August 2007 Monthly Bulletin Release

I'm Simon, Release Manager in the MSRC.  The August release contains 9 new bulletins, 6 of which have maximum severities of "Critical".

MS07-042            Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)

MS07-043            Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)

MS07-044            Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)

MS07-045            Cumulative Security Update for Internet Explorer (937143)

MS07-046            Vulnerability in GDI Could Allow Remote Code Execution (938829)

MS07-047            Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)

MS07-048            Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)

MS07-049            Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)

MS07-050            Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)

Additionally we are re-releasing one bulletin:

MS07-038            Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807) – This is a detection-only change, to address the situation where a missing Firewall Logging Directory would cause the update installation to fail.  There’s no change to the update binaries, so if you have already successfully installed this update, you do not need to reinstall it.

Please refer to the bulletin revision notes for more detail.

Also today we released Microsoft Security Advisory (932596). This is to let customers who run x64-based Windows operating systems know about an update to Kernel Patch Protection that is available. The update adds additional checks to Kernel Patch Protection for increased reliability, performance and security. Please see the security advisory and associated KB for more information.

Just as a reminder, support for Software Update Services (SUS) 1.0 ended last month on Tuesday, July 10, 2007. As support and update content availability for SUS 1.0 is no longer available, we encourage our customers to utilize Windows Server Update Services (WSUS) 2.0 or 3.0 as it supports updating a broader set of Microsoft products.  For more information on SUS 1.0 and its lifecycle and some of the improvements to WSUS 2.0 and 3.0, please check out KB Article 905682.

Also, please join us for the regular monthly security bulletin webcast, Wednesday August 15 11:00 AM PT (GMT -8). We'll have an overview of the August bulletins, and you'll have the opportunity to ask us questions around the release. You can register for this here:

http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032343784&CountryCode=US

Cheers,

Simon

*This posting is provided "AS IS" with no warranties, and confers no rights.*