Fixlet Site - EnterpriseSecurity
Current Version: 920	Published: Wed, 14 Nov 2007 03:24:17  GMT
***************************************************************
Title: MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege - Virtual PC 2004 (v2, re-released 11/13/2007)
Severity: Important
Fixlet ID: 704919
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms07-049.mspx

Fixlet Description: Microsoft has released an important security update that resolves one privately reported elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system. Only guest operating system users who are granted administrative permissions would be able to exploit this vulnerability. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. 

Important Note: There are known issues associated with the installation of this patch. See the Known Issues section of the security bulletin for more information.

Important Note: This patch was re-released on November 13, 2007 to address known issues with the original patch. The action below deploys the revised version of the patch.  This Fixlet message will not become relevant if the original version of the patch is installed. See the FAQ section of the security bulletin for more information.

***************************************************************
Title: MS07-049: CORRUPT PATCH - Virtual PC 2004 (v2, re-released 11/13/2007)
Severity: Important
Fixlet ID: 704920
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms07-049.mspx

***************************************************************
Title: MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege - Virtual PC 2004 SP1 (v2, re-released 11/13/2007)
Severity: Important
Fixlet ID: 704923
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms07-049.mspx

Fixlet Description: Microsoft has released an important security update that resolves one privately reported elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system. Only guest operating system users who are granted administrative permissions would be able to exploit this vulnerability. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. 

Important Note: There are known issues associated with the installation of this patch. See the Known Issues section of the security bulletin for more information.

Important Note: This patch was re-released on November 13, 2007 to address known issues with the original patch. The action below deploys the revised version of the patch.  This Fixlet message will not become relevant if the original version of the patch is installed. See the FAQ section of the security bulletin for more information.

***************************************************************
Title: MS07-049: CORRUPT PATCH - Virtual PC 2004 SP1 (v2, re-released 11/13/2007)
Severity: Important
Fixlet ID: 704924
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms07-049.mspx

***************************************************************
Title: MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege - Virtual Server 2005 Standard Edition (v2, re-released 11/13/2007)
Severity: Important
Fixlet ID: 704925
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS07-049.mspx

Fixlet Description: Microsoft has released an important security update that resolves one privately reported elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system. Only guest operating system users who are granted administrative permissions would be able to exploit this vulnerability. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. 

Important Note: There are known issues associated with the installation of this patch. See the Known Issues section of the security bulletin for more information.

Important Note: This patch was re-released on November 13, 2007 to address known issues with the original patch. The action below deploys the revised version of the patch.  This Fixlet message will not become relevant if the original version of the patch is installed. See the FAQ section of the security bulletin for more information.

***************************************************************
Title: MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege - Virtual Server 2005 Enterprise Edition (v2, re-released 11/13/2007)
Severity: Important
Fixlet ID: 704927
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms07-049.mspx

Fixlet Description: Microsoft has released an important security update that resolves one privately reported elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system. Only guest operating system users who are granted administrative permissions would be able to exploit this vulnerability. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. 

Important Note: There are known issues associated with the installation of this patch. See the Known Issues section of the security bulletin for more information.

Important Note: This patch was re-released on November 13, 2007 to address known issues with the original patch. The action below deploys the revised version of the patch.  This Fixlet message will not become relevant if the original version of the patch is installed. See the FAQ section of the security bulletin for more information.

***************************************************************
Title: MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege - Virtual Server 2005 Standard Edition R2 (v2, re-released 11/13/2007)
Severity: Important
Fixlet ID: 704929
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS07-049.mspx

Fixlet Description: Microsoft has released an important security update that resolves one privately reported elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system. Only guest operating system users who are granted administrative permissions would be able to exploit this vulnerability. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. 

Important Note: There are known issues associated with the installation of this patch. See the Known Issues section of the security bulletin for more information.

Important Note: This patch was re-released on November 13, 2007 to address known issues with the original patch. The action below deploys the revised version of the patch.  This Fixlet message will not become relevant if the original version of the patch is installed. See the FAQ section of the security bulletin for more information.

***************************************************************
Title: MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege - Virtual Server 2005 Enterprise Edition R2 (v2, re-released 11/13/2007)
Severity: Important
Fixlet ID: 704931
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms07-049.mspx

Fixlet Description: Microsoft has released an important security update that resolves one privately reported elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system. Only guest operating system users who are granted administrative permissions would be able to exploit this vulnerability. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. 

Important Note: There are known issues associated with the installation of this patch. See the Known Issues section of the security bulletin for more information.

