August 2007 Monthly Bulletin Release
I’m Simon, Release Manager in the MSRC. The August release contains 9 new bulletins, 6 of which have maximum severities of “Critical”.
MS07-042 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
MS07-043 Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)
MS07-044 Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)
MS07-045 Cumulative Security Update for Internet Explorer (937143)
MS07-046 Vulnerability in GDI Could Allow Remote Code Execution (938829)
MS07-047 Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)
MS07-048 Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)
MS07-049 Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
MS07-050 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)
Additionally we are re-releasing one bulletin:
MS07-038 Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807) – This is a detection-only change, to address the situation where a missing Firewall Logging Directory would cause the update installation to fail. There’s no change to the update binaries, so if you have already successfully installed this update, you do not need to reinstall it.
Please refer to the bulletin revision notes for more detail.
Also today we released Microsoft Security Advisory (932596). This is to let customers who run x64-based Windows operating systems know about an update to Kernel Patch Protection that is available. The update adds additional checks to Kernel Patch Protection for increased reliability, performance and security. Please see the security advisory and associated KB for more information.
Just as a reminder, support for Software Update Services (SUS) 1.0 ended last month on Tuesday, July 10, 2007. As support and update content availability for SUS 1.0 is no longer available, we encourage our customers to utilize Windows Server Update Services (WSUS) 2.0 or 3.0 as it supports updating a broader set of Microsoft products. For more information on SUS 1.0 and its lifecycle and some of the improvements to WSUS 2.0 and 3.0, please check out KB Article 905682.
Also, please join us for the regular monthly security bulletin webcast, Wednesday August 15 11:00 AM PT (GMT -8). We’ll have an overview of the August bulletins, and you’ll have the opportunity to ask us questions around the release. You can register for this here:
Cheers,
Simon
*This posting is provided “AS IS” with no warranties, and confers no rights.*