Home > Documents > Security Alerts > 2007 > Nov 2007 Microsoft Security Bulletin (including one critical patch)

Nov 2007 Microsoft Security Bulletin (including one critical patch)




                                                   JPCERT-AT-2007-0022
                                                             JPCERT/CC
                                                     November 14, 2007

                 <<< JPCERT/CC Alert 2007-11-14 >>>

                 Nov 2007 Microsoft Security Bulletin
                    (including one critical patch)

               http://www.jpcert.or.jp/at/2007/at070022.txt

I. Overview

  Microsoft has released security bulletins for November 2007 which
include one "Critical" security update.

  Exploitation of this vulnerability could allow a remote attacker to
execute arbitrary code.

    Security Bulletin for November 2007
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-nov.mspx

  Detailed information on this vulnerability is available from the
following URL:

  [Critical Security Updates]

    MS07-061
    Vulnerability in Windows URI Handling Could Allow Remote Code
      Execution (943460)
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-061.mspx


II. Solution

  Apply the security updates immediately by using Microsoft Update or
    Windows Update.

    Microsoft Update
    https://www.update.microsoft.com/

    Windows Update
    https://windowsupdate.microsoft.com/


III. Reference Information

    US-CERT Technical Cyber Security Alert TA07-317A
    Microsoft Updates for Multiple Vulnerabilities
    http://www.us-cert.gov/cas/techalerts/TA07-317A.html

    Security Bulletin for November 2007
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-nov.mspx

    Microsoft Update and other services: Frequently asked questions
    http://www.microsoft.com/japan/athome/security/protect/update.mspx

    Vulnerability Note VU#403150
    Microsoft Windows URI protocol handling vulnerability
    http://www.kb.cert.org/vuls/id/403150

    Vulnerability Note VU#484649
    Microsoft Windows DNS Server vulnerable to cache poisoning
    http://www.kb.cert.org/vuls/id/484649 
    
    @police
    About Microsoft security updates (MS07-061, 062) (November 14)
    http://www.cyberpolice.go.jp/important/2007/20071114_064045.html
  

  If you have any information regarding this matter, please contact us.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600  FAX: 03-3518-4602
http://www.jpcert.or.jp/