Dec 2007 Microsoft Security Bulletin (including three critical patches)

Dec 2007 Microsoft Security Bulletin (including three critical patches)




                                                   JPCERT-AT-2007-0024
                                                             JPCERT/CC
                                                     December 12, 2007

                 <<< JPCERT/CC Alert 2007-12-12 >>>

                 Dec 2007 Microsoft Security Bulletin
                  (including three critical patches)

             http://www.jpcert.or.jp/at/2007/at070024.txt

I. Overview

  Microsoft has released security bulletins for December 2007 which
include three "Critical" security updates.

  Exploitation of these vulnerabilities could allow a remote attacker
to execute arbitrary code.

    Security Bulletin for December 2007
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-dec.mspx

  Detailed information on each vulnerability is available from the
following URLs:

  [Critical Security Updates]

    MS07-064
    Vulnerabilities in DirectX Could Allow Remote Code Execution 
      (941568)
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-064.mspx

    MS07-068
    Vulnerability in Windows Media File Format Could Allow Remote 
      Code Execution (941569 and 944275)
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-068.mspx

    MS07-069
    Cumulative Security Update for Internet Explorer (942615)
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-069.mspx

  According to Microsoft, attacks exploiting the DHTML object memory
corruption vulnerability fixed in MS07-069 have already been reported.


II. Solution

  Apply the security updates immediately by using Microsoft Update or
Windows Update.

    Microsoft Update
    https://www.update.microsoft.com/

    Windows Update
    https://windowsupdate.microsoft.com/


III. Reference Information

    Security Bulletin for December 2007
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-dec.mspx

    US-CERT Technical Cyber Security Alert TA07-345A
    Microsoft Updates for Multiple Vulnerabilities
    http://www.us-cert.gov/cas/techalerts/TA07-345A.html

    US-CERT Vulnerability Note (search by ms07-dec)
    http://www.kb.cert.org/vuls/byid?searchview&query=ms07-dec

  If you have any information regarding this matter, please contact us.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600  FAX: 03-3518-4602
http://www.jpcert.or.jp/

Top

Privacy Policy

TOP

About JPCERT/CC

Incident Response

Vulnerability Handling

Control System Security

Documents

Published information

APCERT

What's new !!

Related organizations

Dec 2007 Microsoft Security Bulletin (including three critical patches)