installation and
nothing happened. my vista is still genuine. i'm running vista ultimate x32 lite version.
i also installed it in my genuine vista x64 and everything is just fine. no issues with my
activation...
so you guys know... anyways, if you have no issues with your
validation you may want to skip this update. here is the info about this update:
"this update provides specific product information for the user that can help the
windows vista activation and validation processes. the improved instructions that are
included in this update help make it easier for the user to activate and validate windows
vista. links to more detailed online information are provided. these links help the user
to resolve issues more quickly and effectively or to obtain help from microsoft."
cheers mates...
i'm also using yoni's lite vista, just installed this update, and i can confirm it does
nothing to the activation, my vista is still activated. thanx for the info yoni!
i fail to see the wisdom in bothering with the activation or cracking of vista ultimate.
i have tried and deleted it three different times and find it less functional than windows
me.
me again!
i've just updated and everything is just fine... :)
i am running windows xp pro 64 bit corp. i just updated from these july releases from ms
and it would also seem the .net update is also something to be concerned about. my
firewall popped up last night after it completed its running in the background and hogging
up cpu at 100%. sorry but as i made the firewall rule to block access outgoing and
incoming i forgot the ip address it was trying to call. but more than likely it was trying
to call home after it completed the update. dont worry i disabled auto update after doing
this. i manually update that or either autopatcher. the service that popped up was
mscorsvw.exe. firewalls i recommed are as follows: for 32 bit systems- filseclab (free)
for 64 bit systems- netlimiter pro (look up the torrent (also if it is still around try to
find the palace upload works 100% guaranteed)).
No new comments are allowed for this article.
For your questions use our KezNews Forum
Windows 7 RTM 7600.16385.090713-1255 HERE !
KB933928
By supermanho on 11.07.2007 - 13:07