Bulletin ID: MS07-067 |
Title: Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653) |
Update Type: Security Update |
Severity: Important |
Date: 2007-12-11 |
Description: This important security update resolves one publicly disclosed vulnerability. A local elevation of privilege vulnerability exists in the way that the Macrovision driver incorrectly handles configuration parameters. A local attacker who successfully exploited this vulnerability could take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. | ||||
Vulnerabilities: CVE-2007-5587 |
Included Updates: 944653 |
Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-066 |
Title: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078) |
Update Type: Security Update |
Severity: Important |
Date: 2007-12-11 |
Description: This important security update resolves a privately reported vulnerability in the Windows kernel. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. | ||||
Vulnerabilities: CVE-2007-5350 |
Included Updates: 943078 |
Applies to: Windows Vista |
Bulletin ID: MS07-065 |
Title: Vulnerability in Message Queuing Could Allow Remote Code Execution (937894) |
Update Type: Security Update |
Severity: Important |
Date: 2007-12-11 |
Description: This important security update resolves a privately reported vulnerability in Message Queuing Service (MSMQ) that could allow remote code execution in implementations on Microsoft Windows 2000, or elevation of privilege in implementations on Microsoft Windows XP. An attacker must have valid logon credentials to exploit the elevation of privilege vulnerability on Windows XP. An attacker could then install programs; view, change, or delete data; or create new accounts. | ||||
Vulnerabilities: CVE-2007-3039 |
Included Updates: 937894 |
Applies to: Windows 2000 Windows XP |
Bulletin ID: MS07-064 |
Title: Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-12-11 |
Description: This critical security update resolves two privately reported vulnerabilities in Microsoft DirectX. These vulnerabilities could allow code execution if a user opened a specially crafted file used for streaming media in DirectX. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2007-3895 CVE-2007-3901 |
Included Updates: 941568 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows Vista Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-063 |
Title: Vulnerability in SMBv2 Could Allow Remote Code Execution (942624) |
Update Type: Security Update |
Severity: Important |
Date: 2007-12-11 |
Description: This important security update resolves a privately reported vulnerability in Server Message Block Version 2 (SMBv2). The vulnerability could allow an attacker to tamper with data transferred via SMBv2, which could allow remote code execution in domain configurations communicating with SMBv2. | ||||
Vulnerabilities: CVE-2007-5351 |
Included Updates: 942624 |
Applies to: Windows Vista |
Bulletin ID: MS07-038 |
Title: Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807) |
Update Type: Security Update |
Severity: Moderate |
Date: 2007-12-11 |
Description: This moderate security update resolves a privately reported vulnerability. This vulnerability could allow incoming unsolicited network traffic to access a network interface. An attacker could potentially gather information about the affected host. | ||||
Vulnerabilities: CVE-2007-3038 |
Included Updates: 935807 |
Applies to: Windows Vista |
Bulletin ID: MS05-004 |
Title: ASP.NET Path Validation Vulnerability (887219) |
Update Type: Security Update |
Severity: Important |
Date: 2007-12-11 |
Description: This update resolves a public vulnerability in ASP.NET that could allow an attacker to bypass the security of an ASP.NET Web site and gain unauthorized access. The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could gain unauthorized access to parts of a Web site. The actions that the attacker could take would depend on the specific content being protected. | ||||
Vulnerabilities: CAN-2004-0847 |
Included Updates: 886903 886906 887219 887998 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows Vista Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-062 |
Title: Vulnerability in DNS Could Allow Spoofing (941672) |
Update Type: Security Update |
Severity: Important |
Date: 2007-11-13 |
Description: This important security update resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS Servers and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations. | ||||
Vulnerabilities: CVE-2007-3898 |
Included Updates: 941672 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition |
Bulletin ID: MS07-061 |
Title: Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-11-13 |
Description: This update resolves a publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003. | ||||
Vulnerabilities: CVE-2007-3896 |
Included Updates: 943460 |
Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-056 |
Title: Security Update for Outlook Express and Windows Mail (941202) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-11-13 |
Description: This critical security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution due to an incorrectly handled malformed NNTP response. An attacker could exploit the vulnerability by constructing a specially crafted Web page. | ||||
