Zazula

On 13 February 2007 Microsoft is planning to release:

Security Updates
. Five Microsoft Security Bulletins affecting Microsoft Windows.
The highest Maximum Severity rating for these is Critical. These
updates will be detectable using the Microsoft Baseline Security
Analyzer. Some of these updates will require a restart.

. Two Microsoft Security Bulletins affecting Microsoft Office.
The highest Maximum Severity rating for these is Critical. These
updates will be detectable using the Microsoft Baseline Security
Analyzer. These updates may require a restart.

. One Microsoft Security Bulletin affecting Microsoft Windows
and Microsoft Visual Studio. The highest Maximum Severity rating for
this is Important. These updates will be detectable using the
Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.
These updates will require a restart.

. One Microsoft Security Bulletin affecting Microsoft Windows
and Microsoft Office. The highest Maximum Severity rating for this
is Important. These updates will be detectable using the Microsoft
Baseline Security Analyzer. These updates may require a restart.

. One Microsoft Security Bulletin affecting Step-by-Step
Interactive Training. The highest Maximum Severity rating for this
is Important. These updates will be detectable using the Microsoft
Baseline Security Analyzer and the Enterprise Scan Tool. These
updates may require a restart.

. One Microsoft Security Bulletin affecting Microsoft Data
Access Components. The highest Maximum Severity rating for this is
Critical. These updates will be detectable using the Microsoft
Baseline Security Analyzer and the Enterprise Scan Tool. These
updates may require a restart.

. One Microsoft Security Bulletin affecting Windows Live
OneCare, Microsoft Antigen, Microsoft Windows Defender, and
Microsoft ForeFront. The highest Maximum Severity rating for these
is Critical. These products provide built-in mechanisms for
automatic detection and deployment of updates. Some of these updates
may require a restart.

Microsoft Windows Malicious Software Removal Tool
. Microsoft will release an updated version of the Microsoft
Windows Malicious Software Removal Tool on Windows Update, Microsoft
Update, Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update
Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS
. Microsoft will release 2 NON-SECURITY High-Priority Updates
for Windows on Windows Update (WU) and Software Update Services
(SUS).

. Microsoft will release 8 NON-SECURITY High-Priority Updates on
Microsoft Update (MU) and Windows Server Update Services (WSUS).

The number of bulletins, products affected, restart information and severities are subject to change until released.

Microsoft will host a webcast next week to address customer
questions on these bulletins. For more information on this webcast
please see below:
http://msevents.microsoft.com/CUI/We...CountryCode=US

At this time no additional information on these bulletins such as
details regarding severity or details regarding the vulnerability
will be made available until 13 February 2007.

Zazula

Microsoft Security Bulletin Summary for February, 2007

Included in this advisory are updates for newly discovered vulnerabilities. These vulnerabilities, broken down by severity, are:

CRITICAL = 6

MS07-008 - Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843)
Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

MS07-009 - Vulnerability in Microsoft Data Access Components (MDAC) Function Could Allow Remote Code Execution (927779)
Affected Software:
- Windows 2000 SP4
- Windows XP SP2
- Windows Server 2003
- Windows Server 2003 on Itanium-based Systems

MS07-010 - Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135)
Affected Software:
- Windows Live OneCare
- Microsoft Antigen for Exchange 9.x
- Microsoft Antigen for SMTP Gateways 9.x
- Microsoft Windows Defender
- Microsoft Windows Defender x64 Edition
- Microsoft Windows Defender in Windows Vista
- Microsoft Forefront Security for Exchange Server
- Microsoft Forefront Security for SharePoint

MS07-014 - Vulnerability in Microsoft Word Could Allow Remote Code Execution (929434)
Affected Software:
- Office 2000 Service Pack 3
- Office XP Service Pack 3
- Office System 2003
- Microsoft Office 2004 for Mac
- Microsoft Office v.X for Mac
- Microsoft Works Suites 2004, 2005, and 2006

MS07-015 - Vulnerabilities is Microsoft Office Could Allow Remote Code Execution (932554)
Affected Software:
- Office 2000 Service Pack 3
- Office XP Service Pack 3
- Office 2003 Service Pack 2
- Microsoft Office 2004 for Mac

