


                                                  JPCERT-AT-2007-0017
                                                            JPCERT/CC
                                                            July 11, 2007


                 <<< JPCERT/CC Alert 2007-07-11 >>>

                   July 2007 Microsoft Security Bulletin
                    (including three critical patches)

                  http://www.jpcert.or.jp/at/2007/at070017.txt

I. Overview

  Microsoft has released security bulletins for July 2007 which
include three "Critical" security updates.

  Exploitation of these vulnerabilities could allow a remote attacker
to execute arbitrary code.

    Security Bulletin for July 2007
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-jul.mspx

  Detailed information on each vulnerability is available from the
following URLs:

  [Critical Security Updates]

    MS07-036
    Vulnerabilities in Microsoft Excel Could Allow Remote Code
      Execution (936542)
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-036.mspx

    MS07-039
    Vulnerability in Windows Active Directory Could Allow Remote Code
      Execution (926122)
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-039.mspx

    MS07-040
    Vulnerabilities in .NET Framework Could Allow Remote Code 
      Execution (931212)
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-040.mspx


II. Solution

  Apply the security updates immediately by using Microsoft Update or
Windows Update.

    Microsoft Update
    https://update.microsoft.com/microsoftupdate

    Windows Update
    https://windowsupdate.microsoft.com/

    Office Update
    http://office.microsoft.com/ja-jp/officeupdate/default.aspx

  Depending on the version of the product, updates may not be 
available from Microsoft Update. Use Windows Update or Office Update
as needed.

  For example, to apply security updates for Office 2000, they need
to be downloaded from Office Update. For details of operating systems
supported by Microsoft Update, see "Security Requirements" in the
following URL:

    About Microsoft Update
    http://www.microsoft.com/japan/technet/prodtechnol/microsoftupdate/default.mspx


III. Reference Information

    JP Vendor Status Notes JVNTA07-191A
    Multiple Vulnerabilities in Microsoft Products
    http://jvn.jp/cert/JVNTA07-191A/index.html

    Security Bulletin for July 2007
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-jul.mspx

    Microsoft Update and other services: Frequently asked questions
    http://www.microsoft.com/japan/athome/security/protect/update.mspx

    US-CERT Vulnerability Note VU#487905
    Microsoft Windows Active Directory fails to properly validate LDAP
      requests
    http://www.kb.cert.org/vuls/id/487905

    US-CERT Vulnerability Note VU#101321
    Microsoft Windows Vista firewall bypass vulnerability
    http://www.kb.cert.org/vuls/id/101321

    @police
    About Microsoft security updates
    (MS07-036, 037, 038, 039, 040, 041) (July 11)
    http://www.cyberpolice.go.jp/important/2007/20070711_044737.html


  If you have any information regarding this matter, please contact us.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600  FAX: 03-3518-4602
http://www.jpcert.or.jp/