Dr.Melzer 191 Geschrieben 9. Mai 2007 Melden Teilen Geschrieben 9. Mai 2007 Hallo Gemeinde, nachfolgende Security Bulletins sind gestern Abend veröffentlich worden. Weitere Infos findet Ihr auch unter: Microsoft Security Bulletin Summary für Mai 2007 (dt.) _____________________________________ What is this alert? This alert is to provide you with an overview of the new Security Bulletin being released on 08 May 2007. New Security Bulletins Microsoft is releasing the following new security bulletins for newly discovered vulnerabilities: Bulletin Number Maximum Severity Affected Products Impact MS07-023 Critical Microsoft Excel (all currently supported versions) Remote Code Execution MS07-024 Critical Microsoft Word 2000, 2002, 2003, 2004 (Mac) Remote Code Execution MS07-025 Critical Microsoft Office (all currently supported versions) Remote Code Execution MS07-026 Critical Microsoft Exchange (all current versions) Remote Code Execution MS07-027 Critical Internet Explorer - all current versions on all currently supported versions of Microsoft Windows Remote Code Execution MS07-028 Critical CAPICOM, BizTalk Server Remote Code Execution MS07-029 Critical Windows 2000 (server), Windows Server 2003 Remote Code Execution Summaries for these new security bulletins may be found at the following pages: Microsoft Security Bulletin Summary for May 2007 Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable. Microsoft Windows Malicious Software Removal Tool Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here: The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows XP, or Windows 2000 High-Priority Non-Security Updates on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS) Zitieren Link zu diesem Kommentar
Dr.Melzer 191 Geschrieben 9. Mai 2007 Autor Melden Teilen Geschrieben 9. Mai 2007 Microsoft is also releasing High-Priority NON-SECURITY updates today on WU, MU, SUS and WSUS. For complete details on non-security updates being released today please review the following KB Article: Description of Software Update Services and Windows Server Update Services changes in content for 2007 TechNet Webcast: • Title: Information about Microsoft May Security Bulletins (Level 200) • When: Wednesday, 9 May 2007 11:00 AM (GMT-08:00) Pacific Time (US & Canada) • URL: TechNet Webcast: Information About Microsoft May Security Bulletins (Level 200) • Replay: TechNet Webcast: Information About Microsoft May Security Bulletins (Level 200) ****************************************************************** Security Bulletin Details MS07-023 Title: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233) Affected Software: • Microsoft Excel 2000 • Microsoft Excel 2002 • Microsoft Excel 2003 • Microsoft Excel 2003 Viewer • Microsoft Office Excel 2007 • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats • Microsoft Office 2004 for Mac Non-Affected Software: • Microsoft Works Suite 2004 • Microsoft Works Suite 2005 • Microsoft Works Suite 2006 Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Caveats: None Restart Requirement: Varies depending on which version of the affected software is being updated. See the “Security Update Information” section of the security bulletin for additional details. Removal Information: Varies depending on which version of the affected software is being updated. See the “Security Update Information” section of the security bulletin for additional details. More information on this vulnerability is available at: Microsoft Security Bulletin MS07-023: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233) ****************************************************************** MS07-024 Title: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232) Affected Software: • Microsoft Word 2000 • Microsoft Word 2002 • Microsoft Word 2003 • Microsoft Word Viewer 2003 • Microsoft Office 2004 for Mac • Microsoft Works Suite 2004 • Microsoft Works Suite 2005 • Microsoft Works Suite 2006 Non-Affected Software: • Microsoft Word 2007 Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Caveats: None Restart Requirement: Varies depending on which version of the affected software is being updated. See the “Security Update Information” section of the security bulletin for additional details. Removal Information: Varies depending on which version of the affected software is being updated. See the “Security Update Information” section of the security bulletin for additional details. More information on this vulnerability is available at: Microsoft Security Bulletin MS07-024: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232) Zitieren Link zu diesem Kommentar
Dr.Melzer 191 Geschrieben 9. Mai 2007 Autor Melden Teilen Geschrieben 9. Mai 2007 ****************************************************************** MS07-025 Title: Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873) Affected Software: Microsoft Office 2000 Service Pack 3: • Microsoft Excel 2000 • Microsoft FrontPage 2000 • Microsoft Publisher 2000 Microsoft Office XP Service Pack 3: • Microsoft Excel 2002 • Microsoft FrontPage 2002 • Microsoft Publisher 2002 Microsoft Office 2003 Service Pack 2: • Microsoft Excel 2003 • Microsoft FrontPage 2003 • Microsoft Publisher 2003 • Microsoft Excel 2003 Viewer 2007 Microsoft Office System: • Microsoft Office Excel 2007 • Microsoft Office Publisher 2007 • Microsoft Office SharePoint Designer 2007 • Microsoft Expression Web Microsoft Office 2004 for Mac Non-Affected Software: Please see the security bulletin for details. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Caveats: None Restart Requirement: Varies depending on which version of the affected software is being updated. See the “Security Update Information” section of the security bulletin for additional details. Removal Information: Varies depending on which version of the affected software is being updated. See the “Security Update Information” section of the security bulletin for additional details. More information on this vulnerability is available at: Microsoft Security Bulletin MS07-025: Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873) ****************************************************************** MS07-026 Title: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832) Affected Software: • Microsoft Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004 • Microsoft Exchange Server 2003 Service Pack 1 • Microsoft Exchange Server 2003 Service Pack 2 • Microsoft Exchange Server 2007 Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Caveats: None Restart Requirement: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012. Removal Information: To remove this update, use Add or Remove Programs in Control Panel. System administrators can use the Spuninst.exe utility to remove this security update. More information on this vulnerability is available at: Microsoft Security Bulletin MS07-026: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832) Zitieren Link zu diesem Kommentar
Dr.Melzer 191 Geschrieben 9. Mai 2007 Autor Melden Teilen Geschrieben 9. Mai 2007 MS07-027 Title: Cumulative Security Update for Internet Explorer (931768) Affected Components: • Microsoft Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4 • Microsoft Internet Explorer 6 Service Pack 1 when installed on Windows 2000 Service Pack 4 • Microsoft Internet Explorer 6 for Windows XP Service Pack 2 • Microsoft Internet Explorer 6 for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 • Microsoft Internet Explorer 6 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 • Microsoft Internet Explorer 6 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems • Microsoft Internet Explorer 6 for Windows Server 2003 x64 Edition Service Pack 1 and Windows Server 2003 x64 Edition Service Pack 2 • Windows Internet Explorer 7 for Windows XP Service Pack 2 • Windows Internet Explorer 7 for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 • Windows Internet Explorer 7 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 • Windows Internet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems • Windows Internet Explorer 7 for Windows Server 2003 x64 Edition Service Pack 1 and Windows Server 2003 x64 Edition Service Pack 2 • Windows Internet Explorer 7 in Windows Vista • Windows Internet Explorer 7 in Windows Vista x64 Edition Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Caveats: Microsoft Knowledge Base Article 931768 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 931768. Restart Requirement: You must restart your system after you apply this security update. Removal Information: Varies depending on which version is being updated on which Operating System. See the “Security Update Information” section of the security bulletin for additional details. More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS07-027.mspx ****************************************************************** MS07-028 Title: Vulnerability in CAPICOM Could Allow Remote Code Execution (931906) Affected Software: • CAPICOM • Platform SDK Redistributable: CAPICOM • BizTalk Server 2004 Service Pack 1 • BizTalk Server 2004 Service Pack 2 Non-Affected Software: • BizTalk Server 2000 • BizTalk Server 2002 • BizTalk Server 2006 Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Caveats: None Restart Requirement: This update does not require a restart. Removal Information: To remove this security update, use the Add or Remove Programs tool in Control Panel. More information on this vulnerability is available at: Microsoft Security Bulletin MS07-028: Vulnerability in CAPICOM Could Allow Remote Code Execution (931906) Zitieren Link zu diesem Kommentar
Dr.Melzer 191 Geschrieben 9. Mai 2007 Autor Melden Teilen Geschrieben 9. Mai 2007 MS07-029 Title: Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) Affected Software: • Microsoft Windows 2000 Server Service Pack 4 • Microsoft Windows Server 2003 Service Pack 1 and Microsoft Windows Server 2003 Service Pack 2 • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems • Microsoft Windows Server 2003 x64 Edition Service Pack 1 and Microsoft Windows Server 2003 x64 Edition Service Pack 2 Non-Affected Software: • Microsoft Windows 2000 Professional Service Pack 4 • Microsoft Windows XP Service Pack 2 • Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2 • Windows Vista • Windows Vista x64 Edition Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Caveats: None Restart Requirement: You must restart your system after you apply this security update. Removal Information: To remove this update, use the Add or Remove Programs tool in Control Panel. System administrators can also use the Spuninst.exe utility to remove this security update More information on this vulnerability is available at: Microsoft Security Bulletin MS07-029: Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) ****************************************************************** If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant. Thank you, Microsoft PSS Security Team Zitieren Link zu diesem Kommentar
Empfohlene Beiträge
Schreibe einen Kommentar
Du kannst jetzt antworten und Dich später registrieren. Falls Du bereits ein Mitglied bist, logge Dich jetzt ein.