Vulnerabilities: CVE-2007-3897 |
Included Updates: 941202 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows Vista Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-049 |
Title: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986) |
Update Type: Security Update |
Severity: Important |
Date: 2007-11-13 |
Description: This important security update resolves one privately reported vulnerability. This is an elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system. Only guest operating system users who are granted administrative permissions to the guest operating system would be able to exploit this vulnerability. Guest operating system users not granted administrative permissions to the guest operating system would be unable to exploit this vulnerability. | ||||
Vulnerabilities: CVE-2007-0948 |
Included Updates: 937986 |
Applies to: Virtual PC Virtual Server |
Bulletin ID: MS07-060 |
Title: Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-10-09 |
Description: This security update resolves a privately reported vulnerability in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file with a malformed string. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2007-3899 |
Included Updates: 942670 942695 |
Applies to: Office 2002/XP |
Bulletin ID: MS07-059 |
Title: Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017) |
Update Type: Security Update |
Severity: Important |
Date: 2007-10-09 |
Description: This security update resolves a publicly reported vulnerability in Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007. The vulnerability could allow an attacker to run arbitrary script that could result in elevation of privilege within the SharePoint site, as opposed to elevation of privilege within the workstation or server environment. The vulnerability could also allow an attacker to run arbitrary script to modify a user’s cache, resulting in information disclosure at the workstation. | ||||
Vulnerabilities: CVE-2007-2581 |
Included Updates: 934525 937832 942017 |
Applies to: Office 2007 Windows Server 2003 Windows Server 2003, Datacenter Edition |
Bulletin ID: MS07-058 |
Title: Vulnerability in RPC Could Allow Denial of Service (933729) |
Update Type: Security Update |
Severity: Important |
Date: 2007-10-09 |
Description: This update resolves a privately reported vulnerability. A denial of service vulnerability exists in the remote procedure call (RPC) facility due to a failure in communicating with the NTLM security provider when performing authentication of RPC requests. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. | ||||
Vulnerabilities: CVE-2007-2228 |
Included Updates: 933729 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows Vista Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-053 |
Title: Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778) |
Update Type: Security Update |
Severity: Important |
Date: 2007-09-25 |
Description: This important security update resolves one publicly disclosed vulnerability. A vulnerability exists in Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications where running certain setuid binary files could allow an attacker to gain elevation of privilege. | ||||
Vulnerabilities: CVE-2007-3036 |
Included Updates: 939778 |
Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition Windows Vista |
Bulletin ID: MS07-052 |
Title: Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522) |
Update Type: Security Update |
Severity: Important |
Date: 2007-09-13 |
Description: This important security update resolves a publicly disclosed vulnerability. This vulnerability could allow remote code execution if a user opens a specially crafted RPT file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2006-6133 |
Included Updates: 937060 937061 941522 |
Applies to: Visual Studio 2005 |
Bulletin ID: MS07-051 |
Title: Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-09-11 |
Description: This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in Microsoft Agent in the way that it handles certain specially crafted URLs. The vulnerability could allow an attacker to remotely execute code on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2007-3040 |
Included Updates: 938827 |
Applies to: Windows 2000 |
Bulletin ID: MS04-032 |
Title: Security Update for Microsoft Windows (840987) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-09-11 |
Description: This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. | ||||
Vulnerabilities: CAN-2004-0207 CAN-2004-0208 CAN-2004-0209 CAN-2004-0211 |
Included Updates: 840987 |
Applies to: Windows 2000 Windows XP |
Bulletin ID: MS04-019 |
Title: Vulnerability in Utility Manager Could Allow Code Execution (842526) |
Update Type: Security Update |
Severity: Important |
Date: 2007-09-11 |
Description: This update resolves a newly-discovered, privately reported vulnerability. A privilege elevation vulnerability exists in the way that Utility Manager launches applications. A logged-on user could force Utility Manager to start an application with system privileges and could take complete control of the system. The vulnerability is documented in the Vulnerability Details section of this bulletin. | ||||
