|
Latest Blog:
New Features in LogRhythm 4.0 Deserve a Place on Your Short List |
|
Microsoft® Security Bulletins
Commentary and Analysis by Randy Franklin Smith
Every month, Micosoft® issues security bulletins - and every month, Randy gives you an in-depth, expert, independent analysis of the latest bulletins in understandable language. July 12, 2005 begins Randy Franklin Smith's expert commentary on security bulletins released by Microsoft on the 2nd Tuesday of each month.
"Within hours of Microsoft's release I will give you my independent take on each bulletin from Microsoft. Much more than a mere rehash of Microsoft's bulletins, I will endeavor to provide you with an independent analysis of each month's vulnerabilities that cuts to the chase with informed observations about the risk and possible mitigating controls, as well as practical guidance for determining if your systems are at risk and deploying work-arounds or updates." |
Your e-mail address will be held strictly confidential
and you can unsubscribe at any time. |
March 2008
KB # |
Exploit Type
Product |
Principle type of systems exposed |
Exploit details public? / Being exploited? |
Comprehensive, practical workaround available? |
MS severity rating |
Vulnerable
Windows or
Office versions |
Notes |
Randy’s recommendation |
2000 |
XP |
2003 |
Vista/ 2008 |
MS08-014
(KB949029) |
Remote code
Office Excel |
Workstations and Terminal Servers |
Yes/Yes |
No |
Critical |
Yes |
Yes |
Yes |
Yes |
Fixes several vulnerabilities. Office 2003 SP3 and Office 2007 SP1 not affected. |
Patch immediately. |
MS08-015
(KB949031) |
Remote code
Outlook |
Workstations and Terminal Servers |
No/No |
Yes |
Critical |
Yes |
Yes |
Yes |
Yes |
2007 SP1 not affected. |
Disable mailto handler; Patch after testing |
MS08-016
(KB949030) |
Remote code
Office |
Workstations and Terminal Servers |
No/No |
Yes |
Critical |
Yes |
Yes |
Yes |
No |
Some later service pack levels not affected. |
Install MOICE, use file block policy; Patch after testing |
MS08-017
(KB933103) |
Remote code
Office Web Components |
Workstations and Terminal Servers |
No/No |
Yes |
Critical |
Yes |
No |
No |
No |
Patch sets kill bit |
Set kill bit; Patch after testing |
Febuary 2008
KB # |
Exploit Type
Product |
Principle type of systems exposed |
Exploit details public? / Being exploited? |
Comprehensive, practical workaround available? |
MS severity rating |
Vulnerable
Windows or
Office versions |
Notes |
Randy’s recommendation |
2000 |
XP |
2003 |
Vista/ 2008 |
MS08-003
(KB946538) |
Denial of Service
Windows,AD and ADAM |
Servers |
No/No |
Yes |
Important |
Yes |
Yes |
Yes |
No |
Active Directory LDAP; Restart Req’d |
Use IPSec, firewall to block LDAP. Patch after testing |
MS08-004
(KB946456) |
Denial of Service
Windows |
Workstations |
No/No |
No (workaround involves not using DHCP) |
Important |
No |
No |
No |
Yes |
Restart Req’d |
Patch after testing |
MS08-005
(KB942831) |
Privilege Elevation
Windows,IIS |
IIS Servers |
No/No |
Yes |
Important |
Yes |
Yes |
Yes |
Yes |
Vista SP1 and 2008 not affected;
Restart on some OS |
Patch after testing |
MS08-006
(KB942830) |
Remote code
Windows,IIS |
IIS Servers |
No/No |
Yes (On Server 2003 disable classic ASP) |
Important |
No |
Yes |
Yes |
No |
