Microsoft Windows Patch Tuesday for May 2007
May 9th, 2007 by James D. MurrayA happy Microsoft Windows Zero-Day Wednesday to you all! Microsoft had released its monthly and ongoing series of updates for Microsoft Windows and applications for May 2007. These updates address a total of 19 security vulnerabilities, including two known zero-day vulnerabilities. The zero-day vulnerabilities involve Microsoft DNS Server and Microsoft Word 2000, and exploits have been verified to be in use or have had proof-of-concepts released to the Internet.
The Microsoft DNS Server zero-day vulnerability involves a stack-based buffer overflow in its RPC interface, which allows remote code execution using the account privileges of the DNS Server. This vulnerability affects Windows 2000 Server SP4 and Windows Server 2003 SP1 and SP2.
The Word 2000 zero-day vulnerability causes Word to crash when performing an undisclosed action, possibly when opening a Word file containing the exploit.
There are also three known remaining zero-day exploits for Microsoft Windows or Microsoft applications that are active but still unpatched. Hopefully, these patches for these vulnerabilities will be released next month.
The remaining updates repair remote execution vulnerabilities in Microsoft Office Applications (Word and Excel), Microsoft Exchange, and an ActiveX control associated with the Windows Cryptographic API. There is also a cumulative security update for Internet Explorers 6 and 7 which also fix several remote code execution vulnerabilities. These patches apply to Windows 2000, XP, Media Center, Vista, and Server 2003.
If you need to know more details about this month’s Microsoft Windows updates or the problems they address, please visit the links below. See you next month!
Microsoft Security Bulletin Summary for May 2007
Microsoft Security Bulletin Summaries and Webcasts
eEye Digital Security - Microsoft Patch Disclosure - May 2007
| Views: 570 | Tags: Microsoft, Security Patches, Security Updates, Windows |  Print This Post
|
