JPCERT-AT-2007-0018
JPCERT/CC
August 15, 2007
<<< JPCERT/CC Alert 2007-08-15 >>>
Aug 2007 Microsoft Security Bulletin
(including six critical patches)
http://www.jpcert.or.jp/at/2007/at070018.txt
I. Overview
Microsoft has released security bulletins for August 2007 which
include six "Critical" security updates.
Exploitation of these vulnerabilities could allow a remote attacker
to execute arbitrary code.
Security Bulletin for August 2007
http://www.microsoft.com/japan/technet/security/bulletin/ms07-aug.mspx
Detailed information on each vulnerability is available from the
following URLs:
[Critical Security Updates]
MS07-042
Vulnerability in Microsoft XML Core Services Could Allow Remote
Code Execution (936227)
http://www.microsoft.com/japan/technet/security/bulletin/MS07-042.mspx
MS07-043
Vulnerability in OLE Automation Could Allow Remote Code Execution
(921503)
http://www.microsoft.com/japan/technet/security/bulletin/MS07-043.mspx
MS07-044
Vulnerability in Microsoft Excel Could Allow Remote Code
Execution (940965)
http://www.microsoft.com/japan/technet/security/bulletin/MS07-044.mspx
MS07-045
Cumulative Security Update for Internet Explorer (937143)
http://www.microsoft.com/japan/technet/security/bulletin/MS07-045.mspx
MS07-046
Vulnerability in GDI Could Allow Remote Code Execution (938829)
http://www.microsoft.com/japan/technet/security/bulletin/MS07-046.mspx
MS07-050
Vulnerability in Vector Markup Language Could Allow Remote Code
Execution (938127)
http://www.microsoft.com/japan/technet/security/bulletin/MS07-050.mspx
II. Solution
Apply the security updates immediately by using Microsoft Update or
Windows Update.
Microsoft Update
https://update.microsoft.com/microsoftupdate
Windows Update
https://windowsupdate.microsoft.com/
Office Update
http://office.microsoft.com/ja-jp/officeupdate/default.aspx
Depending on the version of the product, updates may not be
available from Microsoft Update. Use Windows Update or Office Update
as needed.
For example, to apply security updates for Office 2000, they need
to be downloaded from Office Update. For details of operating systems
supported by Microsoft Update, see "Security Requirements" in the
following URL:
About Microsoft Update
http://www.microsoft.com/japan/technet/prodtechnol/microsoftupdate/default.mspx
III. Reference Information
US-CERT Technical Cyber Security Alert TA07-226A
Microsoft Updates for Multiple Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA07-226A.html
Security Bulletin for August 2007
http://www.microsoft.com/japan/technet/security/bulletin/ms07-aug.mspx
Microsoft Update and other services: Frequently asked questions
http://www.microsoft.com/japan/athome/security/protect/update.mspx
US-CERT Vulnerability Note VU#640136
Microsoft GDI Windows Metafile AttemptWrite integer overflow
http://www.kb.cert.org/vuls/id/640136
US-CERT Vulnerability Note VU#468800
Microsoft Windows VML compressed content integer underflow
http://www.kb.cert.org/vuls/id/468800
US-CERT Vulnerability Note VU#361968
Microsoft XML Core Services fails to properly validate input
http://www.kb.cert.org/vuls/id/361968
If you have any information regarding this matter, please contact us.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600 FAX: 03-3518-4602
http://www.jpcert.or.jp/
Top