Microsoft released seven security updates for December, rating three of them as critical. A new version of the Microsoft Windows Malicious Software Removal Tool has also been released. Here's a brief description of each update; for more information, go to http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx
MS07-063: Vulnerability in SMBv2 Could Allow Remote Code Execution
This exploit targets the signing of SMBv2 traffic transmitted across the network. If unpatched, this exploit could be leveraged to allow the execution of code with the privileges of the currently logged on user.
Applies to: Windows Vista and Windows Vista x64 Edition.
Recommendation: Microsoft rates this update as important and the vulnerability hasn't been publicly disclosed. Because SMBv2 signing isn't active by default in Vista and only becomes active when specifically requested, you can test and deploy this update as a part of your normal patch management cycle.
MS07-064: Vulnerabilities in DirectX Could Allow Remote Code Execution
The attack vector for this exploit is a specially crafted file used for streaming media in DirectX. If unpatched, this vulnerability could allow the execution of code that would let an attacker take complete control of an affected system.
Applies to: DirectX 7 through 10. All versions of Windows, both client and server.
Recommendation: Microsoft rates this vulnerability as critical. Given the number of attacks during the holiday season that leverage the "Hey, look at this cute holiday-related dancing character" theme, you should test and deploy this update as quickly as possible.
MS07-065: Vulnerability in Message Queuing Could Allow Remote Code Execution
The attack vector for this exploit is a specially crafted Microsoft Message Queuing Services (MSMQ) message. The exploit targets the MSMQ and, if unpatched on Windows 2000, could allow for remote code execution. If unpatched on Windows XP, the vulnerability could allow for privilege elevation. This bulletin replaces MS05-017 on Windows 2000 but doesn't replace any previous bulletins for XP.
Applies to: Windows 2000 and Windows XP.
Recommendation: It's important to note that an attacker must have valid logon credentials to exploit this vulnerability and the vulnerability was privately reported. You should test and deploy the update as a part of your normal patch management cycle.
MS07-066: Vulnerability in Windows Kernel Could Allow Elevation of Privilege
The attack vector for this exploit is the way Windows Advanced Local Procedure Call (ALPC) validates certain conditions in legacy reply paths. The exploit targets the Windows Vista kernel and, if unpatched, could allow the attacker to take complete control over the targeted system. The vulnerability can only be exploited if the attacker has valid logon credentials.
Applies to: Windows Vista.
Recommendation: Microsoft rates this bulletin as important and the details of the vulnerability have only been privately reported. You should test and deploy the update as part of your normal patch management cycle.
MS07-067: Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege
The attack vector for this exploit is the way that the Macrovision driver handles configuration parameters. The exploit targets the Macrovision driver and, if unpatched, could allow local elevation of privilege, letting an attacker take complete control of an affected system.
Applies to: Windows XP and Windows Server 2003.
Recommendation: Microsoft rates this bulletin as important, and the vulnerability details have been publicly disclosed.
MS07-068: Vulnerability in Windows Media File Format Could Allow Remote Code Execution
The attack vector for this exploit is a specially crafted file in Windows Media Format Runtime. The exploit targets Windows Media Player and, if unpatched, could allow for the execution of remote code.
Applies to: Windows Media Player on Windows 2000, Windows XP, Windows Server 2003, and Windows Vista.
Recommendation: Microsoft rates this security bulletin as critical. Given the number of attacks during the holiday season that leverage the "cute holiday-related picture or movie" theme, you should test and deploy this update as quickly as possible.
MS07-069: Cumulative Security Update for Internet Explorer
This update resolves four privately reported vulnerabilities, some of which could be exploited to allow for the execution of remote code. This update replaces the previously released MS07-057 update.
Applies to: Internet Explorer 5.0, 6.0, and 7.0 on all versions of Windows.
Recommendation: Test and deploy on an accelerated schedule.
End of Article
Register
