Security Bulletin: October 2007

It's that time again. Time for another round of security updates. Please see details below.

What is this alert?

This alert is to provide you with an overview of the new Security Bulletin being released on 09 October 2007.

New Security Bulletins

Microsoft is releasing the following six new security bulletins for newly discovered vulnerabilities:

 

Bulletin Number

Maximum Severity

Affected Products

Impact

MS07-055

Critical

Windows 2000, Windows XP, Windows Server 2003

Remote Code Execution

MS07-056

Critical

All currently supported versions of Windows

Remote Code Execution

MS07-057

Critical

All currently supported versions of Internet Explorer

Remote Code Execution

MS07-058

Important

All currently supported versions of Windows

Denial of Service

MS07-059

Important

Windows SharePoint Services 3.0, Office SharePoint Server 2007

Elevation of Privilege

MS07-060

Critical

Word 2000, Word 2002

Remote Code Execution

Summaries for these new bulletins may be found at the following pages:

https://www.microsoft.com/technet/security/bulletin/ms07-Oct.mspx

Re-released Security Bulletins

In addition, Microsoft is re-releasing the following security bulletin:

MS05-004 - ASP.NET Path Validation Vulnerability (887219)

https://www.microsoft.com/technet/security/bulletin/ms05-004.mspx

Microsoft updated security bulletin MS05-004 on 09 October 2007 to list Windows Server 2003 Service Pack 2 and Windows Vista as "Affected Software" for .NET Framework 1.0 Service Pack 3 KB886906 and .NET Framework 1.1 Service Pack 1 KB886903.

Customers are advised to review the information in these bulletins, test and deploy the updates immediately in their environments, if applicable.

Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here: https://go.microsoft.com/fwlink/?LinkId=40573

High-Priority Non-Security Updates

High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU) or Windows Server Update Services (WSUS) will be detailed in the following KB Article: https://support.microsoft.com/?id=894199

TechNet Webcast: Microsoft will host a Webcast to address customer questions on these bulletins:

Title: Information about Microsoft October Security Bulletins (Level 200)

Date: Wednesday, October 10th, 2007 11:00 AM Pacific Time (US & Canada)

URL: https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032344692

Replay: Available 24 hours after webcast - same URL

 

Technorati Tags: Security, Patches, Updates

Cheers, Jeffa