As a reminder, Microsoft never sends any type of updates by E-mail. Never click on hyperlinks provided in an E-mail purported to be from Microsoft.
MS07-061-- Critcal, Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)
- This update resolves a publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows shell handles specifically crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003
Microsoft also re-released the following bulletin:
- This update addresses a vulnerability in Virtual PC and Virtual Server and could allow elevation of privilege. This is a change to the installer code only, to address some limited installation problems that we have seen. There’s no change to the update binaries, so if you have already successfully installed this update, you do not need to reinstall it. Please refer to the bulletin revision notes for more detail.
As indicated in the Windows Vista Team Blog, non-security updates for Windows Vista were also released via Windows Update. As Nick White indicated,
"These and similar updates will be wrapped into SP1 for those of you considering installing them in one fell swoop."Why wait for SP1 when you can obtain the updates as they are available? Further information is avalable at the above-linked topic and in the KB articles described as:
- An update on system compatibility, reliability and stability: extends the battery life for mobile devices, improves stability of wireless network services, and shortens recovery time after Windows Vista experiences a period of inactivity, among other fixes.
- An update to USB core components: mainly affects systems returning from sleep or hibernation, fixing problems causing 1-2% of all crashes reported.
- An update to Windows Media Center: among other things, affects interaction issues occurring between Media Center PC and Microsoft Xbox 360 when Xbox 360 is used as a Media Center Extender.
- MSRC Blog -- November 2007 Monthly Release
- TechNet -- Microsoft Security Bulletin Summary for November 2007
- Microsoft Update
- Windows Update