Microsoft on Tuesday released its September 2007 security bulletin, which includes four updates: One is designated as "critical" by the software giant; three are deemed "important," and one previously announced patch was dropped. Microsoft decided at the last minute not to patch Sharepoint Server in this month's release. The most serious patch affects Microsoft Agent in Windows 2000. Of the important patches, one affects Windows Services for UNIX, one affects Visual Studio and one affects both MSN Messenger and Windows Live Messenger.
All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.
Titled "Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827)" this bulletin affects only the users of Windows 2000 SP4, and does not affect users of Windows XP and Windows Vista and it addresses the vulnerability detailed in CVE-2007-3040. Successful exploitation could lead to remote code execution.
Titled "Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)" this bulletin affects users of Visual Studio .NET 2002 Service Pack 1, Visual Studio .NET 2003, Visual Studio .NET 2003 Service Pack 1, Visual Studio 2005, and Visual Studio 2005 Service Pack 1 and addresses the vulnerability detailed in CVE-2007-6133. Successful exploitation could lead to remote code execution.
Titled "Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)" this bulletin affects users of Windows Services for UNIX in Windows 2000, Windows XP and Windows Server 2003, and the Subsystem for UNIX-based Applications in Windows Server 2003 and Windows Vista, and addresses the vulnerability detailed in CVE-2007-3036. Successful exploitation could allow an attacker to gain an elevation of privilege.
Titled "Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution (942099)" this bulletin affects users of Windows 2000, Windows Server 2003, Windows XP and Windows Vista running MSN Messenger 6.2, MSN Messenger 7.0, MSN Messenger 7.5, and Windows Live Messenger 8.0, but it does not affect Windows Live Messenger 8.1, and addresses the vulnerability detailed in CVE-2007-2931. Successful exploitation could lead to remote code execution.