News

Wednesday, May 09, 2007

Security Alert: 7 Microsoft Security Bulletins for May 2007

PLEASE VISIT OUR SPONSOR, WHO BRINGS YOU SECURITY ALERT FOR FREE:

Administering Windows Vista Security
Join Paul Thurrott for a deep dive into administering Windows
Vista's new security features with an emphasis on the new Group Policy
settings that are exposed by this release including USB device blocking
and the new Microsoft Desktop Optimization Pack. Paul will also discuss
compliance features in Windows Vista, and upcoming security innovations
that will be enabled by combining Windows Vista with Windows Server
"Longhorn". On-Demand Web Seminar

http://list.windowsitpro.com/t?ctl=55860:4160B336D0B60CB18A5FFD94F1521462


=== SECURITY ALERT =============================================

7 Microsoft Security Bulletins for May 2007
by Orin Thomas, orin@windowsitpro.com

Microsoft released seven security updates for May, rating all seven as
critical. Here's a brief description of each update; for more
information, go to

http://list.windowsitpro.com/t?ctl=55861:4160B336D0B60CB18A5FFD94F1521462

MS07-023: Vulnerabilities in Microsoft Excel Could Allow Remote Code
Execution
This update addresses several vulnerabilities in all versions of
Excel that could be used to compromise a computer through the execution
of remote code. This bulletin replaces MS07-002.
Applies to: All versions of Excel and Office 2004 for Macintosh.
Recommendation: Although Microsoft rates this update as critical,
because the vulnerabilities haven't been publicly disclosed, you can
test and deploy this update as a part of your patch management routine.

MS07-024: Vulnerabilities in Microsoft Word Could Allow Remote Code
Execution
This update addresses several newly discovered and publicly
disclosed vulnerabilities in most versions of Word. This bulletin
replaces MS07-014.
Applies to: All versions of Word (except Word 2007) and Microsoft
Works Suites.
Recommendation: Given that several of the vulnerabilities the update
addresses have been made public, you should perform accelerated testing
and deployment of this update.

MS07-025: Vulnerability in Microsoft Office Could Allow Remote Code
Execution
This update addresses several privately disclosed vulnerabilities in
most versions of Office. This bulletin replaces bulletin MS07-15.
Applies to: Office 2000/XP/2003/2007/SharePoint Designer 2007/2004
for Mac and Microsoft Expression Web.
Recommendation: Although Microsoft rates the vulnerability as
critical, the vulnerability hasn't been publicly disclosed, so you can
test and deploy this update as a part of your normal patch management
routine.

MS07-026: Vulnerabilities in Microsoft Exchange Could Allow Remote Code
Execution
This update addresses several newly discovered privately reported
vulnerabilities in Exchange 2000 Server, Exchange Server 2003 and
Exchange Server 2007. This bulletin replaces MS06-19 and MS06-29.
Applies to: Exchange 2000/2003/2007.
Recommendation: Although at the time the bulletin was published the
vulnerabilities it addressed hadn't been publicly disclosed, Exchange
forms such a critical part of many organizations' network
infrastructure that you should perform thorough testing and deploy as
expeditiously as possible.

MS07-027: Cumulative Security Update for Internet Explorer
This update addresses several vulnerabilities across all versions of
Internet Explorer (IE). This bulletin replaces MS07-016.
Applies to: All versions of IE including IE 7.0 in Windows Vista.
Recommendation: Because the update addresses several publicly
disclosed remote code exploit vulnerabilities, you should perform
accelerated testing and deployment of this update.

MS07-028: Vulnerability in CAPICOM Could Allow Remote Code Execution
This update addresses vulnerabilities in CAPICOM and BizTalk Server
2004. Other versions of BizTalk, such as BizTalk 2000/2002/2006, don't
have these vulnerabilities.
Applies to: CAPICOM and BizTalk Server 2004.
Recommendation: The vulnerability has been privately, rather than
publicly, disclosed. If your organization uses these products, you
should test thoroughly and apply.

MS07-029: Vulnerability in Windows DNS RPC Interface Could Allow Remote
Code Execution
This update addresses a publicly disclosed vulnerability in the DNS
server service, which runs only on server OSs. An attacker who takes
advantage of this vulnerability could take control of the server.
Applies to: Windows 2000 Server and Windows Server 2003.
Recommendation: This update addresses a publicly disclosed critical
vulnerability in a core infrastructure service. Test and deploy as soon
as possible.


================================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).

http://list.windowsitpro.com/t?ctl=55864:4160B336D0B60CB18A5FFD94F1521462

http://list.windowsitpro.com/t?ctl=55866:4160B336D0B60CB18A5FFD94F1521462

Subscribe to Security UPDATE at

http://list.windowsitpro.com/t?ctl=55863:4160B336D0B60CB18A5FFD94F1521462

Unsubscribe by clicking

http://list.windowsitpro.com/u?id=4160B336D0B60CB18A5FFD94F1521462

Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.

To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=55865:4160B336D0B60CB18A5FFD94F1521462

About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://list.windowsitpro.com/t?ctl=55862:4160B336D0B60CB18A5FFD94F1521462

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

No comments:

Blog Archive