Classic ASP not installed by default. ASP.NET not affected |
Patch after testing |
MS08-007
(KB946026) |
Remote code
Windows |
Workstations and Terminal Servers |
No/No |
Yes |
Critical |
No |
Yes |
Yes |
Yes |
Vista SP1 and 2008 not affected; Restart Req’d |
Disable WebDAV; Patch after testing |
MS08-008
(KB947890) |
Remote code
Windows,Office,Visual Basic |
Workstations and Terminal Servers |
No/No |
Yes |
Critical |
Yes |
Yes |
Yes |
Yes |
Restart Req’d |
Set kill bit for affected ActiveX; Patch after testing |
MS08-009
(KB947077) |
Remote code
MSWord |
Workstations and Terminal Servers |
No/No |
Yes |
Critical |
Yes |
Yes |
Yes |
No |
|
Install MOICE; Patch after testing |
MS08-010
(KB944533) |
Remote code
Windows, IE |
Workstations and Terminal Servers |
No/No |
No |
Critical |
Yes |
Yes |
Yes |
Yes |
Cumulative update to IE; Restart Req’d |
Patch after testing |
MS08-011
(KB947081) |
Remote code
Office,Works |
Workstations and Terminal Servers |
No/No |
Yes |
Important |
No |
No |
Yes |
Yes |
File converters |
Disable file converters; Patch after testing |
MS08-012
(KB947085) |
Remote code
Office Publisher |
Workstations and Terminal Servers |
No/No |
No |
Critical |
Yes |
Yes |
Yes |
No |
|
Patch after testing |
MS08-013
(KB947108) |
Remote code
Office |
Workstations and Terminal Servers |
No/No |
Yes |
Critical |
Yes |
Yes |
Yes |
No |
|
Restrict access to VBE6.dll; Patch after testing |
January 2008
KB # |
Exploit Type
Product |
Principle type of systems exposed |
Exploit details public? / Being exploited? |
Comprehensive, practical workaround available? |
MS severity rating |
Vulnerable
Windows or
Office versions |
Notes |
Randy’s recommendation |
2000 |
XP |
2003 |
Vista/ 2008 |
MS08-001
(KB941644) |
Arbitrary code
Windows |
Workstations & Terminal Servers |
No/No |
Yes |
Critical |
Yes |
Yes |
Yes |
Yes |
Restart is Required |
Options:
- Disable or block IGMP/MLD and Router Discovery Protocol. This will break multi-cast applications such as some features in Ghost or live Internet broadcasts. Can be disabled using group policy by creating a custom administrative template.
- Patch after testing |
MS08-002
(KB943485) |
Privilege elevation
Windows |
Workstations & Terminal Servers |
No/No |
No |
Important |
Yes |
Yes |
Yes |
No |
Restart is Required |
Patch after testing |
December 2007
KB # |
Exploit Type
Product |
Principle type of systems exposed |
Exploit details public? / Being exploited? |
Comprehensive, practical workaround available? |
MS severity rating |
Vulnerable
Windows or
Office versions |
Notes |
Randy’s recommendation |
2000 |
XP |
2003 |
Vista/ 2008 |
MS07-063
(KB942624) |
Arbitrary code
Vista only |
Workstations |
No/No |
Yes |
Important |
No |
No |
No |
Yes |
SMBv2 signing |
Temporarily disable SMBv2; Patch after testing. Create a custom administrative template to implement the workaround automatically via group policy. Use http://www.ultimatewindowssecurity.com/killbit.asp as a guide |
MS07-064
(KB941568) |
Arbitrary code
Windows |
Workstations & Terminal Servers |
No/No |
Yes |
Critical |
Yes |
Yes |
Yes |
Yes |
DirectX; restart may be required when patching; workaround reduces functionality |
Patch after testing or implement workaround permissions change with group policy |