Important Note: This patch was re-released on November 13, 2007 to address known issues with the original patch. The action below deploys the revised version of the patch.  This Fixlet message will not become relevant if the original version of the patch is installed. See the FAQ section of the security bulletin for more information.

***************************************************************
Title: MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege - Virtual Server 2005 Standard Edition R2 (x64) (v2, re-released 11/13/2007)
Severity: Important
Fixlet ID: 704933
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS07-049.mspx

Fixlet Description: Microsoft has released an important security update that resolves one privately reported elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system. Only guest operating system users who are granted administrative permissions would be able to exploit this vulnerability. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. 

Important Note: There are known issues associated with the installation of this patch. See the Known Issues section of the security bulletin for more information.

Important Note: This patch was re-released on November 13, 2007 to address known issues with the original patch. The action below deploys the revised version of the patch.  This Fixlet message will not become relevant if the original version of the patch is installed. See the FAQ section of the security bulletin for more information.

***************************************************************
Title: MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege - Virtual Server 2005 Enterprise Edition R2 (x64) (v2, re-released 11/13/2007)
Severity: Important
Fixlet ID: 704935
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS07-049.mspx

Fixlet Description: Microsoft has released an important security update that resolves one privately reported elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system. Only guest operating system users who are granted administrative permissions would be able to exploit this vulnerability. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. 

Important Note: There are known issues associated with the installation of this patch. See the Known Issues section of the security bulletin for more information.

Important Note: This patch was re-released on November 13, 2007 to address known issues with the original patch. The action below deploys the revised version of the patch.  This Fixlet message will not become relevant if the original version of the patch is installed. See the FAQ section of the security bulletin for more information.

***************************************************************
Title: MS07-061: Vulnerability in Windows URI Handling Could Allow Remote Code Execution - Windows XP SP2
Severity: Critical
Fixlet ID: 706101
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx

Fixlet Description: Microsoft has released an update that resolves a publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS07-061: CORRUPT PATCH - Windows XP SP2
Severity: Critical
Fixlet ID: 706102
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx

***************************************************************
Title: MS07-061: Vulnerability in Windows URI Handling Could Allow Remote Code Execution - Windows XP (x64)
Severity: Critical
Fixlet ID: 706103
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx

Fixlet Description: Microsoft has released an update that resolves a publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS07-061: CORRUPT PATCH - Windows XP (x64)
Severity: Critical
Fixlet ID: 706104
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx

***************************************************************
Title: MS07-061: Vulnerability in Windows URI Handling Could Allow Remote Code Execution - Windows Server 2003 SP1/SP2
Severity: Critical
Fixlet ID: 706105
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx

Fixlet Description: Microsoft has released an update that resolves a publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS07-061: CORRUPT PATCH - Windows Server 2003 SP1/SP2
Severity: Critical
Fixlet ID: 706106
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx

***************************************************************
Title: MS07-061: Vulnerability in Windows URI Handling Could Allow Remote Code Execution - Windows Server 2003 (x64)
Severity: Critical
Fixlet ID: 706107
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx

Fixlet Description: Microsoft has released an update that resolves a publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS07-061: CORRUPT PATCH - Windows Server 2003 (x64)
Severity: Critical
Fixlet ID: 706108
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx

***************************************************************
Title: MS07-062: Vulnerability in DNS Could Allow Spoofing - Windows 2000 Server SP4
Severity: Important
Fixlet ID: 706201
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-062.mspx

Fixlet Description: Microsoft has released an important security update that resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS Servers and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS07-062: CORRUPT PATCH - Windows 2000 Server SP4
Severity: Important
Fixlet ID: 706202
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-062.mspx

***************************************************************
Title: MS07-062: Vulnerability in DNS Could Allow Spoofing - Windows Server 2003 SP1/SP2
Severity: Important
Fixlet ID: 706203
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-062.mspx

Fixlet Description: Microsoft has released an important security update that resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS Servers and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS07-062: CORRUPT PATCH - Windows Server 2003 SP1/SP2
Severity: Important
Fixlet ID: 706204
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-062.mspx

***************************************************************
Title: MS07-062: Vulnerability in DNS Could Allow Spoofing - Windows Server 2003 (x64)
Severity: Important
Fixlet ID: 706205
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-062.mspx

Fixlet Description: Microsoft has released an important security update that resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS Servers and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS07-062: CORRUPT PATCH - Windows Server 2003 (x64)
Severity: Important
Fixlet ID: 706206
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-062.mspx