Microsoft released nine security updates for August, rating six of them as critical. Here's a brief description of each update; for more information, go to http://www.microsoft.com/technet/security/bulletin/ms07-aug.mspx
MS07-042: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
The attack vector for this exploit is a specially crafted Web page viewed in Internet Explorer (IE). The exploit targets Microsoft XML Core Services and, if unpatched, could allow the execution of malicious code.
Applies to: All versions of Windows
Recommendation: Although Microsoft rates this update as critical, the vulnerability has not been publicly disclosed. You should promptly perform testing and deployment of this update.
MS07-043: Vulnerability in OLE Automation Could Allow Remote Code Execution
The attack vector for this exploit is a specially crafted Web page viewed in Internet Explorer (IE). The exploit targets OLE functionality. If unpatched, the exploit could be leveraged to allow the execution of malicious code.
Applies to: All versions of Windows except Vista, Office 2004 for Mac, Microsoft Visual Basic 6.0 SP6
Recommendation: Although Microsoft rates this update as critical, the vulnerability has not been publicly disclosed. You should promptly perform testing and deployment of this update.
MS07-044: Vulnerability in Microsoft Excel Could Allow Remote Code Execution
The attack vector for this exploit is a specifically crafted Excel document. If unpatched, the exploit could be leveraged to allow the execution of malicious code.
Applies to: Office 2000, Office XP, Office 2003, and Office 2004 for Mac
Recommendation: Although Microsoft rates this update as critical, the vulnerability has not been publicly disclosed. You should promptly perform testing and deployment of this update.
MS07-045: Cumulative Security Update for Internet Explorer
This update addresses three privately reported vulnerabilities. The vectors for these exploits are all specially crafted Web pages.
Applies to: All versions of Internet Explorer (IE)
Recommendation: The rating of this update is dependent on the host platform. For Windows 2000 and Windows XP, the update is rated critical; for Windows Vista, the update is rated important. Deploy this update to older versions of Windows prior to deploying it to Vista clients.
MS07-046: Vulnerability in GDI Could Allow Remote Code Execution
The attack vector for this exploit is a specially crafted image. If unpatched, the image could be configured to allow remote code execution on the target system.
Applies to: Windows 2000, Windows XP, and Windows Server 2003 (SP2 unaffected)
Recommendation: Although Microsoft rates this update as critical, the vulnerability has not been publicly disclosed. You should promptly perform testing and deployment of this update.
MS07-047: Vulnerability in Windows Media Player Could Allow Remote Code Execution
The attack vector for this exploit is a specially crafted media file. This vulnerability could allow remote code execution.
Applies to: Windows Media Player on all versions of Windows
Recommendation: Microsoft rates this bulletin as important, and the vulnerability has not been publicly disclosed. You should test and deploy this patch as part of your normal patch management cycle.
MS07-048: Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution
The vector for this attack is the Feed Headlines Gadget and can be exploited if a user subscribes to a malicious RSS feed. This exploit could allow the attacker to run remote code with the privileges of the logged-on user.
Applies to: Windows Vista
Recommendation: Microsoft rates this bulletin as important, and the vulnerability has not been publicly disclosed. You should test and deploy this update as part of your normal patch management cycle.
MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege
This is an elevation of privilege vulnerability that could allow a guest OS user to run code on the host OS. This exploit can be leveraged only by users of the guest OS who have been granted administrative privileges.
Applies to: Virtual PC 2004, Virtual Server 2005/2005R2, and Virtual PC for Mac 6 and 7
Recommendation: This update is specific to customers running Virtual PC and Virtual Server. Microsoft rates it as important, so if you are using these products in your environment, you should test and patch as part of your usual patch management routine.
MS07-050: Vulnerability in Vector Markup Language Could Allow Remote Code Execution
The attack vector for this exploit is a specially crafted Web page. If unpatched, users navigating to the page could inadvertently trigger remote code execution, compromising the target computer.
Applies to: Internet Explorer (IE) on all versions of Windows
Recommendation: Consult the associated Microsoft article (938127) because customers have experienced documented issues when applying this update. The vulnerability has been privately reported, so you should perform testing and deploy this update at your earliest convenience.
Register
