JPCERT-AT-2007-0024 JPCERT/CC December 12, 2007 <<< JPCERT/CC Alert 2007-12-12 >>> Dec 2007 Microsoft Security Bulletin (including three critical patches) http://www.jpcert.or.jp/at/2007/at070024.txt I. Overview Microsoft has released security bulletins for December 2007 which include three "Critical" security updates. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code. Security Bulletin for December 2007 http://www.microsoft.com/japan/technet/security/bulletin/ms07-dec.mspx Detailed information on each vulnerability is available from the following URLs: [Critical Security Updates] MS07-064 Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) http://www.microsoft.com/japan/technet/security/bulletin/ms07-064.mspx MS07-068 Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275) http://www.microsoft.com/japan/technet/security/bulletin/ms07-068.mspx MS07-069 Cumulative Security Update for Internet Explorer (942615) http://www.microsoft.com/japan/technet/security/bulletin/ms07-069.mspx According to Microsoft, attacks exploiting the DHTML object memory corruption vulnerability fixed in MS07-069 have already been reported. II. Solution Apply the security updates immediately by using Microsoft Update or Windows Update. Microsoft Update https://www.update.microsoft.com/ Windows Update https://windowsupdate.microsoft.com/ III. Reference Information Security Bulletin for December 2007 http://www.microsoft.com/japan/technet/security/bulletin/ms07-dec.mspx US-CERT Technical Cyber Security Alert TA07-345A Microsoft Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA07-345A.html US-CERT Vulnerability Note (search by ms07-dec) http://www.kb.cert.org/vuls/byid?searchview&query=ms07-dec If you have any information regarding this matter, please contact us. ====================================================================== JPCERT Coordination Center (JPCERT/CC) MAIL: info@jpcert.or.jp TEL: 03-3518-4600 FAX: 03-3518-4602 http://www.jpcert.or.jp/