MS07-065
(KB937894)
|
Arbitrary code
Windows |
Servers |
No/No |
Yes |
Important |
Yes |
Yes |
No |
No |
MSMQ is not installed by default; Restart required |
Disable Message Queuing via group policy; Patch after testing |
MS07-066
(KB943078) |
Privilege Elevation
Vista only |
Workstations |
No/No |
No |
Important |
No |
No |
No |
Yes |
Restart required |
Patch after testing – if your end users are not already local administrators |
MS07-067
(KB944653) |
Privilege Elevation
Windows |
Workstations & Terminal Servers |
Yes/Yes |
Yes |
Important |
No |
Yes |
Yes |
No |
Macrovision Driver |
Disable secdrv.sys; Patch after testing |
MS07-068
(KB941569)
(KB944275) |
Arbitrary code
Windows |
Workstations & Terminal Servers |
No/No |
Workstations: yes |
Critical |
Yes |
Yes |
Yes |
Yes |
Windows Media Format; no workaround for servers; restart not required if service can be stopped |
Patch after testing or, in case of workstations, implement workaround permissions change with group policy |
MS07-069
(KB942615) |
Arbitrary code
Windows |
Workstations & Terminal Servers |
No/Yes |
Not unless your users will let you get away with disabling Active Scripting and ActiveX in IE J |
Critical |
Yes |
Yes |
Yes |
Yes |
Internet Explorer 6 & 7 multiple vulnerabilities; restart required |
Patch immediately or disable Active Scripting and ActiveX except for trusted sites |
November 2007
KB # |
Exploit Type
Product |
Principle type of systems exposed |
Exploit details public? / Being exploited? |
Comprehensive, practical workaround available? |
MS severity rating |
Vulnerable
Windows or
Office versions |
Notes |
Randy’s recommendation |
2000 |
XP |
2003 |
Vista/ 2008 |
MS07-061
(KB943460) |
Arbitrary code
Windows |
Workstations & Terminal Servers |
Yes/Yes |
No |
Critical |
No |
Yes |
Yes |
NO |
Live exploit is with IE7; Restart required |
Patch immediately if IE7 is installed. Patch after testing if IE6 is used. |
MS07-062
(KB941672) |
Spoofing
Windows |
DNS Servers |
No/No |
No |
Important |
Yes |
No |
Yes |
No |
DNS;
Does not affect Workstation 2000 |
Patch DNS servers after testing |
October 2007
KB # |
Exploit Type
Product |
Principle type of systems exposed |
Exploit details public? / Being exploited? |
Comprehensive, practical workaround available? |
MS severity rating |
Vulnerable
Windows or
Office versions |
Notes |
Randy’s recommendation |
2000 |
XP |
2003 |
Vista/ 2008 |
MS07-055
(KB923810) |
Arbitrary code
Windows |
Workstations & Terminal Servers |
No/No |
No |
Critical |
Yes |
Yes |
Yes |
No |
Kodak Image Viewer – Only affects XP and 2003 if it was upgraded from 2000 |
Patch after testing |
MS07-056
(KB941202) |
Arbitrary code
Windows |
Workstations & Terminal Servers |
No/No |
Yes |
Critical |
Yes |
Yes |
Yes |
Yes |
Outlook Express, Mail |
Disable news protocol handler; Patch after testing |
MS07-057
(KB939653)
|
Arbitrary code
Internet Explorer |
Workstations & Terminal Servers |
Yes/No |
No |
Critical |
Yes |
Yes |
Yes |
Yes |
Cumulative update addresses several vulnerabilities |
Patch after testing |
MS07-058
(KB933729) |
Denial of Service
Windows |
All |
No/No |
No |
Important |
Yes |
Yes |
Yes |
Yes |
RPC Authentication |
Patch after testing |
MS07-059
(KB942017) |
Privilege Elevation; Information Disclosure