Vulnerabilities: CAN-2004-0213 |
Included Updates: 842526 |
Applies to: Windows 2000 |
Bulletin ID: MS07-050 |
Title: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-08-14 |
Description: This security update resolves a privately reported vulnerability in the Vector Markup Language (VML) implementation in Windows. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2007-1749 |
Included Updates: 938127 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows Vista Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-048 |
Title: Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123) |
Update Type: Security Update |
Severity: Important |
Date: 2007-08-14 |
Description: This important security update resolves two privately reported vulnerabilities in addition to other vulnerabilities identified during the course of the investigation. These vulnerabilities could allow an anonymous remote attacker to run code with the privileges of the logged on user. If a user subscribed to a malicious RSS feed in the Feed Headlines Gadget or added a malicious contacts file in the Contacts Gadget or a user clicked on a malicious link in the Weather Gadget an attacker could potentially run code on the system. In all attack vectors, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2007-3032 CVE-2007-3033 CVE-2007-3891 |
Included Updates: 938123 |
Applies to: Windows Vista |
Bulletin ID: MS07-046 |
Title: Vulnerability in GDI Could Allow Remote Code Execution (938829) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-08-14 |
Description: This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in the Graphics Rendering Engine in the way that it handles specially crafted images. An attacker could exploit the vulnerability by constructing a specially crafted image that could potentially allow remote code execution if a user opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system. | ||||
Vulnerabilities: CVE-2007-3034 |
Included Updates: 938829 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-045 |
Title: Cumulative Security Update for Internet Explorer (937143) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-08-14 |
Description: This critical security update resolves three privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2007-0943 CVE-2007-1891 CVE-2007-1892 CVE-2007-2216 CVE-2007-3041 |
Included Updates: 937143 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows Vista Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-044 |
Title: Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-08-14 |
Description: This security update resolves a privately reported vulnerability in addition to other security issues identified during the course of the investigation. These vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2007-3890 |
Included Updates: 940601 940602 940604 940965 |
Applies to: Office 2002/XP Office 2003 |
Bulletin ID: MS07-043 |
Title: Vulnerability in OLE Automation Could Allow Remote Code Execution (921503) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-08-14 |
Description: This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page. The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2007-2224 |
Included Updates: 921503 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-042 |
Title: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-08-14 |
Description: This security update resolves a privately reported vulnerability. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. The vulnerability could be exploited through attacks on Microsoft XML Core Services. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2007-2223 |
Included Updates: 933579 936021 936048 936056 936181 936227 936960 |
Applies to: Office 2003 Office 2007 Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows Server 2008 Windows Vista Windows XP Windows XP x64 Edition |
Bulletin ID: MS06-014 |
Title: Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-08-14 |
Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
Vulnerabilities: CVE-2006-0003 |
Included Updates: 911562 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
Bulletin ID: MS04-016 |
Title: Vulnerability in DirectPlay Could Allow Denial of Service (839643) |
Update Type: Security Update |
Severity: Moderate |
Date: 2007-08-14 |
Description: This update resolves a newly-discovered, privately reported vulnerability. A denial of service vulnerability exists in the implementation of the IDirectPlay4 application programming interface (API) of Microsoft DirectPlay because of a lack of robust packet validation. The vulnerability is documented in the Vulnerability Details section of this bulletin. | ||||
Vulnerabilities: |
Included Updates: 839643 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
Bulletin ID: MS07-041 |
Title: Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373) |
Update Type: Security Update |
Severity: Important |
Date: 2007-07-10 |
