2 Microsoft Security Bulletins for November 2007

Microsoft released two security updates for November, rating one of them as critical. Here's a brief description of each update; for more information, go to


MS07-061: Vulnerability in Windows URI Handling Could Allow Remote Code Execution

The attack vector for this exploit is a specially crafted Uniform Resource Identifier (URI) which could be located in an application or an attachment. If unpatched, the vulnerability could allow the execution of unauthorized code on the target computer.

Applies to: Windows XP and Windows Server 2003. Does not apply to Windows Vista or Windows 2000 SP4.

Recommendation: The vulnerability has been publicly disclosed. You should perform accelerated testing and deployment of this update.

MS07-062: Vulnerability in DNS Could Allow Spoofing

The attack vector for this exploit is specially crafted responses to DNS requests, which could be used to redirect Internet traffic from legitimate locations.

Applies to: Windows 2000 Server and Windows Server 2003. Does not apply to client software such as Windows Vista or Windows XP

Recommendation: Microsoft rates this update as important. If you deploy an Internet-facing DNS server, you should perform accelerated testing and deployment. If you deploy DNS only on an internal network, you should test and patch as part of your normal patch management cycle.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.