Windows |
Servers |
Yes/No |
No |
Important |
No |
No |
Yes |
Yes |
Sharepoint Server |
Patch after testing |
MS07-060
(KB942695) |
Arbitrary code
MS Word |
Workstations & Terminal Servers |
No/Yes |
No |
Critical |
Yes |
Yes |
No |
No |
|
Patch after testing |
September 2007
KB # |
Exploit Type
Product |
Principle type of systems exposed |
Exploit details public? / Being exploited? |
Comprehensive, practical workaround available? |
MS severity rating |
Vulnerable
Windows or
Office versions |
Notes |
Randy’s recommendation |
2000 |
XP |
2003 |
Vista/ 2008 |
MS07-051
(KB938827) |
Arbitrary code
Windows |
Workstations & Terminal Servers |
No/No |
Yes |
Critical |
Yes |
No |
No |
No |
Windows Agent Active X Control
Restart required |
Set kill bit or patch after testing. |
MS07-052
(KB941522) |
Arbitrary code
Visual Studio |
Programmer workstations |
Yes/No |
Yes |
Important |
Yes |
Yes |
Yes |
No |
Crystal Reports
Restart required? Maybe |
Remove Crystal Reports and association with .rpt files; Patch after testing
OR: inform and depend on programmers to refrain from opening RPT files received via email or download |
MS07-053
(KB939778) |
Elevation of code
Windows Services for Unix |
All |
Yes/No |
No |
Important |
Yes |
Yes |
Yes |
Yes |
Default setup does not include Services for Unix
Restart required |
Patch after testing |
MS07-054
(KB942099) |
Arbitrary code
Windows Live Messenger
MSN Messenger |
Workstations & Terminal Servers |
Yes/No |
No |
Important |
Yes |
Yes |
Yes |
Yes |
Patch prompts to upgrade Messenger
Restart required? Yes, if messenger is active |
You are immune if using Windows Messenger 8.1 or MSN Messenger 7.0.0820
Upgrade to Latest version of Messenger/Patch after testing |
August 2007
KB # |
Exploit Type
Product |
Principle type of systems exposed |
Exploit details public? / Being exploited? |
Comprehensive, practical workaround available? |
MS severity rating |
Vulnerable
Windows or
Office versions |
Notes |
Randy’s recommendation |
2000 |
XP |
2003 |
Vista/ 2007 |
MS07-042 - 936227 |
Arbitrary code
Windows, XML Core Services |
Workstations & Terminal Servers |
No/No |
No |
Critical |
Yes |
Yes |
Yes |
Yes |
XML Core Services may get installed by MS apps in addition to Windows. See KB269238 |
Patch after testing |
MS07-043 -
921503 |
Arbitrary code
Windows, Visual Basic, Office for Mac |
Workstations & Terminal Servers |
No/No |
No |
Critical |
Yes |
Yes |
Yes |
No |
OLE Automation. Known issue for Visual Basic developers (KB921503) and users of 3rd party developed VB apps (KB921503) |
Patch after testing. Check 3rd party apps. Developers, alert your users. |
MS07-044 - 940965
|
Arbitrary code
Office, Excel |
Workstations & Terminal Servers |
No/No |
Yes |
Critical |
Yes |
Yes |
Yes |
No |
|
Patch after testing or use Office File Block policy workaround |
MS07-045 -
937143 |
Arbitrary code, DOS
Windows Internet Explorer |
Workstations & Terminal Servers |
No/No |
No |
Critical |
Yes |
Yes |
Yes |
Yes |
|
Patch after testing |
Cumulative Update includes non-security fixes. Known issue in KB937143. Sets kill bits for several non-MS ActiveX controls |
MS07-046 -
938829 |
Arbitrary code
Windows |
Workstations & Terminal Servers |
No/No |
No |
Critical |
Yes |
Yes |
