Server Consolidation Essentials
Discover the benefits of server consolidation using virtualization
technologies! Chapter 1 of this free eBook is available now, with
details about how server consolidation can help you do more with less.
http://list.windowsitpro.com/t?ctl=6969A:4160B336D0B60CB1ADB29732861E2724
=== SECURITY ALERT =============================================
6 Microsoft Security Bulletins for October 2007
by Orin Thomas, MVP Windows Security, orin@windowsitpro.com
Microsoft released six security updates for October, rating four of
them as critical. Here's a brief description of each update; for more
information, go to
http://list.windowsitpro.com/t?ctl=6969B:4160B336D0B60CB1ADB29732861E2724
MS07-055: Vulnerability in Kodak Image Viewer Could Allow Remote Code
Execution
The attack vector for this exploit is specially crafted image files.
The exploit targets Kodak Image Viewer, formerly known as Wang Image
Viewer. If unpatched, this vulnerability could be leveraged to allow
the execution of remote code on the affected system.
Applies to: Windows 2000 and versions of Windows XP and Windows Server
2003 that were installed as upgrades from Windows 2000. Computers on
which Windows XP and Windows Server 2003 were installed directly are
not vulnerable.
Recommendation: This vulnerability was privately reported. You need to
perform accelerated testing only if your environment has computers
running Windows 2000 or computers running Windows XP or Windows Server
2003 that was upgraded from Windows 2000.
MS07-056: Security Update for Outlook Express and Windows Mail
The attack vector for this exploit is a Network News Transfer Protocol
(NNTP) response from a news server. The attacker must draw the subject
of the attack to visit an NNTP server, which would deliver this
exploit. The exploit targets Outlook Express and Windows Mail and could
be leveraged to allow remote code execution. Although this exploit has
yet to be detected outside a lab environment, it's possible that
attackers will target third-party NNTP servers and compromise them in
an attempt to leverage this exploit.
Applies to: All versions of Windows.
Recommendation: Although the security bulletin states that the
Microsoft article at the URL below details issues that might be
experienced when this update is installed, no such issues are
currently listed on this page. Given the large number of OS
versions this update applies to, the likelihood of a public
exploit for this vulnerability is high. You should test and deploy
on an accelerated schedule.
http://list.windowsitpro.com/t?ctl=6969F:4160B336D0B60CB1ADB29732861E2724
MS07-057: Cumulative Security Update for Internet Explorer
This update addresses three privately reported and one publicly
disclosed vulnerability. The attack vector for these exploits is
specially crafted Web pages which, if viewed using Microsoft Internet
Explorer, could be leveraged to execute nefarious code.
Applies to: Internet Explorer 5.0, 6.0, and 7.0.
Recommendation: This update should be first on your list to test and
deploy as quickly as you can.
MS07-058: Vulnerability in RPC Could Allow Denial of Service
A vulnerability in the RPC facility could be leveraged to cause a
Denial of Service (DoS) attack against the affected computer. The
affected computer could slow, halt or even restart.
Applies to: All versions of Windows.
Recommendation: Microsoft rates this update as important rather than
critical, and the vulnerability has been privately, rather than
publicly, disclosed. Because RPC is almost always blocked at the
firewall, this vulnerability can be leveraged only if the attacker is
on the same network as the attacked. Thus, you should test and deploy
this fix as part of your ongoing patch management routine.
MS07-059: Vulnerability in Windows SharePoint Services 3.0 and Office
SharePoint Server 2007 Could Result in Elevation of Privilege Within
the SharePoint Site
The attack vector for this exploit is a script run within a SharePoint
site. If this exploit is leveraged, the attacker could elevate
privilege within a SharePoint site. The update modifies the way that
SharePoint 3.0 and Microsoft Office SharePoint Server 2007 validate
URL-encoded requests.
Applies to: SharePoint Services 3.0 on Windows Server 2003 and
Microsoft Office SharePoint Server 2007.
Recommendation: Microsoft rates this update as important. You should
test and deploy it as part of your ongoing patch management routine.
MS07-060: Vulnerability in Microsoft Word Could Allow Remote Code
Execution
The attack vector for this exploit is a specially crafted Word file
with a malformed string. If leveraged, this exploit would allow the
attacker to run remote code on the targeted computer.
Applies to: Office 2000, Office XP, and Office 2004 for Mac. Does not
apply to Office 2003 and Office 2007
Recommendation: Although the vulnerability was privately reported, if
your organization uses the affected software, you should test and
deploy this patch on an accelerated schedule.
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://list.windowsitpro.com/t?ctl=6969E:4160B336D0B60CB1ADB29732861E2724
http://list.windowsitpro.com/t?ctl=696A1:4160B336D0B60CB1ADB29732861E2724
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=6969D:4160B336D0B60CB1ADB29732861E2724
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB1ADB29732861E2724
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=696A0:4160B336D0B60CB1ADB29732861E2724
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=6969C:4160B336D0B60CB1ADB29732861E2724
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2007, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment