ALERT: "How a Hacker Launches a SQL Injection Attack!" White Paper
It's as simple as placing additional SQL commands into a Web Form
input box giving hackers complete access to all your backend systems!
Firewalls and IDS will not stop such attacks because SQL Injections are
NOT seen as intruders. Download this *FREE* white paper from SPI
Dynamics for a complete guide to protection!
http://list.windowsitpro.com/t?ctl=59F75:4160B336D0B60CB11D40F74C177B7D7B
=== SECURITY ALERT =============================================
6 Microsoft Security Bulletins for June 2007
by Orin Thomas, orin@windowsitpro.com
Microsoft released six security updates for June, rating four of them
as critical. Here's a brief description of each update; for more
information, go to
http://list.windowsitpro.com/t?ctl=59F76:4160B336D0B60CB11D40F74C177B7D7B
MS07-030: Vulnerabilities in Microsoft Visio Could Allow Remote Code
Execution
This bulletin addresses several privately reported and responsibly
disclosed vulnerabilities in Microsoft Visio. These vulnerabilities
could lead to remote code execution if a specifically crafted Visio
file is opened on an unpatched computer.
Applies to: Visio 2002 and Visio 2003.
Recommendation: Microsoft rates this bulletin as important. If your
organization uses Visio, you should test and deploy the patch as part
of your normal patch management cycle.
MS07-031: Vulnerability in the Windows Secure Channel Security Package
Could Allow Remote Code Execution
This vulnerability relates to the Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) implementations on several Windows OS
versions. Exploitation of this vulnerability could allow remote code
execution through a specifically created Web page. This bulletin does
not replace any previous security bulletins.
Applies to: Windows 2000, Windows XP, and Windows Server 2003.
Recommendation: Although Microsoft rates this update as critical,
the vulnerability has not been publicly disclosed. Microsoft also
reports that when it has tested this vulnerability, the Web browser is
more likely to exit than to allow remote code execution. You should
promptly perform testing and deployment of this update on vulnerable
systems.
MS07-032: Vulnerability in Windows Vista Could Allow Information
Disclosure
This bulletin relates to a privately disclosed vulnerability that
could allow a locally logged-on user to access local user information
stores on a Windows Vista computer. This includes local administrator
passwords contained within the registry and local file system.
Applies to: Windows Vista.
Recommendation: Microsoft rates this bulletin as moderate. You
should test and deploy the patch as part of your normal patch
management routine.
MS07-033: Cumulative Security Update for Internet Explorer
This bulletin addresses both privately and publicly reported
vulnerabilities in multiple versions of Microsoft Internet Explorer
(IE). The vulnerabilities involve remote code execution and could be
exploited through a specifically created Web page. This bulletin does
not replace any previously released bulletins.
Applies to: Windows 2000, Windows XP, Windows Server 2003, and
Windows Vista.
Recommendation: Microsoft rates this update as critical because the
details of this vulnerability have been publicly reported. You should
perform accelerated testing and deployment of this update on vulnerable
systems.
MS07-034: Cumulative Security Update for Outlook Express and Windows
Mail
This bulletin deals with several publicly and privately disclosed
vulnerabilities in Microsoft Outlook Express and Windows Mail. These
vulnerabilities could be exploited by a specially created email that
leverages remote code execution.
Applies to: Windows XP, Windows Server 2003, and Windows Vista.
Recommendation: Microsoft rates this update as critical because the
details of this vulnerability have been publicly reported. You should
perform accelerated testing and deployment of this update on vulnerable
systems.
MS07-035: Vulnerability in Win32 API Could Allow Remote Code Execution
This bulletin addresses a privately reported vulnerability in a
Win32 API which could allow remote code execution and privilege
escalation. This vulnerability can be exploited through specifically
written Web pages.
Applies to: Windows 2000, Windows XP, and Windows Server 2003.
Recommendation: Although Microsoft rates this update as critical,
the vulnerability has not been publicly disclosed. You should promptly
perform testing and deployment of this update on vulnerable systems.
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://list.windowsitpro.com/t?ctl=59F79:4160B336D0B60CB11D40F74C177B7D7B
http://list.windowsitpro.com/t?ctl=59F7B:4160B336D0B60CB11D40F74C177B7D7B
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=59F78:4160B336D0B60CB11D40F74C177B7D7B
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB11D40F74C177B7D7B
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=59F7A:4160B336D0B60CB11D40F74C177B7D7B
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=59F77:4160B336D0B60CB11D40F74C177B7D7B
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2007, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment