News Blog Subscribe to News Blog
December 11, 2007 10:47 AM PST

Microsoft fixes 11 flaws in 7 patches; 5 affect Windows Vista

Posted by Robert Vamosi

Microsoft on Tuesday released its December 2007 security bulletin, which includes seven updates: three are designated as critical by the software giant and four are deemed important.

On the Windows side is a cumulative update for Internet Explorer, plus patches for the Windows Kernel, DirectX, Macrovision Driver, and the Windows Media File format--the latter three suggest concern that criminal hackers are targeting media files for exploitation. There are no Microsoft Office updates this month. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-063: Important
Entitled "Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)," this bulletin affects users of Microsoft Windows Vista and does not affect users of Windows 2000 or Windows XP SP2, and addresses the vulnerability detailed in CVE-2007-5351. A vulnerability exists in the way data is transferred via SMBv2, which could allow remote code execution in domain configurations communicating with SMBv2.

MS07-064: Critical
Entitled "Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)," this bulletin affects users of DirectX versions 7.0 through 10.0 included within Windows 2000, Windows XP, Windows Server 2003, and Windows Vista. The update addresses two vulnerabilities detailed in CVE-2007-3901 and CVE-2007-3895 that could allow code execution if a user opened a specially crafted file used for streaming media in DirectX. Successful exploitation could allow remote code execution.

MS07-065: Critical
Entitled "Vulnerability in Message Queuing Could Allow Remote Code Execution (937894)," this bulletin affects users of Windows Server 2000, Windows 2000, and Windows XP SP2, and does not affect users of Windows XP Professional x64, Windows Server 2003, or Windows Vista. The update addresses the vulnerability detailed in CVE-2007-3039. A vulnerability in the Message Queuing Service (MSMQ) could allow remote code execution in implementations on Microsoft Windows 2000 Server, or elevation of privilege in implementations on Microsoft Windows 2000 Professional and Windows XP. Successful exploitation due could allow remote code execution or elevation of privilege.

MS07-066: Important
Entitled "Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)," this bulletin affects users of Windows Vista, and does not affect users of Windows 2000, Windows Server 2003, or Windows XP. The update addresses the Windows kernel vulnerability detailed in CVE-2007-5350. Successful exploitation could allow an attack to take complete control of an affected system.

MS07-067: Important
Entitled "Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)," this bulletin affects users of Microsoft XP SP2 and Windows Server 2003, and does not affect users of Windows 2000 or Windows Vista. The update addresses a vulnerability in the way the Macrovision driver incorrectly handles configuration parameters detailed in CVE-2007-5587. Successful exploitation could allow elevation of privilege and allow an attacker complete control of the system.

MS07-068: Critical
Entitled "Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)," this bulletin affects users of Windows Media Runtime Format 7.1, 9, 9.5, and 11, and Windows Media Services 9.1 running on Microsoft Windows 2000, Windows XP SP2, Windows Server 2003, and Windows Vista. This update addresses the Windows Media File Format vulnerability detailed in CVE-2007-0064. Successful exploitation could allow remote code execution if a user viewed a specially crafted file in Windows Media Format Runtime.

MS07-069: Critical
Entitled "Cumulative Security Update for Internet Explorer (942615)," this bulletin affects users of Internet Explorer 5.1, 6, and 7, running on Windows 2000, Windows Server 2003, Windows XP SP2, and Windows Vista. The update addresses the four privately reported vulnerabilities detailed in CVE-2007-3902, CVE-2007-3903, CVE-2007-5344, and CVE-2007-5347. Successful exploitation could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer.

Recent posts from News Blog
RIM BlackBerry Bold/BlackBerry 9000 makes official debut
Virtual worlds for pre-schoolers? They're here
Facebook CTO to leave company
Nvidia CEO denies buyout of Via
Stolen Mac helps nab burglary suspects
Add a Comment (Log in or register) 17 comments (Page 1 of 1)
Vista Update
by jblair1 December 11, 2007 12:38 PM PST
217 MB? this is getting way out of control -- what if someone doesnt have very high speed connectivity?
Reply to this comment
Winders broken?
by AppleRocks1963 December 11, 2007 1:10 PM PST
Get a Mac.
Reply to this comment View reply
How much
by AppleRocks1963 December 11, 2007 2:16 PM PST
does microsoft pay you to defend their shitt products on line?
Reply to this comment View reply
?
by nintendo812 December 11, 2007 3:10 PM PST
How much does Apple give you to say Windows sucks? =/
Reply to this comment View all 2 replies
Not Smooth
by danfitek December 12, 2007 9:26 PM PST
I just ran the updates on my HP Notebook running Vista. Now my wireless connection doesn't work anymore. My overall impression of Vista gets worse every week. I wonder what SP1 will be like?
Reply to this comment
Powered by Jive Software
advertisement

  • About News Blog

  • Recent posts on technology, trends, and more.

Add this feed to your online news reader
Google
Yahoo
MSN

News Blog topics

Latest from News.com

Featured blogs

Beyond Binary by Ina Fried A look at how technology is changing our lives and at the people behind all that life-changing stuff.

Coop's Corner by Charles Cooper Charles Cooper weighs in on Silicon Valley hijinks, and he doesn't suffer fools gladly.

Defense in Depth by Robert Vamosi Covering the latest in computer viruses and computer crime.

Geek Gestalt by Daniel Terdiman At the tech culture nexus of video games, fire art, and virtual worlds.

Green Tech Fresh green tech news and commentary.

One More Thing by Tom Krazit Tom Krazit takes on the tech phenomenon that is Apple, and keeps a close watch on the chip industry.

Outside the Lines by Dan Farber When business and technology meet, that's when things get interesting.

The Iconoclast by Declan McCullagh Exploring the intersection of politics and technology.

The Social by Caroline McCarthy Exploring all facets of social media and tech culture.

Underexposed by Stephen Shankland Coverage of digital photography, science, and open-source software.

advertisement
Welcome (log out) |View profile
Log in | Sign up Why join?
On TechRepublic: 10 ways users mess up their computers
Advanced
search
advertisementSave up to $300/year on phone bills
Advanced
search
Visit other CNET Networks sites: