Microsoft fixes four flaws; one is critical

In latest Patch Tuesday, company releases patches for flaws in Microsoft Agent in Windows 2000, Windows Services for UNIX, Visual Studio, MSN Messenger and Windows Live Messenger.

Microsoft on Tuesday released its September 2007 security bulletin, which includes four updates: One is designated as "critical" by the software giant; three are deemed "important," and one previously announced patch was dropped. Microsoft decided at the last minute not to patch Sharepoint Server in this month's release. The most serious patch affects Microsoft Agent in Windows 2000. Of the important patches, one affects Windows Services for UNIX, one affects Visual Studio and one affects both MSN Messenger and Windows Live Messenger.

All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-051: Critical

Titled "Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827)" this bulletin affects only the users of Windows 2000 SP4, and does not affect users of Windows XP and Windows Vista and it addresses the vulnerability detailed in CVE-2007-3040. Successful exploitation could lead to remote code execution.

MS07-052: Important

Titled "Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)" this bulletin affects users of Visual Studio .NET 2002 Service Pack 1, Visual Studio .NET 2003, Visual Studio .NET 2003 Service Pack 1, Visual Studio 2005, and Visual Studio 2005 Service Pack 1 and addresses the vulnerability detailed in CVE-2007-6133. Successful exploitation could lead to remote code execution.

MS07-053: Important

Titled "Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)" this bulletin affects users of Windows Services for UNIX in Windows 2000, Windows XP and Windows Server 2003, and the Subsystem for UNIX-based Applications in Windows Server 2003 and Windows Vista, and addresses the vulnerability detailed in CVE-2007-3036. Successful exploitation could allow an attacker to gain an elevation of privilege.

MS07-054: Important

Titled "Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution (942099)" this bulletin affects users of Windows 2000, Windows Server 2003, Windows XP and Windows Vista running MSN Messenger 6.2, MSN Messenger 7.0, MSN Messenger 7.5, and Windows Live Messenger 8.0, but it does not affect Windows Live Messenger 8.1, and addresses the vulnerability detailed in CVE-2007-2931. Successful exploitation could lead to remote code execution.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

The problem with Amazon Dash buttons

Limits on choice mean new shopping gadget won't click for everyone. Bridget Carey explains how the buttons work, and the rule changes for sharing your Prime perks with others.

by Bridget Carey