No if SP2 |
No |
W2003 SP2 not affected |
Patch after testing |
MS07-047 -
936782 |
Arbitrary code
Windows |
Workstations & Terminal Servers |
No/No |
Yes |
MS says Important; I say Critical |
Yes |
Yes |
Yes |
Yes |
Windows Media Player skins. Known issue with .SWF Flash files (KB936782) |
Patch after testing or implement WMZ/WMD workaround |
MS07-048 - 938123 |
Arbitrary code Windows |
Workstations |
No/No |
Yes |
MS says Important; I say Critical |
No |
No |
No |
Yes |
Vista Gadgets |
Patch after testing or use one of the workarounds supported by group policy |
MS07-049 - 937986 |
Arbitrary code
Virtual PC Virtual Server |
Virtual PC & Virtual Server |
No/No |
No |
MS says Important; I say Critical |
Versions PRIOR to Virtual PC 2007 and Virtual PC Server 2005 R2 SP2
|
|
Install patch or upgrade to latest version |
MS07-050 - 938127 |
Arbitrary code
Windows, Internet Explorer |
Workstations & Terminal Servers |
No/No |
Yes |
Critical |
Yes |
Yes |
Yes |
Yes |
Disable Vector Markup Language |
Patch after testing or implement workaround |
|
|
|
|
|
|
|
|
|
|
|
|
July 2007
| KB # |
Exploit Type
Product |
Principle type of systems exposed |
Exploit details public? / Being exploited? |
Comprehensive, practical workaround available? |
MS severity rating |
Vulnerable
Windows or
Office versions |
Notes |
Randy’s recommendation |
2000 |
XP |
2003 |
Vista/ 2007 |
MS07-036 - 936542 |
Arbitrary code
Office Excel |
Workstations & Terminal Servers |
No/No |
Yes |
Critical |
Yes |
Yes |
Yes |
Yes |
Excel including Office 2007 Compatibility Pack |
Patch after testing |
MS07-037 -
936548 |
Arbitrary code
Office Publisher |
Workstations & Terminal Servers |
No/No |
Yes |
Important |
No |
No |
No |
Yes |
|
Patch after testing |
MS07-038 - 935807 |
Arbitrary code
Windows Firewall |
Workstations |
No/No |
Yes |
Moderate |
No |
No |
No |
Yes |
Teredo network interface |
Patch after testing |
MS07-039 -
926122 |
Arbitrary code, DOS
Active Directory |
Domain Controllers |
No/No |
Yes |
Critical |
Yes |
No |
Yes |
No |
|
Block affected port(s) if exposed to internet; Patch after testing |
Severity is important on Windows 2003 |
MS07-040 -
931212 |
Arbitrary code
.NET Framework |
Workstations & Web Servers |
No/No |
Yes |
Critical |
Yes |
Yes |
Yes |
Yes |
Information disclosure on Web servers with ASP.NET |
Use workarounds; Patch after testing |
MS07-041 -
931213 |
Arbitrary code
IIS |
Workstations |
No/No |
Yes |
Important |
No |
Yes |
No |
No |
XP Professional 32-bit only |
Patch after testing if IIS is installed. |
June 2007
KB # |
Exploit Type
Product |
Principle type of systems exposed |
Exploit details public? / Being exploited? |
Comprehensive, practical workaround available? |
MS severity rating |
Vulnerable
Windows or
Office versions |
Notes |
Randy’s recommendation |
2000 |
XP |
2003 |
Vista/ 2007 |
MS07-031 - 935840 |
Arbitrary code
Windows |
Workstations & Terminal Servers |
No/No |
No |
Critical |
Denial of Service only |
YES |
Denial of Service only |
No |
Mostly likely even on XP to cause denial of service instead of arbitrary code execution |
Patch after testing |
MS07-033 -
933566 |
Arbitrary code
Internet Explorer |
Workstations & Terminal Servers |
Yes/No |
No |
Critical |
Yes |
Yes |
Yes |
Yes |
