July 2007 Microsoft Security Bulletin Release
Microsoft has released the following security bulletins for newly discovered vulnerabilities:
Bulletin Number |
Maximum Severity |
Affected Products |
Impact |
MS07-036 |
Critical |
All currently supported versions of Microsoft Office |
Remote Code Execution |
MS07-037 |
Important |
Publisher 2007 |
Remote Code Execution |
MS07-038 |
Moderate |
Windows Vista |
Information Disclosure |
MS07-039 |
Critical |
Windows 2000 servers, Windows Server 2003 |
Remote Code Execution |
MS07-040 |
Critical |
.NET Framework 1.0, 1.1, 2.0 |
Remote Code Execution |
MS07-041 |
Important |
Windows XP SP2 with IIS 5.1 installed |
Remote Code Execution |
Summaries for these new bulletins may be found at the following pages:
https://www.microsoft.com/technet/security/bulletin/ms07-Jul.mspx
Re-released Security Bulletins
MS06-078: Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)
Notes on the re-release of MS06-078:
- The security update for Windows Media Player 6.4 (KB925398) did not correctly install on Windows Server 2003 Service Pack 2. A revised security update is now available to install on Windows Server 2003 Service Pack 2 (KB925398).
- No changes have been made to the files in the security update. This is a package change only to install on Windows Server 2003 Service Pack 2.
- Microsoft recommends that customers apply the update immediately. No action is required on systems where the security update has been successfully installed.
· Known issues documented in Microsoft Knowledge Base Article 933065 and Microsoft Knowledge Base Article 933066 are resolved. No action is required on systems where the security update has been successfully installed.
· Customers who did experience this known issue and did not install this security update will be reoffered the security update included with this security bulletin
More Information on MS06-078 - Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689):
https://www.microsoft.com/technet/security/bulletin/MS06-078.mspx
Microsoft Windows Malicious Software Removal Tool
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here:
https://go.microsoft.com/fwlink/?LinkId=40573
High-Priority Non-Security Updates on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS)
Microsoft is today also releasing High-Priority NON-SECURITY updates on WU, MU, SUS and WSUS. For complete details on non-security updates being released today please review the following KB Article:
Description of SUS and WSUS changes in content for 2007:
https://support.microsoft.com/?id=894199
TechNet Webcast:
· Title: Information about Microsoft July Security Bulletins (Level 200)
· When: Wednesday, July 11, 2007 11:00 AM Pacific Time (US & Canada)
· URL: https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032343783
· Replay: https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032343783
Security Bulletin Technical Details
In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit Microsoft Support Lifecycle.
MS07-036
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
MS07-037
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
MS07-038
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
MS07-039
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
MS07-040
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
MS07-041
Bulletin Identifier |
Microsoft Security Bulletin MS07-041 |
|---|---|
Bulletin Title |
Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373) |
Executive Summary |
This important security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if an attacker sent specially crafted URL requests to a Web page hosted by Internet Information Services (IIS) 5.1 on Windows XP Professional Service Pack 2. IIS 5.1 is not part of a default install of Windows XP Professional Service Pack 2. An attacker who successfully exploited this vulnerability could take complete control of the affected system. |
Maximum Severity Rating |
|
Impact of Vulnerability |
Remote Code Execution |
Detection |
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will require a restart. |
Affected Software |
Windows XP Professional. For more information, see the Affected Software section of the bulletin at the link below. |
Restart Requirement |
You must restart your system after you apply this security update. |
Removal Information |
Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility. |
More information |
https://www.microsoft.com/technet/security/bulletin/MS07-041.mspx |
|
|
Re-Released Bulletin:
MS06-078: Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)
Notes on the re-release of MS06-078:
- The security update for Windows Media Player 6.4 (KB925398) did not correctly install on Windows Server 2003 Service Pack 2. A revised security update is now available to install on Windows Server 2003 Service Pack 2 (KB925398).
- No changes have been made to the files in the security update. This is a package change only to install on Windows Server 2003 Service Pack 2.
- Microsoft recommends that customers apply the update immediately. No action is required on systems where the security update has been successfully installed.
· Known issues documented in Microsoft Knowledge Base Article 933065 and Microsoft Knowledge Base Article 933066 are resolved. No action is required on systems where the security update has been successfully installed.
· Customers who did experience this known issue and did not install this security update will be reoffered the security update included with this security bulletin
More information on this re-released bulletin is available at: https://www.microsoft.com/technet/security/bulletin/MS06-078.mspx