Description: This important security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if an attacker sent specially crafted URL requests to a Web page hosted by Internet Information Services (IIS) 5.1 on Windows XP Professional Service Pack 2. IIS 5.1 is not part of a default install of Windows XP Professional Service Pack 2. An attacker who successfully exploited this vulnerability could take complete control of the affected system. | ||||
Vulnerabilities: CVE-2005-4360 |
Included Updates: 939373 |
Applies to: Windows XP |
Bulletin ID: MS07-039 |
Title: Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-07-10 |
Description: This critical security update resolves a privately reported vulnerability in implementations of Active Directory on Windows 2000 Server and Windows Server 2003 that could allow remote code execution or a denial of service condition. Attacks attempting to exploit this vulnerability would most likely result in a denial of service condition. However remote code execution could be possible. On Windows Server 2003 an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. | ||||
Vulnerabilities: CVE-2007-0040 CVE-2007-3028 |
Included Updates: 926122 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition |
Bulletin ID: MS07-037 |
Title: Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548) |
Update Type: Security Update |
Severity: Important |
Date: 2007-07-10 |
Description: This important security update resolves one publicly disclosed vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Microsoft Office Publisher file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required to exploit this vulnerability. | ||||
Vulnerabilities: CVE-2007-1754 |
Included Updates: 936548 936646 |
Applies to: Office 2007 |
Bulletin ID: MS07-036 |
Title: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-07-10 |
Description: This critical update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in addition to other security issues identified during the course of the investigation. These vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2007-1756 CVE-2007-3029 CVE-2007-3030 |
Included Updates: 936507 936508 936509 936513 936514 936542 |
Applies to: Office 2002/XP Office 2003 Office 2007 |
Bulletin ID: MS06-039 |
Title: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-07-10 |
Description: This update resolves two newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own "Vulnerability Details" section in this bulletin. | ||||
Vulnerabilities: CVE-2006-0007 CVE-2006-0033 |
Included Updates: 914455 914796 915384 920102 |
Applies to: Office 2002/XP Office 2003 |
Bulletin ID: MS07-035 |
Title: Vulnerability in Win 32 API Could Allow Remote Code Execution (935839) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-06-26 |
Description: This critical security update resolves a privately reported vulnerability in a Win32 API. This vulnerability could allow remote code execution or elevation of privilege if the affected API is used locally by a specially crafted application. Therefore applications that use this component of the Win32 API could be used as a vector for this vulnerability. For example, Internet Explorer uses this Win32 API function when parsing specially crafted Web pages. | ||||
Vulnerabilities: CVE-2007-2219 |
Included Updates: 935839 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-032 |
Title: Vulnerability in Windows Vista Could Allow Information Disclosure (931213) |
Update Type: Security Update |
Severity: Moderate |
Date: 2007-06-26 |
Description: This moderate security update resolves a privately reported vulnerability. This vulnerability could allow non-privileged users to access local user information data stores including administrative passwords contained within the registry and local file system. | ||||
Vulnerabilities: CVE-2007-2229 |
Included Updates: 931213 |
Applies to: Windows Vista |
Bulletin ID: MS07-022 |
Title: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784) |
Update Type: Security Update |
Severity: Important |
Date: 2007-06-26 |
Description: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. | ||||
Vulnerabilities: CVE-2007-1206 |
Included Updates: 931784 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
Bulletin ID: MS07-034 |
Title: Cumulative Security Update for Outlook Express and Windows Mail (929123) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-06-19 |
Description: This critical security update resolves two privately reported and two publicly disclosed vulnerabilities. One of these vulnerabilities could allow remote code execution if a user viewed a specially crafted e-mail using Windows Mail in Windows Vista. The other vulnerabilities could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer and cannot be exploited directly in Outlook Express. For the information disclosure vulnerabilities, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2006-2111 CVE-2007-1658 CVE-2007-2225 CVE-2007-2227 |
Included Updates: 929123 |
Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition Windows Vista Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-031 |
Title: Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-06-12 |
