News

Tuesday, November 13, 2007

Security Alert: 2 Microsoft Security Bulletins for November 2007

SPONSOR: Lucid8

The Essential Guide to E-Discovery & Recovery for Microsoft Exchange
With more than 75 percent of business-critical information residing
in e-mail today, you are more likely to find evidence sitting in
someone's inbox than in their filing cabinet or on a file share. The
growing importance of e-mail has not been lost on the lawyers, courts,
or government regulators. In fact, e-mail is being placed at the center
of legal discovery requests and is increasingly used in a variety of
legal and regulatory proceedings, from e-discovery for civil lawsuits
to providing the grounds for prosecuting criminal cases.

http://list.windowsitpro.com/t?ctl=6DCC5:4160B336D0B60CB11FEE4DD787BDDE50


=== SECURITY ALERT =============================================

2 Microsoft Security Bulletins for November 2007
by Orin Thomas, MVP Windows Security, orin@windowsitpro.com

Microsoft released two security updates for November, rating one of
them as critical. Here's a brief description of each update; for more
information, go to

http://list.windowsitpro.com/t?ctl=6DCC2:4160B336D0B60CB11FEE4DD787BDDE50

MS07-061: Vulnerability in Windows URI Handling Could Allow Remote Code
Execution

The attack vector for this exploit is a specially crafted Uniform
Resource Identifier (URI) which could be located in an application or
an attachment. If unpatched, the vulnerability could allow the
execution of unauthorized code on the target computer.

Applies to: Windows XP and Windows Server 2003. Does not apply to
Windows Vista or Windows 2000 SP4.

Recommendation: The vulnerability has been publicly disclosed. You
should perform accelerated testing and deployment of this update.

MS07-062: Vulnerability in DNS Could Allow Spoofing

The attack vector for this exploit is specially crafted responses to
DNS requests, which could be used to redirect Internet traffic from
legitimate locations.

Applies to: Windows 2000 Server and Windows Server 2003. Does not apply
to client software such as Windows Vista or Windows XP

Recommendation: Microsoft rates this update as important. If you deploy
an Internet-facing DNS server, you should perform accelerated testing
and deployment. If you deploy DNS only on an internal network, you
should test and patch as part of your normal patch management cycle.


================================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).

http://list.windowsitpro.com/t?ctl=6DCC6:4160B336D0B60CB11FEE4DD787BDDE50

http://list.windowsitpro.com/t?ctl=6DCC8:4160B336D0B60CB11FEE4DD787BDDE50

Subscribe to Security UPDATE at

http://list.windowsitpro.com/t?ctl=6DCC4:4160B336D0B60CB11FEE4DD787BDDE50

Unsubscribe by clicking

http://list.windowsitpro.com/u?id=4160B336D0B60CB11FEE4DD787BDDE50

Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.

To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=6DCC7:4160B336D0B60CB11FEE4DD787BDDE50

About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://list.windowsitpro.com/t?ctl=6DCC3:4160B336D0B60CB11FEE4DD787BDDE50

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

No comments:

Blog Archive