JPCERT-AT-2007-0010
JPCERT/CC
April 11, 2007
<<< JPCERT/CC Alert 2007-04-11 >>>
April 2007 Microsoft Security Bulletin
(including five critical patches)
http://www.jpcert.or.jp/at/2007/at070010.txt
I. Overview
Microsoft has released security bulletins for April 2007 which
include five "Critical" and one "Important" security updates.
Exploitation of these vulnerabilities could allow a remote attacker
to execute arbitrary code.
Security Bulletin for April 2007
http://www.microsoft.com/japan/technet/security/bulletin/ms07-apr.mspx
Detailed information on each vulnerability is available from the
following URLs:
[Critical Security Updates]
MS07-017
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
http://www.microsoft.com/japan/technet/security/bulletin/ms07-017.mspx
MS07-018
Vulnerabilities in Microsoft Content Management Server Could Allow
Remote Code Execution (925939)
http://www.microsoft.com/japan/technet/security/bulletin/ms07-018.mspx
MS07-019
Vulnerability in Universal Plug and Play Could Allow Remote Code
Execution (931261)
http://www.microsoft.com/japan/technet/security/bulletin/ms07-019.mspx
MS07-020
Vulnerability in Microsoft Agent Could Allow Remote Code Execution
(932168)
http://www.microsoft.com/japan/technet/security/bulletin/ms07-020.mspx
MS07-021
Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)
http://www.microsoft.com/japan/technet/security/bulletin/ms07-021.mspx
[Important Security Updates]
MS07-022
Vulnerability in Windows Kernel Could Allow Elevation of Privilege
(931784)
http://www.microsoft.com/japan/technet/security/bulletin/ms07-022.mspx
The patches released this time include a security update for the vulnerability discussed in the following Security Advisory released by Microsoft:
Microsoft Security Advisory (935423)
Vulnerability in Windows Animated Cursor Handling
http://www.microsoft.com/japan/technet/security/advisory/935423.mspx
II. Solution
Apply the security updates immediately by using Microsoft Update or
Windows Update.
Microsoft Update
https://update.microsoft.com/microsoftupdate
Windows Update
https://windowsupdate.microsoft.com/
Depending on the version of the product, updates may not be
available from Microsoft Update. Use Windows Update or Office Update as needed.
About Microsoft Update
http://www.microsoft.com/japan/technet/prodtechnol/microsoftupdate/default.mspx
III. Reference Information
JP Vendor Status Notes JVNTA07-100A
Multiple Vulnerabilities in Microsoft Products
http://jvn.jp/cert/JVNTA07-100A/index.html
Security Bulletin for April 2007
http://www.microsoft.com/japan/technet/security/bulletin/ms07-apr.mspx
Microsoft Update and other services: Frequently asked questions
http://www.microsoft.com/japan/athome/security/protect/update.mspx
Microsoft Updates for Multiple Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA07-100A.html
Vulnerability Note VU#728057
Microsoft Windows Agent fails to properly process crafted URLs
http://www.kb.cert.org/vuls/id/728057
Vulnerability Note VU#219848
Microsoft Windows Vista CSRSS privilege escalation vulnerability
http://www.kb.cert.org/vuls/id/219848
Vulnerability Note VU#740636
Microsoft Windows CSRSS error handling vulnerability
http://www.kb.cert.org/vuls/id/740636
Vulnerability Note VU#337953
Microsoft Windows Kernel vulnerable to privilege escalation
http://www.kb.cert.org/vuls/id/337953
Vulnerability Note VU#191609
Microsoft Windows animated cursor stack buffer overflow
http://www.kb.cert.org/vuls/id/191609
@police
About Microsoft security updates
(MS07-017 updated, 018, 019, 020, 021, and 022)
http://www.cyberpolice.go.jp/important/2007/20070411_041114.html
If you have any information regarding this matter, please contact us.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600 FAX: 03-3518-4602
http://www.jpcert.or.jp/
Top