Description: This critical security update resolves a privately reported vulnerability in the Secure Channel (Schannel) security package in Windows. The Schannel security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using an Internet Web browser or used an application that makes use of SSL/TLS. However, attempts to exploit this vulnerability would most likely result in the Internet Web browser or application exiting. The system would not be able to connect to Web sites or resources using SSL or TLS until a restart of the system. | ||||
Vulnerabilities: CVE-2007-2218 |
Included Updates: 935840 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-030 |
Title: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051) |
Update Type: Security Update |
Severity: Important |
Date: 2007-06-12 |
Description: This important update resolves two privately reported vulnerabilities in addition to other security issues identified during the course of the investigation. The privately reported vulnerabilities could allow remote code execution if a user opened a specially crafted Visio file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required to exploit these vulnerabilities. | ||||
Vulnerabilities: CVE-2007-0934 CVE-2007-0936 |
Included Updates: 927051 931280 931281 |
Applies to: Office 2002/XP Office 2003 |
Bulletin ID: MS07-018 |
Title: Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-06-12 |
Description: This update resolves two newly discovered, privately reported vulnerabilities. Each vulnerability is documented in the "Vulnerability Details" section of this bulletin. | ||||
Vulnerabilities: CVE-2007-0938 CVE-2007-0939 |
Included Updates: 924429 925939 |
Applies to: Office 2002/XP |
Bulletin ID: MS07-012 |
Title: Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) |
Update Type: Security Update |
Severity: Important |
Date: 2007-06-12 |
Description: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. | ||||
Vulnerabilities: CVE-2007-0025 |
Included Updates: 924667 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-025 |
Title: Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-05-15 |
Description: This update resolves a privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. | ||||
Vulnerabilities: CVE-2007-1747 |
Included Updates: 934062 934180 934705 934873 |
Applies to: Office 2002/XP Office 2003 Office 2007 |
Bulletin ID: MS07-023 |
Title: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-05-15 |
Description: This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. | ||||
Vulnerabilities: CVE-2007-0215 CVE-2007-1203 CVE-2007-1214 |
Included Updates: 933666 933688 934233 934445 934453 934670 |
Applies to: Office 2002/XP Office 2003 Office 2007 |
Bulletin ID: MS07-029 |
Title: Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-05-08 |
Description: This update resolves a publicly disclosed vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. | ||||
Vulnerabilities: CVE-2007-1748 |
Included Updates: 935966 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition |
Bulletin ID: MS07-028 |
Title: Vulnerability in CAPICOM Could Allow Remote Code Execution (931906) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-05-08 |
Description: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. | ||||
Vulnerabilities: CVE-2007-0940 |
Included Updates: 931906 |
Applies to: CAPICOM |
Bulletin ID: MS07-024 |
Title: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-05-08 |
Description: This update resolves several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. | ||||
Vulnerabilities: CVE-2007-0035 CVE-2007-0870 CVE-2007-1202 cve-2007-0870 |
Included Updates: 934041 934181 934232 934394 |
Applies to: Office 2002/XP Office 2003 |
Bulletin ID: MS07-009 |
Title: Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-05-08 |
Description: This update resolves a public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. | ||||
Vulnerabilities: CVE-2006-5559 |
Included Updates: 927779 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
Bulletin ID: MS06-068 |
Title: Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-05-08 |
Description: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. | ||||
Vulnerabilities: CVE-2006-3445 |
Included Updates: 920213 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
Bulletin ID: MS05-032 |
Title: Vulnerability in Microsoft Agent Could Allow Spoofing (890046) |
Update Type: Security Update |
Severity: Moderate |
Date: 2007-05-08 |
Description: This update resolves a newly-discovered, privately-reported vulnerability. This vulnerability could enable an attacker to spoof trusted Internet content. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
Vulnerabilities: CAN-2005-1214 |
Included Updates: 890046 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
Bulletin ID: MS06-071 |
Title: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-04-24 |
Description: This update resolves a newly discovered, publicly disclosed vulnerability. The vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin. | ||||
Vulnerabilities: CVE-2006-5745 |
Included Updates: 927977 927978 928088 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows Vista Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-021 |
Title: Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-04-10 |