6 different vulnerabilities
Only one is public and risk is limited to spoofed web pages |
Patch after testing |
MS07-034 -
929123 |
Arbitrary code
Outlook Express and Windows Mail |
Workstations & Terminal Servers |
Yes/No |
Mixed |
Critical |
No |
Yes - Important |
Yes - Moderate |
Yes – Critical |
4 different vulnerabilities with varying severity depending on OS |
Patch after testing or prevent users from using Windows Mail and Outlook Express |
MS07-035 -
935839 |
Arbitrary code
Windows |
Workstations & Terminal Servers |
No/No |
Yes |
Critical |
Yes |
Yes |
Yes |
No |
|
Patch after testing unless exploit details become public, then patch ASAP |
MS07-030 -
927051 |
Arbitrary code
Visio |
Workstations & Terminal Servers |
No/No |
No |
Important |
? |
Yes |
Yes |
No |
|
Patch after testing unless exploit details become public, then patch ASAP or block Visio files at perimeter |
MS07-032 -
931213 |
Information Disclosure
Windows Vista |
Workstations |
No/No |
No |
Moderate |
No |
No |
No |
Yes |
Mostly an issue for shared workstations or environments where end-users lack administrator authority on their workstations |
Patch after testing if an issue for your environment |
May 2007
| KB # |
Exploit Type
Product |
Principle type of systems exposed |
Exploit details public? / Being exploited? |
Comprehensive, practical workaround available? |
MS severity rating |
Vulnerable
Windows or
Office versions |
Notes |
Randy’s recommendation |
2000 |
XP |
2003 |
Vista/ 2007 |
MS07-023 934233 |
Arbitrary code
Office |
Workstations & Terminal Servers |
No/No |
No |
Critical |
All versions of Office including 2004 for Mac |
3 Excel vulnerabilities |
Patch after normal testing |
MS07-024 934232 |
Arbitrary code
Office |
Workstations & Terminal Servers |
Yes/Yes |
No |
Critical |
Yes, including 2004 for Mac and Works Suite 2004, 2005, 2006 |
No |
3 Word vulnerabilities |
Patch ASAP |
MS07-025 934873 |
Arbitrary code
Office |
Workstations & Terminal Servers |
No/No |
No |
Critical |
Certain applications affected in each version of Office, including Mac 2004.
Works Suite not affected |
1 vulnerability affecting Drawing Objects |
Patch after normal testing |
MS07-026 931832 |
Arbitrary code
Exchange |
Exchange servers |
No/No |
No |
Critical |
All versions of Exchange server including Outlook Web Access |
4 Exchange vulnerabilities allow remote attackers to take over Exchange through emailed iCal files and other means |
Patch ASAP after required testing |
MS07-027 931768 |
Arbitrary code
Internet Explorer |
Workstations & Terminal Servers |
Yes/No |
No |
Critical |
All versions of Windows |
5 Internet Explorer vulnerabilities. Only 1-2 have good workarounds. One is publicly disclosed but no attacks so far |
Patch ASAP after required testing |
MS07-028 931906 |
Arbitrary code |
Biztalk Servers and any system with CAPICOM |
No/No |
Yes |
Critical |
Any Windows system with CAPICOM installed.
Use MBSA or look in registry for any combination of:
HKLM\SOFTWARE\Classes\ CAPICOM.Certificates.1\CLSID
HKLM\SOFTWARE\Classes\ CAPICOM.Certificates.2\CLSID
HKLM\SOFTWARE\Classes\ CAPICOM.Certificates.3\CLSID |
CAPICOM is a scripting interface to the Certificate APIs of Win32.
Can block most likely attack vectors by setting the kill bit.
