Microsoft released six security updates for October, rating four of them as critical. Here's a brief description of each update; for more information, go to http://www.microsoft.com/technet/security/bulletin/ms07-oct.mspx
MS07-055: Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution
The attack vector for this exploit is specially crafted image files. The exploit targets Kodak Image Viewer, formerly known as Wang Image Viewer. If unpatched, this vulnerability could be leveraged to allow the execution of remote code on the affected system.
Applies to: Windows 2000 and versions of Windows XP and Windows Server 2003 that were installed as upgrades from Windows 2000. Computers on which Windows XP and Windows Server 2003 were installed directly are not vulnerable.
Recommendation: This vulnerability was privately reported. You need to perform accelerated testing only if your environment has computers running Windows 2000 or computers running Windows XP or Windows Server 2003 that was upgraded from Windows 2000.
MS07-056: Security Update for Outlook Express and Windows Mail
The attack vector for this exploit is a Network News Transfer Protocol (NNTP) response from a news server. The attacker must draw the subject of the attack to visit an NNTP server, which would deliver this exploit. The exploit targets Outlook Express and Windows Mail and could be leveraged to allow remote code execution. Although this exploit has yet to be detected outside a lab environment, it's possible that attackers will target third-party NNTP servers and compromise them in an attempt to leverage this exploit.
Applies to: All versions of Windows.
Recommendation: Although the security bulletin states that the Microsoft article at http://support.microsoft.com/kb/941202 details issues that might be experienced when this update is installed, no such issues are currently listed on this page. Given the large number of OS versions this update applies to, the likelihood of a public exploit for this vulnerability is high. You should test and deploy on an accelerated schedule.
MS07-057: Cumulative Security Update for Internet Explorer
This update addresses three privately reported and one publicly disclosed vulnerability. The attack vector for these exploits is specially crafted Web pages which, if viewed using Microsoft Internet Explorer, could be leveraged to execute nefarious code.
Applies to: Internet Explorer 5.0, 6.0, and 7.0.
Recommendation: This update should be first on your list to test and deploy as quickly as you can.
MS07-058: Vulnerability in RPC Could Allow Denial of Service
A vulnerability in the RPC facility could be leveraged to cause a Denial of Service (DoS) attack against the affected computer. The affected computer could slow, halt or even restart.
Applies to: All versions of Windows.
Recommendation: Microsoft rates this update as important rather than critical, and the vulnerability has been privately, rather than publicly, disclosed. Because RPC is almost always blocked at the firewall, this vulnerability can be leveraged only if the attacker is on the same network as the attacked. Thus, you should test and deploy this fix as part of your ongoing patch management routine.
MS07-059: Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site
The attack vector for this exploit is a script run within a SharePoint site. If this exploit is leveraged, the attacker could elevate privilege within a SharePoint site. The update modifies the way that SharePoint 3.0 and Microsoft Office SharePoint Server 2007 validate URL-encoded requests.
Applies to: SharePoint Services 3.0 on Windows Server 2003 and Microsoft Office SharePoint Server 2007.
Recommendation: Microsoft rates this update as important. You should test and deploy it as part of your ongoing patch management routine.
MS07-060: Vulnerability in Microsoft Word Could Allow Remote Code Execution
The attack vector for this exploit is a specially crafted Word file with a malformed string. If leveraged, this exploit would allow the attacker to run remote code on the targeted computer.
Applies to: Office 2000, Office XP, and Office 2004 for Mac. Does not apply to Office 2003 and Office 2007
Recommendation: Although the vulnerability was privately reported, if your organization uses the affected software, you should test and deploy this patch on an accelerated schedule.