Description: This update resolves several newly discovered, privately and publicly disclosed vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. | ||||
Vulnerabilities: CVE-2006-6696 CVE-2006-6797 CVE-2007-1209 |
Included Updates: 930178 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows Vista Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-020 |
Title: Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-04-10 |
Description: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. | ||||
Vulnerabilities: CVE-2007-1205 |
Included Updates: 932168 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-019 |
Title: Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-04-10 |
Description: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. | ||||
Vulnerabilities: CVE-2007-1204 |
Included Updates: 931261 |
Applies to: Windows XP Windows XP x64 Edition |
Bulletin ID: MS06-015 |
Title: Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-03-13 |
Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. | ||||
Vulnerabilities: CVE-2006-0012 |
Included Updates: 908531 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-015 |
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-02-13 |
Description: This update resolves two newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin. | ||||
Vulnerabilities: CVE-2006-3877 CVE-2007-0671 |
Included Updates: 929063 929064 932554 |
Applies to: Office 2002/XP Office 2003 |
Bulletin ID: MS07-014 |
Title: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-02-13 |
Description: This update resolves several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin. | ||||
Vulnerabilities: CVE-2006-5994 CVE-2006-6456 CVE-2006-6561 CVE-2007-0208 CVE-2007-0209 CVE-2007-0515 |
Included Updates: 924883 929057 929061 929434 |
Applies to: Office 2002/XP Office 2003 |
Bulletin ID: MS07-013 |
Title: Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118) |
Update Type: Security Update |
Severity: Important |
Date: 2007-02-13 |
Description: This update addresses a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. | ||||
Vulnerabilities: CVE-2006-1311 |
Included Updates: 918118 920813 920816 929437 |
Applies to: Office 2002/XP Office 2003 Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-011 |
Title: Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436) |
Update Type: Security Update |
Severity: Important |
Date: 2007-02-13 |
Description: This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. | ||||
Vulnerabilities: CVE-2007-0026 |
Included Updates: 926436 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-008 |
Title: Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-02-13 |
Description: This update resolves a newly discovered, privately reported vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. | ||||
Vulnerabilities: CVE-2007-0214 |
Included Updates: 928843 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-007 |
Title: Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802) |
Update Type: Security Update |
Severity: Important |
Date: 2007-02-13 |
Description: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. | ||||
Vulnerabilities: CVE-2007-0210 |
Included Updates: 927802 |
Applies to: Windows XP |
Bulletin ID: MS07-006 |
Title: Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) |
Update Type: Security Update |
Severity: Important |
Date: 2007-02-13 |
Description: This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. | ||||
Vulnerabilities: CVE-2007-0211 |
Included Updates: 928255 |
Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-004 |
Title: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-01-09 |
Description: This update resolves a public vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. | ||||
Vulnerabilities: CVE-2007-0024 |
Included Updates: 929969 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows Vista Windows XP Windows XP x64 Edition |
Bulletin ID: MS07-003 |
Title: Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-01-09 |
Description: This update addresses several newly discovered, privately and publicly reported vulnerabilities. The vulnerabilities are documented in the “Vulnerability Details” section of this bulletin. | ||||
Vulnerabilities: CVE-2006-1305 CVE-2007-0033 CVE-2007-0034 |
Included Updates: 921594 924085 925938 |
Applies to: Office 2002/XP Office 2003 |
Bulletin ID: MS07-002 |
Title: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198) |
Update Type: Security Update |
Severity: Critical |
Date: 2007-01-09 |
Description: This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin. | ||||
Vulnerabilities: CVE-2007-0027 CVE-2007-0028 CVE-2007-0029 CVE-2007-0030 CVE-2007-0031 |
Included Updates: 925257 925523 925525 927198 |
Applies to: Office 2002/XP Office 2003 |
Bulletin ID: MS07-001 |
Title: Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585) |
Update Type: Security Update |
Severity: Important |
Date: 2007-01-09 |
Description: This update resolves a newly discovered, publicly reported vulnerability. The vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin. | ||||
Vulnerabilities: CVE-2006-5574 |
Included Updates: 921585 |
Applies to: Office 2003 |