Some applications may include and install CAPICOM, especially those using certificates and/or private/public key encryption |
Determine affected systems by looking for specified registry keys and
· Patch, or
· Set the kill bit on ActiveX control. See |
MS07-029 935966 |
Arbitrary code
Windows |
DNS Servers –NOT DNS clients |
Yes/Yes |
Yes |
Critical |
Server, yes |
No |
Yes |
No |
This is an easy hole to plug by disabling the RPC management interface. It does not affect the DNS protocol. Only remote management of DNS via RPC. |
You should have already implemented work around on affected servers. Install this update after testing monitoring community for problems by early adopters |
April 2007
KB # |
Exploit Type
Product |
Principle type of systems exposed |
Exploit details public? / Being exploited? |
Comprehensive, practical workaround available? |
MS severity rating |
Vulnerable
Windows or
Office versions |
Notes |
Randy’s recommendation |
2000 |
XP |
2003 |
Vista/ 2007 |
MS07-017 925902 |
Arbitrary code
Windows |
Workstations & Terminal Servers |
Yes/Yes |
No |
Critical |
All versions of Windows |
Animated cursor, etc |
Patch ASAP |
MS07-018 |
Arbitrary code
Microsoft Content Management Server |
Content Management Servers |
No/No |
No |
Critical |
CMS 2001 SP1, 2002 SP2 |
CMS |
Patch ASAP after testing
IMPORTANT: see introductory comments above this chart |
MS07-019 |
Arbitrary code
Windows |
Workstations only |
No/No |
Yes |
Critical |
No |
Yes |
No |
No |
UPnP |
Block UDP port 1900 and TCP port 2869 on local firewall or disable UPnP service via group policy |
MS07-020 |
Arbitrary code
Windows |
Workstations & Terminal Servers |
No/No |
Yes |
Critical |
Yes |
Yes |
Yes |
No |
Microsoft Agent |
Kill the Agent ActiveX control. Once again my handy, dandy administrative template for setting the killbits comes to the rescue. |
MS07-021 |
Arbitrary code
Windows |
Workstations & Terminal Servers |
Yes/No |
No |
Critical |
All versions of Windows |
CSRSS |
Patch ASAP after testing |
MS07-022 |
Privilege elevation
Windows |
Workstations & Terminal Servers |
No/No |
No, but significant prerequisites |
Important |
Yes except for 64 bit |
No |
Yes except for Itanium |
No |
Kernel |
Significant prerequisites make this a low priority except on Terminal Services |
February 2007
KB # |
Exploit Type
Product |
Principle type of systems exposed* |
Exploit details public? |
Currently being exploited? |
MS severity rating |
Vulnerable
Windows or
Office versions |
Notes |
|
|
|
|
|
|
2000 |
XP |
2003 |
Vista/ 2007 |
|
MS07-008
928843 |
Arbitrary Code
Windows |
Workstations & Terminal Servers |
No |
No |
Critical |
Yes |
Yes |
Yes |
No |
Another ActiveX control |
MS07-009
927779 |
Arbitrary Code
MDAC |
Workstations & Terminal Servers |
Yes |
No |
Critical |
Depending on version of MDAC |
No |
Yet another ActiveX control |
MS07-010
932135 |
Arbitrary Code
Microsoft Malware Protection Engine |
All |
No |
No |
Critical |
Depending on installation of: Live OneCare, Antigen, Defender, Forefront Security |
Malformed PDF turns anti-malware engine into malware agent! |
MS07-014
929434 |
Arbitrary Code
Word |
Workstations & Terminal Servers |
Yes |
Yes |
Critical |
Yes, including Mac |
No |
6 malformed Word doc holes |
MS07-015
932554 |
Arbitrary Code
Office, Project, Visio |
Workstations & Terminal Servers |
Yes |
Yes |
Critical |
Yes, including Mac |
No |
Malformed Excel and PowerPoint docs |
MS07-016
928090 |
Arbitrary Code
Internet Explorer |
Workstations & Terminal Servers |
Yes |
No |
Critical |
Yes |
Yes |
Yes |
No |
Multiple IE vulnerabilities |
MS07-005
923723 |
Arbitrary Code
Step-by-Step Interactive Training |
Workstations & Terminal Servers |
No |
No |
Important |
Yes |
Yes |
Yes |
No |
|
MS07-006
928255 |
Elevation of Privilege
Windows |
Workstations & Terminal Servers |
No |
No |
Important |
No |
Yes |
Yes |
No |
Physical access or Remote Desktop connection required |
MS07-007 927802 |
Elevation of Privilege
Windows |
Workstations & Terminal Servers |
No |
No |
Important |
No |
Yes |
No |
No |
Windows Image Acquisition Service |
MS07-011 926436 |
Arbitrary Code
Windows |
Workstations & Terminal Servers |
No |
No |
Important |
Yes |
Yes |
Yes |
No |
Microsoft OLE Dialog |
MS07-012
924667 |
Arbitrary Code
Windows,
Visual Studio |
Workstations & Terminal Servers and Developer computers |
No |
No |
Important |
Yes |
Yes |
Yes |
No |
malformed embedded OLE object within a Rich Text Format (RTF) file |
MS07-013
918118 |
Remote Code
Windows, Office |
Workstations & Terminal Servers |
No |
No |
Important |
Yes.