MS07-016 - Cumulative Security Update for Internet (928090)
Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

IMPORTANT = 6

MS07-005 - Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)
Affected Software:
- Windows 2000 SP4
- Windows XP SP2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 SP1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

MS07-006 - Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)
Affected Software:
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

MS07-007 - Vulnerability in Windows Image Acquisition Service Could Allow Remote Code Execution (927802)
Affected Software:
- Windows XP Service Pack 2

MS07-011 - Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436)
Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

MS07-012 - Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667)
Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Visual Studio .NET 2002(all versions and products included in the Visual Studio .NET 2002 suite)
- Visual Studio .NET 2003(all versions and products included in the Visual Studio .NET 2003 suite)

MS07-013 - Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118)
Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Office 2000 Service Pack 3
- Office 2000 Multilanguage Packs
- Office XP Service Pack 3 (all versions and products included in the Office XP suite)
- Office 2003 Service Pack 2
- Learning Essentials 1.0
- Learning Essentials 1.1
- Learning Essentials 1.5
- Global Input Method Editor for Office 2000 (Japanese)
- Office 2004 for Mac
- Office v.X for Mac

Glaswegian

Thanks for all the details Sakis - I'm starting to think you actually work for MS...

Zazula

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS07-016
* MS07-013
* MS07-012
* MS07-011
* MS06-078

Bulletin Information:
=====================

* MS07-016
- http://www.microsoft.com/technet/sec.../ms07-016.mspx
- Reason for Revision: Bulletin revised to correct installation
verification keys for Windows Internet Explorer 7. Removal
information for Windows Server 2003 updated with correct folder
- Originally posted: February 13, 2007
- Updated: February 21, 2007
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS07-013
- http://www.microsoft.com/technet/sec.../ms07-013.mspx
- Reason for Revision: Bulletin Updated: additional clarification
has been added to the e-mail attack vector. An attacker could
also attempt to exploit this vulnerability when a user
interacts with a malformed embedded OLE object within a Rich
Text e-mail message
- Originally posted: February 13, 2007
- Updated: February 21, 2007
- Bulletin Severity Rating: Important
- Version: 1.1

* MS07-012
- http://www.microsoft.com/technet/sec.../ms07-012.mspx
- Reason for Revision: Bulletin Updated: additional clarification
has been added to the e-mail attack vector. An attacker could
also attempt to exploit this vulnerability when a user
interacts with a malformed embedded OLE object within a Rich
Text e-mail message
- Originally posted: February 13, 2007
- Updated: February 21, 2007
- Bulletin Severity Rating: Important
- Version: 1.1

* MS07-011
- http://www.microsoft.com/technet/sec.../ms07-011.mspx
- Reason for Revision: BulletinUpdated: additional clarification
has been added to the e-mail attack vector. An attacker could
also attempt to exploit this vulnerability when a user
interacts with a malformed embedded OLE object within a Rich
Text e-mail message
- Originally posted: February 13, 2007
- Updated: February 21, 2007
- Bulletin Severity Rating: Important
- Version: 1.1

* MS06-078
- http://www.microsoft.com/technet/sec.../ms06-078.mspx
- Reason for Revision: Bulletin updated to provide additional
clarity around known issues customers may experience when
they install this security update: See Microsoft Knowledge
Base Article 933065 : Error message when you install the
original version of security update 923689 on Korean Windows
2000 and Microsoft Knowledge Base Article 933066 : Error
dialog when you install the security update 923689 on Windows
XP SP2.
- Originally posted: December 12, 2006
- Updated: February 21, 2007
- Bulletin Severity Rating: Critical
- Version: 2.2

Kalim

Have you tired accessing the MS07-016 link at all, from here or from the site itself?

It never loads. I've been trying it since it was issued.

Zazula

Kalim, for me it has worked all this time. Try also http://support.microsoft.com/kb/928090

Attached Images

ms07016.jpg (290.6 KB, 3 views)

Kalim

Thanks Zazula.

The link you provided is one that works, yes. But the ones linking from it just keep loading for 40 minutes on end, before my browser timings are set to display "page timeout".

Since it doesn't work on any browser and the rest of the site is swiftly navigationable with this same system, I guess I'll just wait for it to get better