


                                                   JPCERT-AT-2007-0021
                                                             JPCERT/CC
                                                      October 10, 2007

                 <<< JPCERT/CC Alert 2007-10-10 >>>

                  Oct 2007 Microsoft Security Bulletin
                    (including four critical patches)

                http://www.jpcert.or.jp/at/2007/at070021.txt

I. Overview

  Microsoft has released security bulletins for October 2007 which
include four "Critical" security updates.

  Exploitation of these vulnerabilities could allow a remote attacker
to execute arbitrary code.

    Security Bulletin for October 2007
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-oct.mspx

  Detailed information on each vulnerability is available from the
following URLs:

  [Critical Security Updates]

    MS07-055
    Vulnerability in Kodak Image Viewer Could Allow Remote Code
      Execution (923810)
    http://www.microsoft.com/japan/technet/security/bulletin/MS07-055.mspx

    MS07-056
    Security Update for Outlook Express and Windows Mail (941202)
    http://www.microsoft.com/japan/technet/security/bulletin/MS07-056.mspx

    MS07-057
    Cumulative Security Update for Internet Explorer (939653)
    http://www.microsoft.com/japan/technet/security/bulletin/MS07-057.mspx

    MS07-060
    Vulnerability in Microsoft Word Could Allow Remote Code Execution
      (942695)
    http://www.microsoft.com/japan/technet/security/bulletin/MS07-060.mspx


II. Solution

  Apply the security updates immediately by using Microsoft Update or
    Windows Update.

    Microsoft Update
    https://update.microsoft.com/microsoftupdate

    Windows Update
    https://windowsupdate.microsoft.com/

    Office Update
    http://office.microsoft.com/ja-jp/officeupdate/default.aspx

  Depending on the version of the product, updates may not be 
    available from Microsoft Update. Use Windows Update or Office 
    Update as needed.

  For example, to apply security updates for Office 2000, they need
    to be downloaded from Office Update. For details of operating
    systems supported by Microsoft Update, see "Security 
    Requirements" in the following URL:

    About Microsoft Update
    http://www.microsoft.com/japan/technet/prodtechnol/microsoftupdate/default.mspx


III. Reference Information

    US-CERT Technical Cyber Security Alert TA07-282A
    Microsoft Updates for Multiple Vulnerabilities
    http://www.us-cert.gov/cas/techalerts/TA07-282A.html

    Security Bulletin for October 2007
    http://www.microsoft.com/japan/technet/security/bulletin/ms07-oct.mspx

    Microsoft Update and other services: Frequently asked questions
    http://www.microsoft.com/japan/athome/security/protect/update.mspx
  

  If you have any information regarding this matter, please contact 
us.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600  FAX: 03-3518-4602
http://www.jpcert.or.jp/