Haziran 2007 Microsoft Security Bulletin Summary

Microsoft Security Bulletin MS07-031
Bulletin Title:
Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)
Executive Summary:
This critical security update resolves a privately reported vulnerability in the Secure Channel (Schannel) security package in Windows. The Schannel security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using an Internet Web browser or used an application that makes use of SSL/TLS. However, attempts to exploit this vulnerability would most likely result in the Internet Web browser or application exiting. The system would not be able to connect to Web sites or resources using SSL or TLS until a restart of the system.
Maximum Severity Rating:
Critical
Impact of Vulnerability:
Remote Code Execution
Detection:
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software:
Windows.

Microsoft Security Bulletin MS07-033
Cumulative Security Update for Internet Explorer (933566)
Executive Summary:
This critical security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. All but one of these vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. One vulnerability could allow spoofing, and also involves a specially crafted Web page. In all remote code execution cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. For the spoofing case, exploitation requires user interaction.
Maximum Severity Rating:
Critical
Impact of Vulnerability:
Remote Code Execution
Detection:
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software:
Windows, Internet Explorer.

Microsoft Security Bulletin MS07-034
Bulletin Title:
Cumulative Security Update for Outlook Express and Windows Mail (929123)
Executive Summary:
This critical security update resolves two privately reported and two publicly disclosed vulnerabilities. One of these vulnerabilities could allow remote code execution if a user viewed a specially crafted e-mail using Windows Mail in Windows Vista. The other vulnerabilities could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer and cannot be exploited directly in Outlook Express. For the information disclosure vulnerabilities, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating:
Critical
Impact of Vulnerability:
Remote Code Execution
Detection:
Microsoft Baseline Security Analyzer and the Enterprise Scan Tool can detect whether your computer system requires this update. The update may require a restart.
Affected Software:
Windows, Outlook Express, Windows Mail.

Microsoft Security Bulletin MS07-035
Bulletin Title:
Vulnerability in Win32 API Could Allow Remote Code Execution (935839)
Executive Summary:
This critical security update resolves a privately reported vulnerability in a Win32 API. This vulnerability could allow remote code execution or elevation of privilege if the affected API is used locally by a specially crafted application. Therefore, applications that use this component of the Win32 API could be used as a vector for this vulnerability. For example, Internet Explorer uses this Win32 API function when parsing specially crafted Web pages.
Maximum Severity Rating:
Critical
Impact of Vulnerability:
Remote Code Execution
Detection:
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software:
Windows.

Microsoft Security Bulletin MS07-030
Bulletin Title:
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)
Executive Summary:
This important security update resolves two privately discovered and responsibly reported vulnerabilities in addition to other security issues identified during the course of the investigation. The privately reported vulnerabilities could allow remote code execution if a user opened a specially crafted Visio file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required to exploit these vulnerabilities.
Maximum Severity Rating:
Important
Impact of Vulnerability:
Remote Code Execution
Detection:
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software:
Office, Visio.

One thought on “Haziran 2007 Microsoft Security Bulletin Summary

Leave a Reply

Your email address will not be published. Required fields are marked *

62 − 55 =