Igår släppte vi två stycken säkerhetsuppdateringar. Båda gäller Windows, en är definerad som kritisk och den andra som viktig. Dock är det värt att notera att för våra användare som kör Windows Vista så behövs ingen av dem, mycket beroende på att Vista är helt och hållet utvecklat enligt Security Development Lifecycle som jag förordat mycket tidigare och allt jämt gör.

Microsoft Security Bulletin MS07-061

Bulletin Title

Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)

Executive Summary

This update resolves a publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows shell handles specifically crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003.

Maximum Severity Rating

Critical

Impact of Vulnerability

Remote Code Execution

 

Detection

 

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will require a restart.

Affected Software

Windows. For more information, see the Affected Software and Download Locations section.

Microsoft Security Bulletin MS07-062

Bulletin Title

Vulnerability in DNS Could Allow Spoofing (941672)

Executive Summary

This important security update resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS Servers and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations.

Maximum Severity Rating

Important

Impact of Vulnerability

Spoofing

 

Detection

 

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will require a restart, except in certain situations.

Affected Software

Windows. For more information, see the Affected Software and Download Locations section.

Om du har frågor kring månadens säkerhetsuppdateringar eller Microsofts säkerhetsarbete i allmänhet är du välkommen att kontakta mig. Du når mig på michael.anderberg@microsoft.com eller telefon 08 – 752 27 55. Jag kan även rekommendera Microsoft Security Response Center Blog, blogs.technet.com/msrc, för information om aktuellt säkerhetsarbete.

Vi hörs/Michael