Hi Everyone!

 

This is Tami Gallupe. I’m one of the new release managers here with the MSRC. I and my colleague Simon are taking over the release mantle from Craig Gehre here, so you’ll be hearing from us now with information about our releases.

 

For my first post, I wanted to go ahead and let you know about February’s bulletin release.

 

Today we released 12 bulletins: six have a maximum severity rating of Critical, while six have a maximum severity rating of Important. The bulletins are as follows:

 

·         Step-by-Step Interactive Training (MS07-005)

    • maximum severity rating of Important
    • Could Allow Remote Code Execution
  • Windows Shell (MS07-006)
    • maximum severity rating of Important
    • Could Allow Elevation of Privilege 
  • Windows Image Acquisition Service   (MS07-007)
    • maximum severity rating of Important
    • Could Allow Elevation of Privilege 
  • HTML Help ActiveX Control  (MS07-008)
    • maximum severity rating of Critical
    • Could Allow Remote Code Execution
  • Microsoft Data Access Components (MS07-009)  
    • maximum severity rating of Critical
    • Could Allow Remote Code Execution
  • Microsoft Malware Protection Engine (MS07-010)
    • maximum severity rating of Critical
    • Could Allow Remote Code Execution
  • Microsoft OLE Dialog (MS07-011)
    •  maximum severity rating of Important
    • Could Allow Remote Code Execution
  • Microsoft MFC (MS07-012)
    • maximum severity rating of Important
    • Could Allow Remote Code Execution
  • Microsoft RichEdit MS07-013
    • maximum severity rating of Important
    • Could Allow Remote Code Execution
  • Microsoft Word MS07-014
    • maximum severity rating of Critical
    • Could Allow Remote Code Execution 
  • Microsoft Office (MS07-015)
    • maximum severity rating of Critical
    • Could Allow Remote Code Execution 
  • Cumulative Security Update for Internet Explorer (MS07-016)  

·         ·maximum severity rating of Critical

·         ·Could allow remote code execution.

 

I wanted to call your attention to a minor issue around detection with today’s updates. Specifically, there’s a minor issue around detection and MS07-009. Windows 2000 SP4 customers who have applied this security update and then perform a scan using MBSA, SMS2003 with the ITMU, or WSUS will get a report back erroneously saying that all languages were applied rather than just the language versions that were applied.

 

Also, I wanted to let you know that there’s a small delay in the posting of the WSUSScan.Cab: We expect to see that post later this afternoon Pacific time.

 

When this happens, the correct update has been applied and the protections are in place: It’s an issue around detection reporting only, and we are working to address this issue.  

Finally, as a reminder, tomorrow, Wednesday, February 14, 11:00 AM Pacific Time (US & Canada), we’ll be holding our monthly Security Bulletin webcast, where we’ll go over February’s release and answer your questions on the air. In my opinion, this is one of my favorite events of the month as we focus on answering *your* release related questions. You can register for this month’s webcast at the following page:
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032323262&EventCategory=4&culture=en-US&CountryCode=US

Thanks!

   Tami

*This posting is provided "AS IS" with no warranties, and confers no rights.*