Home > Documents > Security Alerts > 2007 > June 2007 Microsoft Security Bulletin (including four critical patches)

June 2007 Microsoft Security Bulletin (including four critical patches) 




                                                  JPCERT-AT-2007-0014
                                                            JPCERT/CC
                                June 13, 2007 (Original release date)


                 <<< JPCERT/CC Alert 2007-06-13 >>>

                June 2007 Microsoft Security Bulletin
                  (including four critical patches)

            http://www.jpcert.or.jp/at/2007/at070014.txt

I. Overview

  Microsoft has released security bulletins for June 2007 which
include four "Critical" security updates.

  Exploitation of these vulnerabilities could allow a remote attacker
to execute arbitrary code.

    Security Bulletin for June 2007
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-jun.mspx

  Detailed information on each vulnerability is available from the
following URLs:

  [Critical Security Updates]
    MS07-031
    Vulnerability in the Windows Schannel Security Package Could
      Allow Remote Code Execution (935840)
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-031.mspx

    MS07-033
    Cumulative Security Update for Internet Explorer (933566)
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-033.mspx

    MS07-034
    Cumulative Security Update for Outlook Express and Windows Mail
      (929123)
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-034.mspx

    MS07-035
    Vulnerability in Win 32 API Could Allow Remote Code Execution
      (935839)
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-035.mspx


II. Solution

  Apply the security updates immediately by using Microsoft Update or
Windows Update.

    Microsoft Update
    https://update.microsoft.com/microsoftupdate

    Windows Update
    https://windowsupdate.microsoft.com/

    Office Update
    http://office.microsoft.com/ja-jp/officeupdate/default.aspx

  Depending on the version of the product, updates may not be
available from Microsoft Update. Use Windows Update or Office Update
as needed.

  For example, to apply security updates for Office 2000, they need
to be downloaded from Office Update. For details of operating systems
supported by Microsoft Update, see "Security Requirements" in the
following URL:

    About Microsoft Update
    http://www.microsoft.com/japan/technet/prodtechnol/microsoftupdate/default.mspx


III. Reference Information

    JP Vendor Status Notes JVNTA07-163A
    Multiple Vulnerabilities in Microsoft Products
    http://jvn.jp/cert/JVNTA07-163A/index.html

    Security Bulletin for June 2007
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-jun.mspx

    Microsoft Update and other services: Frequently asked questions
    http://www.microsoft.com/japan/athome/security/protect/update.mspx

    US-CERT Technical Cyber Security Alert TA07-163A
    Microsoft Updates for Multiple Vulnerabilities
    http://www.us-cert.gov/cas/techalerts/TA07-163A.html

    US-CERT Vulnerability Note VU#457281
    Microsoft Windows Win32 API fails to properly validate function
      parameters
    http://www.kb.cert.org/vuls/id/457281

    US-CERT Vulnerability Note VU#507433
    Microsoft Speech API ActiveX controls contain buffer overflows
    http://www.kb.cert.org/vuls/id/507433

    @police
    About Microsoft security updates
    (MS07-030, 031, 032, 033, 034, 035) (June 13)
    http://www.cyberpolice.go.jp/important/2007/20070613_064528.html


  If you have any information regarding this matter, please contact us.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600  FAX: 03-3518-4602
http://www.jpcert.or.jp/
Top