Bink.nu | Microsoft Security Bulletin Summary for May 2007, DNS fix!

Home

Forums

Photos

Downloads

About Bink.nu

Order Now!

Windows 7 for XP Professionals
Updating Support Skills from XP to Windows 7
by Bink.nu's Raymond Comvalius

There are 92 guest(s) online.

There are 0 member(s) online.

Posted by Steven Bink May 8, 2007 6:03 PM with 3 comment(s)

Filed under: Security

All Critical!

Bulletin Identifier	Microsoft Security Bulletin MS07-023
Bulletin Title	Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)
Executive Summary	This update resolves vulnerabilities in Microsoft Excel that could allow remote code execution.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software	Office. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS07-024
Bulletin Title	Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)
Executive Summary	This update resolves vulnerabilities in Microsoft Word that could allow remote code execution.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software	Office. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS07-025
Bulletin Title	Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)
Executive Summary	This update resolves a vulnerability in Microsoft Office that could allow remote code execution.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software	Office. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS07-026
Bulletin Title	Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)
Executive Summary	This update resolves vulnerabilities in Microsoft Exchange that could allow remote code execution.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software	Exchange. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS07-027
Bulletin Title	Cumulative Security Update for Internet Explorer (931768)
Executive Summary	This update resolves vulnerabilities in Internet Explorer that could allow remote code execution.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software	Internet Explorer. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS07-028
Bulletin Title	Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)
Executive Summary	This update resolves a vulnerability in the Cryptographic API Component Object Model (CAPICOM) that could allow remote code execution.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software	CAPICOM, BizTalk. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS07-029
Bulletin Title	Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution (935966)
Executive Summary	This update resolves a vulnerability in RPC on Windows DNS Server that could allow remote code execution.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.
Affected Software	Windows. For more information, see the Affected Software and Download Locations section.

2261 Views

Source: In House

	Forest said: Does anybody knows what's happened to KB931768 update? It is impossible to download it through Automatic Update Service... No info-page at Microsft...??? May 8, 2007 10:10 PM
	Zer0kbps said: My Edge DNS server got attacked and explioted, all from DNS, it was firewalled but that never stopped hacker gimp from getting in and running performance tests. It was fully up to date, virus guard installed, firewall running and they managed to install and run code,,, gits May 9, 2007 10:16 AM
	GP007 said: It's true that the DNS bug is a nasty one. I don't know how long MS knew about it, or how long it took them to fix it. But the thing is, since it's in a key part of the system, if you issue a patch, and don't test it enough, then it ends up breaking DNS insted of fixing it, you'll have even more problems to deal with. Sometimes you have to take that extra week or two and test things out fully and then sign off on them. Hopefully with windows becoming more and more moduler in design, updates can be made and tested faster than they are now. May 9, 2007 2:37 PM

About Steven Bink

Founder of Bink.nu