| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | june patches |
From: "Geo."
This is a multi-part message in MIME format.
------=_NextPart_000_0008_01C7ADBA.10D70DC0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Microsoft Releases Six New Security Bulletins=20
Microsoft released 6 new security bulletins in June and updated 2 prior =
security bulletins. Of the 6 June bulletins, 4 are rated Critical on =
Microsoft's severity rating system, though Shavlik believes that another =
bulletin (MS07-032) should also be rated Critical. =20
Five of the six bulletins deal with client side vulnerabilities, meaning =
the end user would need to initiate an action on their computer such as =
visiting a malicious website, opening malformed files, or reading evil =
emails in order for an exploit to occur. =20
For customers running Windows XP, Shavlik recommends patching MS07-031 =
first. This is a flaw in the Operating System that can allow an attacker =
to execute code on an XP system when a user visits an evil website using =
https (SSL). Hours after release of the security bulletin, exploit code =
for this vulnerability was released to the Internet.
For customers running Windows Vista, Shavlik recommends patching = MS07-032
(Vista) and MS07-034 (Outlook Express) as soon as possible, = followed
closely by MS07-033 (Internet Explorer). Shavlik believes that = MS07-032
should be rated Critical as it could allow unprivileged Vista = users to
obtain the administrative username and password for the Vista =
administrator. Contrary to Microsoft's bulletin, Shavlik also believes =
that this data can be retrieved remotely when combined with another = Vista
exploit (such as 07-033 or 07-044).
The following patches have been added to the Shavlik XML file:
Critical
MS07-031
Vulnerability in the Windows Schannel Security Package Could Allow = Remote
Code Execution (935840)=20
MS07-033
Cumulative Security Update for Internet Explorer (933566)=20 MS07-034=20
Cumulative Security Update for Outlook Express and Windows Mail (929123) =
MS07-035
Vulnerability in Win 32 API Could Allow Remote Code Execution (935839)=20
Important
MS07-030
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution = (927051)=20
Moderate=20
MS07-032
Vulnerability in Windows Vista Could Allow Information Disclosure = (931213) =20
Re-Released:=20
MS07-018
Patch for Content Management Server 2002 SP2 has been updated to address =
problems with the original patch.=20 MS07-012=20
Patches for Windows XP (x64) and Windows Server 2003 (all) have been =
updated to include Windows Server 2003 SP2 as an affected product.
Additional information about these new security bulletins can be found = on=20
Microsoft's TechNet Web site.=20
Shavlik's Bulletin Analysis=20
MS07-030: Vulnerabilities in Microsoft Visio Could Allow Remote Code =
Execution (927051)
http://www.microsoft.com/technet/security/Bulletin/MS07-030.mspx
Severity: Important
This is a client side vulnerability that impacts users running Visio = 2002
and Visio 2003. If the user opens an attacker's evil Visio file, an =
attacker can take control of the user's computer. However, the attacker =
will only have the same level of permissions on the system as the =
currently logged on user.
MS07-031: Vulnerability in the Windows Schannel Security Package Could =
Allow Remote Code Execution (935840)
http://www.microsoft.com/technet/security/Bulletin/MS07-031.mspx
Severity: Critical
If a user visits an evil website using https (SSL), the evil website may =
be able to crash the browser, crash the computer, or execute code on the =
system. Windows 2000 and Windows Server 2003 systems are less vulnerable =
as the attack would not be able to execute code on these systems. = Windows
XP systems, however, are more vulnerable as the attacker would = be able to
execute code. Shavlik recommends patching Windows XP systems = as soon as
possible.
MS07-032: Vulnerability in Windows Vista Could Allow Information =
Disclosure (931213)=20
http://www.microsoft.com/technet/security/Bulletin/MS07-032.mspx
Severity: Moderate
A logged on user on a Vista system may be able to access sensitive =
information on the Vista system, including the administrator's username =
and password or password equivalent. Microsoft states that systems which =
have been upgraded from Windows XP may offer more sensitive information =
than systems that performed fresh installations of Vista. The patch =
secures the 'information store' so that lower privileged users won't = have
access to this data.
While Microsoft claims this is of Moderate severity, Shavlik believes =
this should be rated Critical for Vista systems. Further, Shavlik =
believes it may be possible for attackers to retrieve this information =
remotely when combined with another Vista exploit. Shavlik recommends =
installing this patch immediately to all Vista systems.
MS07-033: Cumulative Security Update for Internet Explorer (933566)=20
http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx
Severity: Critical
This Internet Explorer patch impacts all Operating Systems (Windows 2000 =
through Vista) and addresses 6 flaws in the browser. The patch is =
applicable to all current browser releases, including Internet Explorer =
7.
Of the 6 vulnerabilities, one of these vulnerabilities was publicly = known
prior to the patch release. Like prior IE vulnerabilities, if a = user
visits an attacker's web page, the attacker may execute evil code = on the
user's computer. Shavlik recommends installing this patch as soon = as
possible on client systems.
MS07-034: Cumulative Security Update for Outlook Express and Windows = Mail (929123)
http://www.microsoft.com/technet/security/Bulletin/MS07-034.mspx
Severity: Critical
This patch corrects several vulnerabilities in Outlook Express (part of =
Internet Explorer) that could allow an attacker complete control of ther =
user's system. Users running Vista are at greatest risk - clicking on a =
received email in Outlook Express could allow the attacker to execute =
code on the Vista system. Users on earlier Operating Systems that click =
on a malicious email may allow an attacker to access information from =
their system, but are safe from evil code execution.
MS07-035: Vulnerability in Win 32 API Could Allow Remote Code Execution = (935839)=20
http://www.microsoft.com/technet/security/Bulletin/MS07-035.mspx
Severity: Critical
An Operating System vulnerability exists on Windows 2000, XP, and = Windows
Server 2003 systems that would allow an attacker to execute code = on a
user's system. In this instance, the user would need to either = visit the
attacker's website or execute a custom (evil) application on = their local
system. Microsoft is not aware of any public exploits for = this
vulnerability.
------=_NextPart_000_0008_01C7ADBA.10D70DC0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Microsoft Releases Six New Security Bulletins
Microsoft released 6 new security bulletins in June and =
updated 2=20
prior security bulletins. Of the 6 June bulletins, 4 are rated Critical = on=20
Microsoft's severity rating system, though Shavlik believes that another =
bulletin (MS07-032) should also be rated Critical.
Five of the six bulletins deal with client side =
vulnerabilities,=20
meaning the end user would need to initiate an action on their computer = such as=20
visiting a malicious website, opening malformed files, or reading evil = emails in=20
order for an exploit to occur.
For customers running Windows XP, Shavlik recommends =
patching=20
MS07-031 first. This is a flaw in the Operating System that can allow an =
attacker to execute code on an XP system when a user visits an evil = website=20
using https (SSL). Hours after release of the security bulletin, exploit = code=20
for this vulnerability was released to the Internet.
For customers running Windows Vista, Shavlik recommends =
patching=20
MS07-032 (Vista) and MS07-034 (Outlook Express) as soon as possible, = followed=20
closely by MS07-033 (Internet Explorer). Shavlik believes that MS07-032 = should=20
be rated Critical as it could allow unprivileged Vista users to obtain = the=20
administrative username and password for the Vista administrator. = Contrary to=20
Microsoft's bulletin, Shavlik also believes that this data can be = retrieved=20
remotely when combined with another Vista exploit (such as 07-033 or=20
07-044).
The following patches have been added to the Shavlik XML =
file:Critical * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)SEEN-BY: 633/267 5030/786 @PATH: 379/45 1 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.