Microsoft Security Bulletins for December 2007 has been published. Get the security updates soon!

Microsoft released today the following security bulletins. Note: There may be latency issues due to replication, if the page does not display keep refreshing.

MS07-063 – Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)
MS07-064 – Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
MS07-065 – Vulnerability in Message Queuing Could Allow Remote Code Execution (937894)
MS07-066 – Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)
MS07-067 – Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)
MS07-068 – Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
MS07-069 – Cumulative Security Update for Internet Explorer (942615)

Note: Red font means CRITICAL

Non-Security, High-Priority Updates on MU, WU, and WSUS

Microsoft has released four non-security, high-priority updates and 2007 Microsoft Office Service Pack 1 on Microsoft Update (MU) and Windows Server Update Services (WSUS).

Microsoft has released four non-security, high-priority updates for Windows and Windows SharePoint Services 3.0 Service Pack 1 on Windows Update (WU) and WSUS.

References:
December 2007 Security Bulletins Summary: http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx
Security Bulletin for end-users: http://www.microsoft.com/protect/computer/updates/bulletins/200712.mspx
MSRC Blog: http://blogs.technet.com/msrc/default.aspx  (Edit: here’s now the blog entry of MSRC on this months security bulletins – December 2007 Monthly Release)

Support:
Call 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. International users should go to http://support.microsoft.com/common/international.aspx

Security Bulletin Webcast:
Microsoft will host a Webcast tomorrow. The webcast focuses on addressing your questions and concerns about the security bulletins. Therefore, most of the live webcast is aimed at giving you the opportunity to ask questions and get answers from their security experts.

Update sources:
Microsoft NEVER send security updates via e-mail. As always, download the updates only from the vendors’ website – visit Windows Update and Office Update or Microsoft Update. You may also get the updates thru Automatic Updates functionality in Windows.
Security updates are available on ISO-9660 DVD5 image files from the Microsoft Download Center. For more information, please see http://support.microsoft.com/kb/913086
Note: Don’t be a victim of spoofed emails. Read “How to tell whether a security e-mail message is really from Microsoft

Recommendations:
Microsoft advises customers to install the latest product releases, security updates, and service packs to remain as secure as possible. Older products, such as Microsoft Windows NT 4.0, may not meet today’s more demanding security requirements. It may not be possible for Microsoft to provide security updates for older products. More info at Microsoft Support Lifecycle website.

Report Security Vulnerability to Microsoft:
believe you have found a Microsoft security vulnerability, please report: https://www.microsoft.com/technet/security/bulletin/alertus.aspx

Tool:
Check your system for missing or misconfigured patches using Microsoft Baseline Security Analyzer (MBSA).
For 3rd Party tools in scanning your computer for missing updates, hotfixes or out-dated version, please see the list at http://www.dozleng.com/updates/index.php?showtopic=13587

Leave a Reply