# Microsoft Security Updates planned for February 2007



## Zazula (Apr 27, 2006)

On 13 February 2007 Microsoft is planning to release:

*Security Updates*
.	Five Microsoft Security Bulletins affecting Microsoft Windows. 
The highest Maximum Severity rating for these is Critical. These 
updates will be detectable using the Microsoft Baseline Security 
Analyzer. Some of these updates will require a restart.

.	Two Microsoft Security Bulletins affecting Microsoft Office. 
The highest Maximum Severity rating for these is Critical. These 
updates will be detectable using the Microsoft Baseline Security 
Analyzer. These updates may require a restart.

.	One Microsoft Security Bulletin affecting Microsoft Windows 
and Microsoft Visual Studio. The highest Maximum Severity rating for 
this is Important. These updates will be detectable using the 
Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. 
These updates will require a restart.

.	One Microsoft Security Bulletin affecting Microsoft Windows 
and Microsoft Office. The highest Maximum Severity rating for this 
is Important. These updates will be detectable using the Microsoft 
Baseline Security Analyzer. These updates may require a restart.

.	One Microsoft Security Bulletin affecting Step-by-Step 
Interactive Training. The highest Maximum Severity rating for this 
is Important. These updates will be detectable using the Microsoft 
Baseline Security Analyzer and the Enterprise Scan Tool. These 
updates may require a restart.

.	One Microsoft Security Bulletin affecting Microsoft Data 
Access Components. The highest Maximum Severity rating for this is 
Critical. These updates will be detectable using the Microsoft 
Baseline Security Analyzer and the Enterprise Scan Tool. These 
updates may require a restart.

.	One Microsoft Security Bulletin affecting Windows Live 
OneCare, Microsoft Antigen, Microsoft Windows Defender, and 
Microsoft ForeFront. The highest Maximum Severity rating for these 
is Critical. These products provide built-in mechanisms for 
automatic detection and deployment of updates. Some of these updates 
may require a restart.

*Microsoft Windows Malicious Software Removal Tool*
.	Microsoft will release an updated version of the Microsoft 
Windows Malicious Software Removal Tool on Windows Update, Microsoft 
Update, Windows Server Update Services and the Download Center. 
Note that this tool will NOT be distributed using Software Update 
Services (SUS).

*Non-security High Priority updates on MU, WU, WSUS and SUS*
.	Microsoft will release 2 NON-SECURITY High-Priority Updates 
for Windows on Windows Update (WU) and Software Update Services 
(SUS).

.	Microsoft will release 8 NON-SECURITY High-Priority Updates on 
Microsoft Update (MU) and Windows Server Update Services (WSUS).

The number of bulletins, products affected, restart information and severities are subject to change until released. 

Microsoft will host a webcast next week to address customer 
questions on these bulletins. For more information on this webcast 
please see below:
http://msevents.microsoft.com/CUI/W...&EventCategory=4&culture=en-US&CountryCode=US

At this time no additional information on these bulletins such as 
details regarding severity or details regarding the vulnerability 
will be made available until 13 February 2007.


----------



## Zazula (Apr 27, 2006)

Microsoft Security Bulletin Summary for February, 2007

Included in this advisory are updates for newly discovered vulnerabilities. These vulnerabilities, broken down by severity, are:

*CRITICAL = 6*

MS07-008 - Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843)
Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

MS07-009 - Vulnerability in Microsoft Data Access Components (MDAC) Function Could Allow Remote Code Execution (927779)
Affected Software:
- Windows 2000 SP4 
- Windows XP SP2
- Windows Server 2003
- Windows Server 2003 on Itanium-based Systems 

MS07-010 - Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135)
Affected Software:
- Windows Live OneCare
- Microsoft Antigen for Exchange 9.x
- Microsoft Antigen for SMTP Gateways 9.x
- Microsoft Windows Defender
- Microsoft Windows Defender x64 Edition
- Microsoft Windows Defender in Windows Vista
- Microsoft Forefront Security for Exchange Server
- Microsoft Forefront Security for SharePoint 

MS07-014 - Vulnerability in Microsoft Word Could Allow Remote Code Execution (929434)
Affected Software: 
- Office 2000 Service Pack 3
- Office XP Service Pack 3 
- Office System 2003 
- Microsoft Office 2004 for Mac
- Microsoft Office v.X for Mac
- Microsoft Works Suites 2004, 2005, and 2006 

MS07-015 - Vulnerabilities is Microsoft Office Could Allow Remote Code Execution (932554)
Affected Software:
- Office 2000 Service Pack 3
- Office XP Service Pack 3 
- Office 2003 Service Pack 2
- Microsoft Office 2004 for Mac 

