Security Bulletin: February Update
Here is an overview of these new February 2007 security bulletins:
MAXIMUM SEVERITY |
BULLETIN NUMBER |
AFFECTED PRODUCTS or COMPONENTS |
IMPACT |
Important |
MS07-005 |
Step-by-Step Interactive Training |
Remote Code Execution |
Important |
MS07-006 |
Windows Shell |
Elevation of Privilege |
Important |
MS07-007 |
Windows Image Acquisition Service |
Elevation of Privilege |
Critical |
MS07-008 |
HTML Help ActiveX Control |
Remote Code Execution |
Critical |
MS07-009 |
Microsoft Data Access Components |
Remote Code Execution |
Critical |
MS07-010 |
Microsoft Malware Protection Engine |
Remote Code Execution |
Important |
MS07-011 |
Microsoft OLE Dialog Could |
Remote Code Execution |
Important |
MS07-012 |
Microsoft MFC |
Remote Code Execution |
Important |
MS07-013 |
Microsoft RichEdit |
Remote Code Execution |
Critical |
MS07-014 |
Microsoft Word |
Remote Code Execution |
Critical |
MS07-015 |
Microsoft Office |
Remote Code Execution |
Critical |
MS07-016 |
Internet Explorer |
Remote Code Execution |
All recent updates are available for download here.
Summaries for these new bulletins may be found at the following pages:
https://www.microsoft.com/technet/security/bulletin/ms07-feb.mspx
Microsoft continues to urge all customers to update to the latest version of Windows XP, Windows XP Service Pack 2 with Advanced Security Technologies. More information is available at https://www.microsoft.com/security/. We also encourage customers to deploy Windows Server 2003 Service Pack 1 which provides customers with significant security enhancements and reliability and performance improvements. More information about Windows Server 2003 Service Pack 1 is available at https://www.microsoft.com/technet/downloads/winsrvr/servicepacks/sp1/.
Microsoft recommends that all customers sign up for Microsoft Update (MU) and enable its Automatic Updates functionality to receive all updates available this month and to help make their systems more secure. MU is a service offered at no charge that gives customers everything they get through Windows Update (WU), plus high priority updates for Office and other Microsoft applications. MU includes the Automatic Updates functionality already found in WU so users can choose to automatically install high-priority updates. Customers can sign up for MU by following the steps at: https://update.microsoft.com/microsoftupdate.
Additional Resources
Microsoft encourages system administrators to join the monthly technical webcast to learn more about this month’s security updates, the Malicious Software Removal Tool and the TechNet IT Pro Security Newsletter column on Principles of Patch Management. The webcast is scheduled for
Wednesday, February 14th, 2006 at 11:00 AM PDT. Registration is available here.
I encourage you to review all the bulletins for applicability in your environment and take appropriate action as soon as possible. Feel free to contact me with any questions.
Cheers, Jeffa