1 Reply Latest reply on Dec 14, 2007 8:34 PM by Grif

    Microsoft Security Updates for December 2007 - PATCH NOW

      On Patch Tuesday, Microsoft issued their latest security updates affecting Windows, IE, and Office as follows:
      Critical:

      Microsoft Security Bulletin MS07-064
      Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
      Affects: DirectX 7.0, 8.1, 9.0c and 10.0
      Link: http://www.microsoft.com/technet/security/bulletin/MS07-064.mspx

      Microsoft Security Bulletin MS07-068
      Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)
      Affects: Windows Media Format Runtime 7.1, 9, 9.5 and 11
      Link: http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx

      Microsoft Security Bulletin MS07-069
      Cumulative Security Update for Internet Explorer (942615)
      Affects: Internet Explorer 5.01, 6.0 & 7
      Link: http://www.microsoft.com/technet/security/bulletin/ms07-069.mspx


      Important:

      Microsoft Security Bulletin MS07-063
      Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)
      Affects: Windows Vista
      Link: http://www.microsoft.com/technet/security/bulletin/ms07-063.mspx

      Microsoft Security Bulletin MS07-065
      Vulnerability in Message Queuing Could Allow Remote Code Execution (937894)
      Affects: Windows 2000 Pro and Server, Windows XP
      Link: http://www.microsoft.com/technet/security/bulletin/ms07-065.mspx

      Microsoft Security Bulletin MS07-066
      Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)
      Affects: Windows Vista
      Link: http://www.microsoft.com/technet/security/bulletin/MS07-066.mspx

      Microsoft Security Bulletin MS07-067
      Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)
      Affects: Windows XP and Windows 2003 Server
      Link: http://www.microsoft.com/technet/security/bulletin/MS07-067.mspx

      Bulletin Summary: http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx


      Based on the ISC analysis, the Internet Explorer updates have active exploits circulating and are rated as

      http://isc.sans.org/diary.html?storyid=3735

      PATCH NOW

      So far, so good in my own experiences (about a 22MB download with reboot) for XP SP2, IE 7 and O/2003 ... One more resource is noted below

      http://www.f-secure.com/weblog/archives/00001334.html