Fixlet Site - EnterpriseSecurity Current Version: 920 Published: Wed, 14 Nov 2007 03:24:17 GMT *************************************************************** Title: MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege - Virtual PC 2004 (v2, re-released 11/13/2007) Severity: Important Fixlet ID: 704919 Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms07-049.mspx Fixlet Description: Microsoft has released an important security update that resolves one privately reported elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system. Only guest operating system users who are granted administrative permissions would be able to exploit this vulnerability. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. Important Note: There are known issues associated with the installation of this patch. See the Known Issues section of the security bulletin for more information. Important Note: This patch was re-released on November 13, 2007 to address known issues with the original patch. The action below deploys the revised version of the patch. This Fixlet message will not become relevant if the original version of the patch is installed. See the FAQ section of the security bulletin for more information. *************************************************************** Title: MS07-049: CORRUPT PATCH - Virtual PC 2004 (v2, re-released 11/13/2007) Severity: Important Fixlet ID: 704920 Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms07-049.mspx *************************************************************** Title: MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege - Virtual PC 2004 SP1 (v2, re-released 11/13/2007) Severity: Important Fixlet ID: 704923 Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms07-049.mspx Fixlet Description: Microsoft has released an important security update that resolves one privately reported elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system. Only guest operating system users who are granted administrative permissions would be able to exploit this vulnerability. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. Important Note: There are known issues associated with the installation of this patch. See the Known Issues section of the security bulletin for more information. Important Note: This patch was re-released on November 13, 2007 to address known issues with the original patch. The action below deploys the revised version of the patch. This Fixlet message will not become relevant if the original version of the patch is installed. See the FAQ section of the security bulletin for more information. *************************************************************** Title: MS07-049: CORRUPT PATCH - Virtual PC 2004 SP1 (v2, re-released 11/13/2007) Severity: Important Fixlet ID: 704924 Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms07-049.mspx *************************************************************** Title: MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege - Virtual Server 2005 Standard Edition (v2, re-released 11/13/2007) Severity: Important Fixlet ID: 704925 Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS07-049.mspx Fixlet Description: Microsoft has released an important security update that resolves one privately reported elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system. Only guest operating system users who are granted administrative permissions would be able to exploit this vulnerability. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. Important Note: There are known issues associated with the installation of this patch. See the Known Issues section of the security bulletin for more information. Important Note: This patch was re-released on November 13, 2007 to address known issues with the original patch. The action below deploys the revised version of the patch. This Fixlet message will not become relevant if the original version of the patch is installed. See the FAQ section of the security bulletin for more information. *************************************************************** Title: MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege - Virtual Server 2005 Enterprise Edition (v2, re-released 11/13/2007) Severity: Important Fixlet ID: 704927 Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms07-049.mspx Fixlet Description: Microsoft has released an important security update that resolves one privately reported elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system. Only guest operating system users who are granted administrative permissions would be able to exploit this vulnerability. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. Important Note: There are known issues associated with the installation of this patch. See the Known Issues section of the security bulletin for more information. Important Note: This patch was re-released on November 13, 2007 to address known issues with the original patch. The action below deploys the revised version of the patch. This Fixlet message will not become relevant if the original version of the patch is installed. See the FAQ section of the security bulletin for more information. *************************************************************** Title: MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege - Virtual Server 2005 Standard Edition R2 (v2, re-released 11/13/2007) Severity: Important Fixlet ID: 704929 Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS07-049.mspx Fixlet Description: Microsoft has released an important security update that resolves one privately reported elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system. Only guest operating system users who are granted administrative permissions would be able to exploit this vulnerability. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. Important Note: There are known issues associated with the installation of this patch. See the Known Issues section of the security bulletin for more information. Important Note: This patch was re-released on November 13, 2007 to address known issues with the original patch. The action below deploys the revised version of the patch. This Fixlet message will not become relevant if the original version of the patch is installed. See the FAQ section of the security bulletin for more information. *************************************************************** Title: MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege - Virtual Server 2005 Enterprise Edition R2 (v2, re-released 11/13/2007) Severity: Important Fixlet ID: 704931 Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms07-049.mspx Fixlet Description: Microsoft has released an important security update that resolves one privately reported elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system. Only guest operating system users who are granted administrative permissions would be able to exploit this vulnerability. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. Important Note: There are known issues associated with the installation of this patch. See the Known Issues section of the security bulletin for more information. Important Note: This patch was re-released on November 13, 2007 to address known issues with the original patch. The action below deploys the revised version of the patch. This Fixlet message will not become relevant if the original version of the patch is installed. See the FAQ section of the security bulletin for more information. *************************************************************** Title: MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege - Virtual Server 2005 Standard Edition R2 (x64) (v2, re-released 11/13/2007) Severity: Important Fixlet ID: 704933 Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS07-049.mspx Fixlet Description: Microsoft has released an important security update that resolves one privately reported elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system. Only guest operating system users who are granted administrative permissions would be able to exploit this vulnerability. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. Important Note: There are known issues associated with the installation of this patch. See the Known Issues section of the security bulletin for more information. Important Note: This patch was re-released on November 13, 2007 to address known issues with the original patch. The action below deploys the revised version of the patch. This Fixlet message will not become relevant if the original version of the patch is installed. See the FAQ section of the security bulletin for more information. *************************************************************** Title: MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege - Virtual Server 2005 Enterprise Edition R2 (x64) (v2, re-released 11/13/2007) Severity: Important Fixlet ID: 704935 Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS07-049.mspx Fixlet Description: Microsoft has released an important security update that resolves one privately reported elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system. Only guest operating system users who are granted administrative permissions would be able to exploit this vulnerability. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. Important Note: There are known issues associated with the installation of this patch. See the Known Issues section of the security bulletin for more information. Important Note: This patch was re-released on November 13, 2007 to address known issues with the original patch. The action below deploys the revised version of the patch. This Fixlet message will not become relevant if the original version of the patch is installed. See the FAQ section of the security bulletin for more information. *************************************************************** Title: MS07-061: Vulnerability in Windows URI Handling Could Allow Remote Code Execution - Windows XP SP2 Severity: Critical Fixlet ID: 706101 Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx Fixlet Description: Microsoft has released an update that resolves a publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability. *************************************************************** Title: MS07-061: CORRUPT PATCH - Windows XP SP2 Severity: Critical Fixlet ID: 706102 Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx *************************************************************** Title: MS07-061: Vulnerability in Windows URI Handling Could Allow Remote Code Execution - Windows XP (x64) Severity: Critical Fixlet ID: 706103 Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx Fixlet Description: Microsoft has released an update that resolves a publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability. *************************************************************** Title: MS07-061: CORRUPT PATCH - Windows XP (x64) Severity: Critical Fixlet ID: 706104 Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx *************************************************************** Title: MS07-061: Vulnerability in Windows URI Handling Could Allow Remote Code Execution - Windows Server 2003 SP1/SP2 Severity: Critical Fixlet ID: 706105 Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx Fixlet Description: Microsoft has released an update that resolves a publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability. *************************************************************** Title: MS07-061: CORRUPT PATCH - Windows Server 2003 SP1/SP2 Severity: Critical Fixlet ID: 706106 Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx *************************************************************** Title: MS07-061: Vulnerability in Windows URI Handling Could Allow Remote Code Execution - Windows Server 2003 (x64) Severity: Critical Fixlet ID: 706107 Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx Fixlet Description: Microsoft has released an update that resolves a publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability. *************************************************************** Title: MS07-061: CORRUPT PATCH - Windows Server 2003 (x64) Severity: Critical Fixlet ID: 706108 Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx *************************************************************** Title: MS07-062: Vulnerability in DNS Could Allow Spoofing - Windows 2000 Server SP4 Severity: Important Fixlet ID: 706201 Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-062.mspx Fixlet Description: Microsoft has released an important security update that resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS Servers and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability. *************************************************************** Title: MS07-062: CORRUPT PATCH - Windows 2000 Server SP4 Severity: Important Fixlet ID: 706202 Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-062.mspx *************************************************************** Title: MS07-062: Vulnerability in DNS Could Allow Spoofing - Windows Server 2003 SP1/SP2 Severity: Important Fixlet ID: 706203 Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-062.mspx Fixlet Description: Microsoft has released an important security update that resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS Servers and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability. *************************************************************** Title: MS07-062: CORRUPT PATCH - Windows Server 2003 SP1/SP2 Severity: Important Fixlet ID: 706204 Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-062.mspx *************************************************************** Title: MS07-062: Vulnerability in DNS Could Allow Spoofing - Windows Server 2003 (x64) Severity: Important Fixlet ID: 706205 Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-062.mspx Fixlet Description: Microsoft has released an important security update that resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS Servers and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability. *************************************************************** Title: MS07-062: CORRUPT PATCH - Windows Server 2003 (x64) Severity: Important Fixlet ID: 706206 Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS07-062.mspx