JPCERT-AT-2007-0018 JPCERT/CC August 15, 2007 <<< JPCERT/CC Alert 2007-08-15 >>> Aug 2007 Microsoft Security Bulletin (including six critical patches) http://www.jpcert.or.jp/at/2007/at070018.txt I. Overview Microsoft has released security bulletins for August 2007 which include six "Critical" security updates. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code. Security Bulletin for August 2007 http://www.microsoft.com/japan/technet/security/bulletin/ms07-aug.mspx Detailed information on each vulnerability is available from the following URLs: [Critical Security Updates] MS07-042 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227) http://www.microsoft.com/japan/technet/security/bulletin/MS07-042.mspx MS07-043 Vulnerability in OLE Automation Could Allow Remote Code Execution (921503) http://www.microsoft.com/japan/technet/security/bulletin/MS07-043.mspx MS07-044 Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965) http://www.microsoft.com/japan/technet/security/bulletin/MS07-044.mspx MS07-045 Cumulative Security Update for Internet Explorer (937143) http://www.microsoft.com/japan/technet/security/bulletin/MS07-045.mspx MS07-046 Vulnerability in GDI Could Allow Remote Code Execution (938829) http://www.microsoft.com/japan/technet/security/bulletin/MS07-046.mspx MS07-050 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127) http://www.microsoft.com/japan/technet/security/bulletin/MS07-050.mspx II. Solution Apply the security updates immediately by using Microsoft Update or Windows Update. Microsoft Update https://update.microsoft.com/microsoftupdate Windows Update https://windowsupdate.microsoft.com/ Office Update http://office.microsoft.com/ja-jp/officeupdate/default.aspx Depending on the version of the product, updates may not be available from Microsoft Update. Use Windows Update or Office Update as needed. For example, to apply security updates for Office 2000, they need to be downloaded from Office Update. For details of operating systems supported by Microsoft Update, see "Security Requirements" in the following URL: About Microsoft Update http://www.microsoft.com/japan/technet/prodtechnol/microsoftupdate/default.mspx III. Reference Information US-CERT Technical Cyber Security Alert TA07-226A Microsoft Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA07-226A.html Security Bulletin for August 2007 http://www.microsoft.com/japan/technet/security/bulletin/ms07-aug.mspx Microsoft Update and other services: Frequently asked questions http://www.microsoft.com/japan/athome/security/protect/update.mspx US-CERT Vulnerability Note VU#640136 Microsoft GDI Windows Metafile AttemptWrite integer overflow http://www.kb.cert.org/vuls/id/640136 US-CERT Vulnerability Note VU#468800 Microsoft Windows VML compressed content integer underflow http://www.kb.cert.org/vuls/id/468800 US-CERT Vulnerability Note VU#361968 Microsoft XML Core Services fails to properly validate input http://www.kb.cert.org/vuls/id/361968 If you have any information regarding this matter, please contact us. ====================================================================== JPCERT Coordination Center (JPCERT/CC) MAIL: info@jpcert.or.jp TEL: 03-3518-4600 FAX: 03-3518-4602 http://www.jpcert.or.jp/