Microsoft released 12 security updates for February, rating 6 of them as critical. Here's a brief description of each update; for more information, go to http://www.microsoft.com/technet/security/bulletin/ms07-feb.mspx
MS07-005: Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution.
This is a remote code execution vulnerability that could allow an attacker to compromise a computer. This bulletin replaces MS05-031.
Applies to: Step-by-Step Interactive Training installed on Windows 2000, XP, and Server 2003.
Recommendation: Microsoft rates this bulletin as important. If you use Step-by-Step Interactive Training, which is usually included in Microsoft Press titles, you should test and deploy this update as a part of your normal patch management cycle.
MS07-006: Vulnerability in Windows Shell Could Allow Elevation of Privilege.
This is an elevation-of-privilege vulnerability which could be used by someone with standard user privileges to gain administrator privileges. To exploit this vulnerability, the attacker must have direct access to the computer. This bulletin replaces MS06-045.
Applies to: Windows XP and Server 2003.
Recommendation: Microsoft rates this bulletin as important. You should test and deploy this update as a part of your normal patch management cycle.
MS07-007: Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege.
This is an elevation-of-privilege vulnerability which could be used by someone with standard user privileges to gain administrator privileges. To exploit this vulnerability, the attacker must have direct access to the computer.
Applies to: Windows 2000, XP, Server 2003, and Vista.
Recommendation: Microsoft rates this bulletin as important. You should test and deploy this update as a part of your normal patch management cycle.
MS07-008: Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution.
This remote-code-execution vulnerability could be exploited to take control of a computer. The severity of the threat is related to the rights of the currently logged on user. This bulletin replaces MS06-046.
Applies to: Windows 2000, XP, and Server 2003.
Recommendation: Microsoft rates this update as critical because the details of this vulnerability have been publicly reported. You should perform accelerated testing and deployment of this update on vulnerable systems.
MS07-009: Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution.
This remote-code-execution vulnerability could be used to take control of a computer. The severity of the threat is related to the rights of the currently logged on user. This bulletin replaces bulletin MS06-014.
Applies to: Microsoft Data Access Components (MDAC) on Windows 2000, XP, and Server 2003. X64 editions of XP and Server 2003 aren't vulnerable to this threat.
Recommendation: Microsoft rates this update as critical because the details of this vulnerability have been publicly reported. Microsoft recommends that all customers who use MDAC upgrade to version 2.8 Service Pack 1 (SP1). You should perform accelerated testing and deployment of this update on vulnerable systems.
MS07-010: Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution.
This is a remote-code-execution vulnerability that could be exploited to take control of an affected computer.
Applies to: Windows Live OneCare, Antigen for Exchange 9.x, Antigen for SMTP Gateway 9.x, Windows Defender, Microsoft Forefront Security for Exchange Server, and Microsoft Forefront Security for SharePoint.
Recommendation: Microsoft rates this update as critical because the details of this vulnerability have been publicly reported. Because this vulnerability is related to spyware and malware protection, you should perform accelerated testing and deployment of this update as soon as possible.
MS07-011: Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution.
This remote-code-execution vulnerability could be used to take control of a computer. The severity of the threat is related to the rights of the currently logged on user.
Applies to: Windows 2000, XP, and Server 2003.
Recommendation: Microsoft rates this bulletin as important. You should test and deploy this update as a part of your normal patch management cycle.
MS07-012: Vulnerability in Microsoft MFC Could Allow Remote Code Execution.
This remote-code-execution vulnerability could be used to take control of a computer. The severity of the threat is related to the rights of the currently logged on user.
Applies to: Windows 2000, XP, and Server 2003; Visual Studio .NET 2002 and 2003
Recommendation: Microsoft rates this bulletin as important. You should test and deploy this update as a part of your normal patch management cycle.
MS07-013: Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution.
This remote code execution vulnerability could be used to take control of a computer. The severity of the threat is related to the rights of the currently logged on user.
Applies to: Windows 2000, XP, and Server 2003; Office 2000, XP, 2003, and 2004 for Mac; Project 2000 and 2003; Visio 2002; Learning Essentials 1.0, 1.1, and 1.5.
Recommendation: Microsoft rates this bulletin as important. You should test and deploy this update as a part of your normal patch management cycle.
MS07-014: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution.
This update fixes a remote-code-execution vulnerability through which an attacker could gain control of a computer. This update replaces MS06-060.
Applies to: Office 2000, XP, 2003, and 2004 for Mac; Works 2004, 2005, and 2006.
Recommendation: Microsoft rates this vulnerability as critical because the details of this vulnerability have been publicly reported. You should perform accelerated testing and deployment of this update on vulnerable systems.
MS07-015: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution.
This update fixes a remote-code-execution vulnerability through which an attacker could gain control of a computer.
Applies to: Office 2000, XP, 2003, and 2004 for Mac; Project 2000 and 2002; Visio 2002.
Recommendation: Microsoft rates this vulnerability as critical because the details of this vulnerability have been publicly reported. You should perform accelerated testing and deployment of this update on vulnerable systems.
MS07-016: Cumulative Security Update for Internet Explorer.
This cumulative security update deals with remote-code-execution vulnerabilities. This update replaces previous update MS06-072.
Applies to: Internet Explorer (IE) 5.0, 6.0, and 7.0 on Windows 2000, XP, and Server 2003.
Recommendation: Microsoft rates this vulnerability as critical because the details of this vulnerability have been publicly reported. You should perform accelerated testing and deployment of this update on vulnerable systems.
End of Article
Register