MS07-016 - Cumulative Security Update for Internet (928090)
Affected Software: 
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

*IMPORTANT = 6*

MS07-005 - Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)
Affected Software: 
- Windows 2000 SP4 
- Windows XP SP2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 SP1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

MS07-006 - Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)
Affected Software: 
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

MS07-007 - Vulnerability in Windows Image Acquisition Service Could Allow Remote Code Execution (927802)
Affected Software: 
- Windows XP Service Pack 2 

MS07-011 - Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436)
Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

MS07-012 - Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667)
Affected Software: 
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Visual Studio .NET 2002(all versions and products included in the Visual Studio .NET 2002 suite)
- Visual Studio .NET 2003(all versions and products included in the Visual Studio .NET 2003 suite) 

MS07-013 - Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118)
Affected Software: 
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Office 2000 Service Pack 3
- Office 2000 Multilanguage Packs
- Office XP Service Pack 3 (all versions and products included in the Office XP suite) 
- Office 2003 Service Pack 2
- Learning Essentials 1.0
- Learning Essentials 1.1
- Learning Essentials 1.5
- Global Input Method Editor for Office 2000 (Japanese)
- Office 2004 for Mac
- Office v.X for Mac


----------



## Glaswegian (Sep 16, 2005)

Thanks for all the details Sakis - I'm starting to think you actually work for MS...:laugh:


----------



## Zazula (Apr 27, 2006)

*Microsoft Security Bulletin Minor Revisions*

The following bulletins have undergone a minor revision increment. 
Please see the appropriate bulletin for more details.

* MS07-016
* MS07-013
* MS07-012
* MS07-011
* MS06-078

Bulletin Information:
=====================

* MS07-016
- http://www.microsoft.com/technet/security/bulletin/ms07-016.mspx
- Reason for Revision: Bulletin revised to correct installation
verification keys for Windows Internet Explorer 7. Removal
information for Windows Server 2003 updated with correct folder 
- Originally posted: February 13, 2007
- Updated: February 21, 2007
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS07-013
- http://www.microsoft.com/technet/security/bulletin/ms07-013.mspx
- Reason for Revision: Bulletin Updated: additional clarification
has been added to the e-mail attack vector. An attacker could
also attempt to exploit this vulnerability when a user
interacts with a malformed embedded OLE object within a Rich
Text e-mail message 
- Originally posted: February 13, 2007
- Updated: February 21, 2007
- Bulletin Severity Rating: Important
- Version: 1.1

* MS07-012
- http://www.microsoft.com/technet/security/bulletin/ms07-012.mspx
- Reason for Revision: Bulletin Updated: additional clarification
has been added to the e-mail attack vector. An attacker could
also attempt to exploit this vulnerability when a user
interacts with a malformed embedded OLE object within a Rich
Text e-mail message 
- Originally posted: February 13, 2007
- Updated: February 21, 2007
- Bulletin Severity Rating: Important
- Version: 1.1

* MS07-011
- http://www.microsoft.com/technet/security/bulletin/ms07-011.mspx
- Reason for Revision: BulletinUpdated: additional clarification
has been added to the e-mail attack vector. An attacker could
also attempt to exploit this vulnerability when a user
interacts with a malformed embedded OLE object within a Rich
Text e-mail message 
- Originally posted: February 13, 2007
- Updated: February 21, 2007
- Bulletin Severity Rating: Important
- Version: 1.1

* MS06-078
- http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx
- Reason for Revision: Bulletin updated to provide additional
clarity around known issues customers may experience when
they install this security update: See Microsoft Knowledge
Base Article 933065 : Error message when you install the
original version of security update 923689 on Korean Windows
2000 and Microsoft Knowledge Base Article 933066 : Error
dialog when you install the security update 923689 on Windows
XP SP2. 
- Originally posted: December 12, 2006
- Updated: February 21, 2007
- Bulletin Severity Rating: Critical
- Version: 2.2




> @Glas: No, I don't work _for _MS - I work _on _MS. :grin:


----------



## Kalim (Nov 24, 2006)

Have you tired accessing the *MS07-016* link at all, from here or from the site itself?

It never loads. I've been trying it since it was issued.


----------



## Zazula (Apr 27, 2006)

Kalim, for me it has worked all this time. Try also http://support.microsoft.com/kb/928090


----------



## Kalim (Nov 24, 2006)

Thanks Zazula.

The link you provided is one that works, yes. But the ones linking from it just keep loading for 40 minutes on end, before my browser timings are set to display "page timeout".

Since it doesn't work on any browser and the rest of the site is swiftly navigationable with this same system, I guess I'll just wait for it to get better :grin:


----------

