Tuesday, April 10, 2007

Alert: Critical Product Vulnerability, April Microsoft Updates

Microsoft released the security bulletins listed below today. Note that MS07-017 and MS07-021 also apply to Windows Vista. Each of the patches repairs a vulnerability that could allow remote elevation of privilege.


Critical
  • MS07-017 - Vulnerabilities in GDI Could Allow Remote Code Execution (925902) (Hotfix to help resolve known issues related to this update, originally issued 03Apr07)
  • MS07-018 - Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution. This update resolves two newly discovered, privately reported vulnerabilities. (925939)
  • MS07-019 - Vulnerability in Universal Plug and Play Could Allow Remote Code Execution. This update resolves a newly discovered, privately reported vulnerability. (931261)
  • MS07-020 - Vulnerability in Microsoft Agent Could Allow Remote Code Execution. This update resolves a newly discovered, privately reported vulnerability. (932168)

  • MS07-021 - Vulnerabilities in CSRSS Could Allow Remote Code Execution. This update resolves several newly discovered, privately and publicly disclosed vulnerabilities. (930178)
Important
  • MS07-022 -- Vulnerabilities in Windows Kernel (An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.) (931784)


References:

No comments: