Home > Documents > Security Alerts > 2007 > Aug 2007 Microsoft Security Bulletin (including six critical patches)

Aug 2007 Microsoft Security Bulletin (including six critical patches) 




                                                  JPCERT-AT-2007-0018
                                                            JPCERT/CC
                                                      August 15, 2007


                 <<< JPCERT/CC Alert 2007-08-15 >>>

                Aug 2007 Microsoft Security Bulletin
                  (including six critical patches)

               http://www.jpcert.or.jp/at/2007/at070018.txt

I. Overview

  Microsoft has released security bulletins for August 2007 which
include six "Critical" security updates.

  Exploitation of these vulnerabilities could allow a remote attacker
to execute arbitrary code.

    Security Bulletin for August 2007
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-aug.mspx

  Detailed information on each vulnerability is available from the
following URLs:

  [Critical Security Updates]

    MS07-042
    Vulnerability in Microsoft XML Core Services Could Allow Remote
      Code Execution (936227)
    http://www.microsoft.com/japan/technet/security/bulletin/MS07-042.mspx

    MS07-043
    Vulnerability in OLE Automation Could Allow Remote Code Execution
      (921503)
    http://www.microsoft.com/japan/technet/security/bulletin/MS07-043.mspx

    MS07-044
    Vulnerability in Microsoft Excel Could Allow Remote Code 
      Execution (940965)
    http://www.microsoft.com/japan/technet/security/bulletin/MS07-044.mspx

    MS07-045
    Cumulative Security Update for Internet Explorer (937143)
    http://www.microsoft.com/japan/technet/security/bulletin/MS07-045.mspx

    MS07-046
    Vulnerability in GDI Could Allow Remote Code Execution (938829)
    http://www.microsoft.com/japan/technet/security/bulletin/MS07-046.mspx

    MS07-050
    Vulnerability in Vector Markup Language Could Allow Remote Code
      Execution (938127)
    http://www.microsoft.com/japan/technet/security/bulletin/MS07-050.mspx


II. Solution

  Apply the security updates immediately by using Microsoft Update or
Windows Update.

    Microsoft Update
    https://update.microsoft.com/microsoftupdate

    Windows Update
    https://windowsupdate.microsoft.com/

    Office Update
    http://office.microsoft.com/ja-jp/officeupdate/default.aspx

  Depending on the version of the product, updates may not be
available from Microsoft Update. Use Windows Update or Office Update
as needed.

  For example, to apply security updates for Office 2000, they need
to be downloaded from Office Update. For details of operating systems
supported by Microsoft Update, see "Security Requirements" in the
following URL:

    About Microsoft Update
    http://www.microsoft.com/japan/technet/prodtechnol/microsoftupdate/default.mspx


III. Reference Information

    US-CERT Technical Cyber Security Alert TA07-226A
    Microsoft Updates for Multiple Vulnerabilities
    http://www.us-cert.gov/cas/techalerts/TA07-226A.html

    Security Bulletin for August 2007
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-aug.mspx

    Microsoft Update and other services: Frequently asked questions
    http://www.microsoft.com/japan/athome/security/protect/update.mspx
  
    US-CERT Vulnerability Note VU#640136
    Microsoft GDI Windows Metafile AttemptWrite integer overflow
    http://www.kb.cert.org/vuls/id/640136

    US-CERT Vulnerability Note VU#468800
    Microsoft Windows VML compressed content integer underflow
    http://www.kb.cert.org/vuls/id/468800

    US-CERT Vulnerability Note VU#361968
    Microsoft XML Core Services fails to properly validate input
    http://www.kb.cert.org/vuls/id/361968


  If you have any information regarding this matter, please contact us.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600  FAX: 03-3518-4602
http://www.jpcert.or.jp/
Top