| |
Microsoft Security Bulletin Summary for November
2007
This bulletin summary lists security bulletins released for November
2007.
With the release of the bulletins for November 2007, this bulletin
summary replaces the bulletin advance notification originally issued
November 8, 2007. For more information about the bulletin advance
notification service, see Microsoft Security Bulletin Advance
Notification.
Bulletin Title
Vulnerability in Windows URI Handling Could Allow Remote Code Execution
(943460)
Executive Summary
This update resolves a publicly reported vulnerability. A remote code
execution vulnerability exists in the way that the Windows shell handles
specifically crafted URIs that are passed to it. If the Windows shell
did not sufficiently validate these URIs, an attacker could exploit this
vulnerability and execute arbitrary code. Microsoft has only identified
ways to exploit this vulnerability on systems using Internet Explorer 7.
However, the vulnerability exists in a Windows file, Shell32.dll, which
is included in all supported editions of Windows XP and Windows Server
2003.
Severity: Critical
Bulletin Title
Vulnerability in DNS Could Allow Spoofing (941672)
Executive Summary
This important security update resolves a privately reported
vulnerability. This spoofing vulnerability exists in Windows DNS Servers
and could allow an attacker to send specially crafted responses to DNS
requests, thereby spoofing or redirecting Internet traffic from
legitimate locations.
Severity: Important
Microsoft Windows Malicious
Software Removal Tool
Microsoft has released an updated version of the Microsoft Windows
Malicious Software Removal Tool on Windows Update, Microsoft Update,
Windows Server Update Services, and the Download Center.
|
|
