Microsoft fixes four flaws; one is critical
Microsoft on Tuesday released its September 2007 security bulletin, which includes four updates: One is designated as "critical" by the software giant; three are deemed "important," and one previously announced patch was dropped. Microsoft decided at the last minute not to patch Sharepoint Server in this month's release. The most serious patch affects Microsoft Agent in Windows 2000. Of the important patches, one affects Windows Services for UNIX, one affects Visual Studio and one affects both MSN Messenger and Windows Live Messenger.
All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.
Titled "Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827)" this bulletin affects only the users of Windows 2000 SP4, and does not affect users of Windows XP and Windows Vista and it addresses the vulnerability detailed in CVE-2007-3040. Successful exploitation could lead to remote code execution.
Titled "Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)" this bulletin affects users of Visual Studio .NET 2002 Service Pack 1, Visual Studio .NET 2003, Visual Studio .NET 2003 Service Pack 1, Visual Studio 2005, and Visual Studio 2005 Service Pack 1 and addresses the vulnerability detailed in CVE-2007-6133. Successful exploitation could lead to remote code execution.
Titled "Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)" this bulletin affects users of Windows Services for UNIX in Windows 2000, Windows XP and Windows Server 2003, and the Subsystem for UNIX-based Applications in Windows Server 2003 and Windows Vista, and addresses the vulnerability detailed in CVE-2007-3036. Successful exploitation could allow an attacker to gain an elevation of privilege.
Titled "Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution (942099)" this bulletin affects users of Windows 2000, Windows Server 2003, Windows XP and Windows Vista running MSN Messenger 6.2, MSN Messenger 7.0, MSN Messenger 7.5, and Windows Live Messenger 8.0, but it does not affect Windows Live Messenger 8.1, and addresses the vulnerability detailed in CVE-2007-2931. Successful exploitation could lead to remote code execution.
As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
