Microsoft fixes four flaws; one is critical

In latest Patch Tuesday, company releases patches for flaws in Microsoft Agent in Windows 2000, Windows Services for UNIX, Visual Studio, MSN Messenger and Windows Live Messenger.

Microsoft on Tuesday released its September 2007 security bulletin, which includes four updates: One is designated as "critical" by the software giant; three are deemed "important," and one previously announced patch was dropped. Microsoft decided at the last minute not to patch Sharepoint Server in this month's release. The most serious patch affects Microsoft Agent in Windows 2000. Of the important patches, one affects Windows Services for UNIX, one affects Visual Studio and one affects both MSN Messenger and Windows Live Messenger.

All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-051: Critical

Titled "Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827)" this bulletin affects only the users of Windows 2000 SP4, and does not affect users of Windows XP and Windows Vista and it addresses the vulnerability detailed in CVE-2007-3040. Successful exploitation could lead to remote code execution.

MS07-052: Important

Titled "Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)" this bulletin affects users of Visual Studio .NET 2002 Service Pack 1, Visual Studio .NET 2003, Visual Studio .NET 2003 Service Pack 1, Visual Studio 2005, and Visual Studio 2005 Service Pack 1 and addresses the vulnerability detailed in CVE-2007-6133. Successful exploitation could lead to remote code execution.

MS07-053: Important

Titled "Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)" this bulletin affects users of Windows Services for UNIX in Windows 2000, Windows XP and Windows Server 2003, and the Subsystem for UNIX-based Applications in Windows Server 2003 and Windows Vista, and addresses the vulnerability detailed in CVE-2007-3036. Successful exploitation could allow an attacker to gain an elevation of privilege.

MS07-054: Important

Titled "Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution (942099)" this bulletin affects users of Windows 2000, Windows Server 2003, Windows XP and Windows Vista running MSN Messenger 6.2, MSN Messenger 7.0, MSN Messenger 7.5, and Windows Live Messenger 8.0, but it does not affect Windows Live Messenger 8.1, and addresses the vulnerability detailed in CVE-2007-2931. Successful exploitation could lead to remote code execution.

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Looking for an affordable tablet?

    CNET rounds up high-quality tablets that won't break your wallet.