Security Bulletin: October 2007

It’s that time again.  Time for another round of security updates.  Please see details below.

What is this alert?

This alert is to provide you with an overview of the new Security Bulletin being released on 09 October 2007.


New Security Bulletins


Microsoft is releasing the following six new security bulletins for newly discovered vulnerabilities:


Bulletin Number

Maximum Severity

Affected Products




Windows 2000, Windows XP, Windows Server 2003

Remote Code Execution



All currently supported versions of Windows

Remote Code Execution



All currently supported versions of Internet Explorer

Remote Code Execution



All currently supported versions of Windows

Denial of Service



Windows SharePoint Services 3.0, Office SharePoint Server 2007

Elevation of Privilege



Word 2000, Word 2002

Remote Code Execution


Summaries for these new bulletins may be found at the following pages: 


Re-released Security Bulletins


In addition, Microsoft is re-releasing the following security bulletin:

MS05-004 – ASP.NET Path Validation Vulnerability (887219) 


Microsoft updated security bulletin MS05-004 on 09 October 2007 to list Windows Server 2003 Service Pack 2 and Windows Vista as “Affected Software” for .NET Framework 1.0 Service Pack 3 KB886906 and .NET Framework 1.1 Service Pack 1 KB886903. 


Customers are advised to review the information in these bulletins, test and deploy the updates immediately in their environments, if applicable.


Microsoft Windows Malicious Software Removal Tool


Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here:


High-Priority Non-Security Updates


High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU) or Windows Server Update Services (WSUS) will be detailed in the following KB Article:



TechNet Webcast: Microsoft will host a Webcast to address customer questions on these bulletins:


Title: Information about Microsoft October Security Bulletins (Level 200)

Date: Wednesday, October 10th, 2007 11:00 AM Pacific Time (US & Canada)


Replay:  Available 24 hours after webcast – same URL


Technorati Tags: , ,

Cheers, Jeffa

Comments (1)

  1. Rich says:

    Hi Jeffa,

    When my computer restarted – presumably after the patches were installed – on Tuesday my Windows XP (Media Center 2002) failed to start. When I tried choosing any of the options (Start Windows, Go back to last good configuration, Safe Mode, etc.) the same options screen would inevitably appear after a few seconds. Do you have any suggestions for resolving this issue?