April 2007 Security Bulletins
This alert is to provide you with an overview of the new Security Bulletin being released on 10 April 2007.
New Security Bulletins
Microsoft is releasing the following security bulletins for newly discovered vulnerabilities:
Bulletin Number |
Maximum Severity |
Affected Products |
Impact |
MS07-018 |
Critical |
Content Management Server 2001 and Content Management Server 2002 |
Remote Code Execution |
MS07-019 |
Critical |
Windows XP |
Remote Code Execution |
MS07-020 |
Critical |
Windows 2000, Windows XP, Windows Server 2003 |
Remote Code Execution |
MS07-021 |
Critical |
All current versions of Microsoft Windows |
Remote Code Execution |
MS07-022 |
Important |
Windows 2000, Windows XP, Windows Server 2003 |
Elevation of Privilege |
Summaries for these new bulletins may be found at the following pages:
https://www.microsoft.com/technet/security/bulletin/ms07-Apr.mspx
Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable.
Microsoft Windows Malicious Software Removal Tool
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here:
https://go.microsoft.com/fwlink/?LinkId=40573
High-Priority Non-Security Updates on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS)
Microsoft is also releasing High-Priority NON-SECURITY updates today on WU, MU, SUS and WSUS. For complete details on non-security updates being released today please review the following KB Article:
https://support.microsoft.com/?id=894199
TechNet Webcast: Information about Microsoft April 2007 Security Bulletins (Level 200)
Wednesday, April, 11, 2007 at 11:00 AM PDT
https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032327017
The on-demand version of the Webcast will be available 24 hours after the live Webcast at:
https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032327017
******************************************************************
Security Bulletin Details
MS06-018
Title: Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939)
Executive Summary: This update resolves two newly discovered, privately reported vulnerabilities. Each vulnerability is documented in the "Vulnerability Details" section of this bulletin. We recommend that customers apply the update immediately.
Affected Software:
· Microsoft Content Management Server 2001 Service Pack 1
· Microsoft Content Management Server 2002 Service Pack 2
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart requirement: To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012 (https://support.microsoft.com/kb/887012).
Removal Information: After you install the update, you cannot remove it. To revert to an installation before the update was installed; you must remove the application, and then install it again from the original CD-ROM.
More information on this vulnerability is available at: https://www.microsoft.com/technet/security/bulletin/MS07-018.mspx
******************************************************************
MS06-019
Title: Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261)
Executive Summary: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. We recommend that customers apply the update immediately.
Affected Software:
· Microsoft Windows XP Service Pack 2
· Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
Non-Affected Software:
· Microsoft Windows 2000 Service Pack 4
· Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 Service Pack 2
· Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
· Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2
· Windows Vista
· Windows Vista x64 Edition
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: You must restart your system after you apply this security update. For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012 (https://support.microsoft.com/kb/887012).
Removal Information: To remove this security update, use the Add or Remove Programs tool in Control Panel. System administrators can also use the Spuninst.exe utility to remove this security update.
More information on this vulnerability is available at: https://www.microsoft.com/technet/security/bulletin/MS07-019.mspx
******************************************************************
MS06-020
Title: Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168)
Executive Summary: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. We recommend that customers apply the update immediately.
Affected Software:
· Microsoft Windows 2000 Service Pack 4
· Microsoft Windows XP Service Pack 2
· Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
· Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 and Microsoft Server 2003 Service Pack 2
· Microsoft Windows Server 2003 x64 Edition with Service Pack 1 and Microsoft Windows Server 2003 x64 Edition with Service Pack 2
· Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Non-Affected Software:
· Windows Vista
· Windows Vista x64 Edition
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: You must restart your system after you apply this security update. For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012 (https://support.microsoft.com/kb/887012).
Removal Information: To remove this security update, use the Add or Remove Programs tool in Control Panel. System administrators can also use the Spuninst.exe utility to remove this security update.
More information on this vulnerability is available at: https://www.microsoft.com/technet/security/bulletin/MS07-020.mspx
******************************************************************
MS06-021
Title: Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)
Executive Summary: This update resolves several newly discovered, privately and publicly disclosed vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update immediately.
Affected Software:
· Microsoft Windows 2000 Service Pack 4
· Microsoft Windows XP Service Pack 2
· Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
· Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 Service Pack 2
· Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
· Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2
· Windows Vista
· Windows Vista x64 Edition
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: You must restart your system after you apply this security update. For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012 (https://support.microsoft.com/kb/887012).
Removal Information:
· Windows 2000, Windows XP and Windows Server 2003: To remove this security update use the Add or Remove Programs tool in Control Panel. System administrators can also use the Spuninst.exe utility to remove this security update.
· Windows Vista: To remove this update, click Control Panel, click Security, then under Windows Update, click View installed updates and select from the list of updates.
More information on this vulnerability is available at: https://www.microsoft.com/technet/security/bulletin/MS07-021.mspx
******************************************************************
MS06-022
Title: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784)
Executive Summary: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update at the earliest opportunity.
Affected Software:
· Microsoft Windows 2000 Service Pack 4
· Microsoft Windows XP Service Pack 2
· Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft 2003 Service Pack 2
Non-Affected Software:
· Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
· Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2
· Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 and SP2 for Itanium-based Systems
· Windows Vista
· Windows Vista x64 Edition
Impact of Vulnerability: Elevation of Privilege
Maximum Severity Rating: Important
Restart Requirement: You must restart your system after you apply this security update. For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012 (https://support.microsoft.com/kb/887012).
Removal Information: To remove this security update, use the Add or Remove Programs tool in Control Panel. System administrators can also use the Spuninst.exe utility to remove this security update.
More information on this vulnerability is available at: https://www.microsoft.com/technet/security/bulletin/MS07-022.mspx
Comments
- Anonymous
March 19, 2008
PingBack from http://desktopcomputerreviewsblog.info/microsoft-office-support-blog-april-2007-security-bulletins/