Spyware, Viruses, & Security forum

General discussion

Microsoft Security Bulletins for October

by Donna Buenaventura / October 9, 2007 3:35 AM PDT

Microsoft released the following security bulletins today:

4 Critical
MS07-055 - Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)
MS07-056 - Security Update for Outlook Express and Windows Mail (941202)
MS07-057 - Cumulative Security Update for Internet Explorer (939653)
MS07-060 - Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)

2 Important
MS07-058 - Vulnerability in RPC Could Allow Denial of Service (933729)
MS07-059 - Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary

Bulletin Summary is at http://www.microsoft.com/technet/security/bulletin/ms07-oct.mspx

Discussion is locked
You are posting a reply to: Microsoft Security Bulletins for October
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Microsoft Security Bulletins for October
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Re-released: Microsoft Security Bulletin MS05-004
by Donna Buenaventura / October 9, 2007 3:40 AM PDT
Collapse -
Note on MS05-004
by Donna Buenaventura / October 9, 2007 3:55 AM PDT

If you have already successfully installed this update (MS05-004), you do not need to reinstall it.

Collapse -
Re-released: Security Bulletin MS07-056
by Donna Buenaventura / October 10, 2007 2:19 PM PDT

The following bulletin has undergone a major revision increment. Please see the bulletin for more detail.

Bulletin Information:
=====================

* MS07-056 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms07-056.mspx
- Reason for Revision: Revised to include Windows XP Professional
x64 Edition in the Affected Software section; Known Issues
set to none; Corrected missing file information to the
bulletin text for Outlook Express 6.0 Service Pack 1 on
Windows 2000 Service pack 4 and Outlook Express 5.5 Service
Pack 2 on Windows 2000 Service pack 4.
- Originally posted: October 9, 2007
- Updated: October 10, 2007
- Bulletin Severity Rating: Critical
- Version: 2.0

Collapse -
Minor revisions on MS Security Bulletins
by Donna Buenaventura / October 10, 2007 2:25 PM PDT

The following bulletins have undergone a minor revision increment.

Please see the appropriate bulletin for more details.

* MS07-060 - Critical
* MS07-058 - Important
* MS07-057 - Critical
* MS07-045 - Critical
* MS07-027
* MS06-068
* MS06-006
* MS05-032

Bulletin Information:

=====================

* MS07-060 - Critical

- http://www.microsoft.com/technet/security/...n/ms07-060.mspx
- Reason for Revision: Bulletin Updated: Hyperlink updated for the Microsoft Mactopia Web site to the correct download location of the 11.3.8 Update in the Deployment Information section.
- Originally posted: October 9, 2007
- Updated: October 10, 2007
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS07-058 - Important

- http://www.microsoft.com/technet/security/...n/ms07-058.mspx
- Reason for Revision: Updating bulletin to show XP professional x64 Edition Service Pack 2 as affected software.
- Originally posted: October 9, 2007
- Updated: October 10, 2007
- Bulletin Severity Rating: Important
- Version: 1.1

* MS07-057 - Critical

- http://www.microsoft.com/technet/security/...n/ms07-057.mspx
- Reason for Revision: Revised to correct the What does the update do? section for CVE-2007-3893
- Originally posted: October 9, 2007
- Updated: October 10, 2007
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS07-045 - Critical

- http://www.microsoft.com/technet/security/...n/ms07-045.mspx
- Reason for Revision: Bulletin revised to correct the name of an affected file in the bulletin text only.
- Originally posted: August 14, 2007
- Updated: October 10, 2007
- Bulletin Severity Rating: Critical
- Version: 1.3

* MS07-027

- http://www.microsoft.com/technet/security/...n/ms07-027.mspx
- Reason for Revision: Revised to include missing folder information for Internet Explorer 7 for Windows Server 2003
- Originally posted: May 8, 2007
- Updated: October 10, 2007
- Bulletin Severity Rating: Critical
- Version: 1.4

* MS06-068

- http://www.microsoft.com/technet/security/...n/ms06-068.mspx
- Reason for Revision: Clarified that MS05-032 is only replaced when both MS06-068 and MS07-045 are installed. For more information, see What updates does this release replace? in the section, Frequently Asked Questions (FAQ) Related to This Security Update
- Originally posted: November 14, 2006
- Updated: October 10, 2007
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS06-006

- http://www.microsoft.com/technet/security/...n/ms06-006.mspx
- Reason for Revision: V1.1 (October 10, 2007): Added Microsoft Knowledge Base Article 937986 to Caveats which documents the currently known issues that customers may experience when they install this security update.
- Originally posted: February 14, 2006
- Updated: October 10, 2007
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS05-032

- http://www.microsoft.com/technet/security/...n/ms05-032.mspx
- Reason for Revision: Clarified that MS05-032 is replaced only when both MS06-068 and MS07-045 are installed. For more information, see Why am I receiving this update in the section, Frequently Asked questions (FAQ) related to this security update.
- Originally posted: June 14, 2005
- Updated: October 10, 2007
- Bulletin Severity Rating: Moderate
- Version: 2.2

Collapse -
Donna, the links you provided aren't working for me.
by Shirley R / October 11, 2007 8:39 AM PDT

They take me to about:blank.

I am having a problem with MS07-057, and was interested in what the revised bulletin said. I searched Google but couldn't find the revision.

Shirley,

Collapse -
Shirley
by Donna Buenaventura / October 12, 2007 6:45 AM PDT

I just tried going to http://go.microsoft.com/fwlink/?LinkId=95045 or http://www.microsoft.com/technet/security/Bulletin/MS07-057.mspx and it loaded here.

It says:
Revisions

V1.0 (October 9, 2007): Bulletin published.

V1.1 (October 10, 2007): Bulletin revised to correct the "What does the update do?" section for CVE-2007-3893

Then I look-up for the change on the said CVE #:
FAQ for Error Handling Memory Corruption Vulnerability - CVE-2007-3893:
What does the update do?
The update removes the vulnerability by modifying the error exception handling so that there is no attempt made to access the freed memory.

HTH

Donna

Collapse -
(NT) Thank you, Donna. Appreciate your time & help.
by Shirley R / October 12, 2007 10:26 AM PDT
In reply to: Shirley
Collapse -
(NT) You're most welcome Shirley! Happy weekend!
by Donna Buenaventura / October 12, 2007 3:58 PM PDT
Collapse -
Minor Revisions: MS07-055 & MS07-060
by Donna Buenaventura / October 17, 2007 1:16 PM PDT

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS07-055 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms07-055.mspx
- Reason for Revision: Bulletin updated to include Windows XP x64 Edition among non-affected software.
- Originally posted: October 9, 2007
- Updated: October 17, 2007
- Bulletin Severity Rating: Critical
- Version: 1.1


* MS07-060 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms07-060.mspx
- Reason for Revision: Bulletin updated: Vulnerability FAQ updated to explain the nature of the update and plans for addressing similar stability issues.
- Originally posted: October 9, 2007
- Updated: October 17, 2007
- Bulletin Severity Rating: Critical
- Version: 1.2

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.