Суровость: Высоко

9-ое октября 2007

Сводка:

Сегодня, Microsoft выпустил 3 бюллетеня обеспеченностью описывая уязвимости которые влияют на Windows и компоненты грузя с им. Дистанционный атакующий был в состоянии эксплуатировать самое плохое этих рванин для того чтобы исполнить Кодего на вашем Windows пикокулоне, потенциальн приобретающ вполне управление его. Для таблицы кратко суммируя уязвимости влияют на варианты Windows, видят Microsoft Сводка бюллетеня обеспеченностью на октябрь and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.

Exposure:

Microsoft’s three security bulletins detail vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. The summary below lists the vulnerabilities from highest to lowest severity.

MS07-055 : Kodak Image Viewer Remote Code Execution Vulnerability

The Kodak Image Viewer ships with Windows and allows you to view digital images. Unfortunately, the Kodak Image Viewer suffers from an unspecified “code execution vulnerability” involving the way it parses specially crafted images. By enticing one of your users into opening and viewing a malicious image (for example, one from a web site or attached to an email), an attacker could exploit this vulnerability to execute code on your user’s machine, with your user’s privileges. If your user has local administrative

Severity: High

9 October , 2007

Summary:

Today, Microsoft released a security bulletin describing three vulnerabilities in Internet Explorer. By tricking one of your users into visiting a maliciously crafted web page or into opening a maliciously crafted HTML email, an attacker could exploit five of these new vulnerabilities to execute code on your user’s computer, with your user’s privileges. In the worst case, the attacker could gain complete control of the victim computer. If you use Internet Explorer in your network, you should download, test, and deploy the appropriate Internet Explorer patches immediately. The patches fix the newly announced vulnerabilities, in addition to all previous ones.

Exposure:

In a security bulletin released today as part of their monthly patch update, Microsoft describes three vulnerabilities in Internet Explorer (IE) versions 5.01, 6.0, and 7.0.

The worst of these three vulnerabilities has to do with a flaw in the way IE handles a certain error involving file downloads. Triggering this error in a particular way causes memory corruption. By luring one of your users into visiting a malicious web page that forces this error, an attacker can exploit this memory corruption vulnerability to execute code on that user’s computer, with that user’s privileges. Typically, Windows users have local administrative privileges, in which case the attacker could gain complete control of their machines.

The remaining two flaws both involve

Severity: High

9 October, 2007

Summary:

Today, Microsoft released two security bulletins describing vulnerabilities affecting different Microsoft Office packages including Word (for Windows and Mac), Office SharePoint Server 2007, and Windows SharePoint Services 3.0. By enticing one of your users into opening a maliciously formed Office file, an attacker could exploit the worst of these flaws to execute code on your user’s computer, with your user’s privileges, potentially gaining control of that computer. If you use Office, Word, or SharePoint in your network, you should download, test, and deploy the appropriate patches immediately.

Exposure:

Microsoft’s two security bulletins describe vulnerabilities found in Word, Office SharePoint Server 2007, and Windows SharePoint Services 3.0. The summary below lists the vulnerabilities from highest to lowest severity.

MS07-060: Word Memory Corruption Vulnerability

Microsoft Word for Windows and Mac suffers from an unspecified memory corruption vulnerability. By enticing one of your users into downloading and opening a maliciously crafted Office document, an attacker can exploit this vulnerability to execute code on that user’s computer, with that user’s level of privileges and permissions. If your user has local administrative privilege, the attacker gains full control of the victim machine. Microsoft’s bulletin doesn’t specify exactly what sort of Office document triggers this vulnerability. We assume typical Word documents (.DOC) trigger the flaw, but we also have to assume that other Office documents could potentially trigger it as well.
Microsoft rating: Critical.