All Windows and Office versions including Mac except Office 2007 and Vista |
No |
Microsoft RichEdit |
January 2007
KB # |
Exploit Type
Product |
Principle type of systems exposed* |
Exploit details public? |
Currently being exploited? |
MS severity rating |
Vulnerable Windows/Office versions |
Notes |
Randy’s recommendation |
|
|
|
|
|
|
2000 |
XP |
2003 |
Vista/ 2007 |
|
|
MS07-002
927198 |
Arbitrary code
Windows |
workstations and terminal services |
no |
no |
critical |
yes |
yes |
yes |
no |
Excel – Mac and Windows. Most versions |
Patch after thorough testing |
MS07-003
925938 |
Arbitrary code/ Denial of Service
Outlook |
workstations and terminal services |
Arbitrary Code - No |
No |
critical |
yes |
yes |
yes |
no |
Outlook receiving .iCal calendar |
Patch any Outlook clients that use POP/IMAP/HTTP or implement … |
Denial of Service - Yes |
MS07-004
929969 |
Arbitrary code
Windows |
workstations and terminal services |
Yes |
Yes |
critical |
yes |
yes |
yes |
no |
Vector Markup Language content |
Patch ASAP or implement one or more workarounds… |
MS07-001
921585 |
Arbitrary code
Office |
workstations and terminal services |
Yes |
Not yet |
No |
No |
No |
Yes |
No |
Portuguese and MUI editions only |
Patch ASAP |
December 2006
November 2006
KB # |
Exploit Type |
Principle type of systems exposed* |
Exploit details public? |
Currently being exploited? |
MS severity rating |
Vulnerable Windows versions |
Notes |
Randy’s recommendation |
|
|
|
|
|
|
2000 |
XP |
2003 |
Vista |
|
|
922760 MS06-067 |
Arbitrary code |
WS & TS |
yes |
yes |
critical |
yes |
yes |
yes |
No |
Multiple vulnerabilities requiring different responses |
Use my free KillBits ADM tool AND test and then patch |
920213 MS06-068 |
Arbitrary code |
WS & TS |
no |
no |
critical |
yes |
yes |
yes |
No |
ActiveX |
Test&patch or use my free KillBits ADM tool |
923789 MS06-069 |
Arbitrary code |
WS & TS |
no |
no |
critical |
no - unless flash player installed |
yes |
no - unless flash player installed |
no - unless flash player installed |
Adobe Flash Player |
Test and patch |
924270 - MS06-070 |
Arbitrary code |
All |
no |
no |
critical |
yes |
yes |
no |
no |
Workstation Service |
Test and patch |
928088 MS06-071 |
Arbitrary code |
WS & TS |
yes |
yes |
critical |
All - if MS XML Core Services 4.0 or 6.0 installed |
ActiveX |
Patch or use my free KillBits ADM tool |
923980 MS06-066 |
Arbitrary code |
Netware clients |
no |
no |
important |
yes |
yes |
yes |
no |
Client Service for Netware |
Get rid of Netware - just kidding - test and patch |
October 2006
|
