Today we see 7 patches, which fix 11 flaws.
---
MS07-063
SMBv2 Signing Vulnerability - CVE-2007-5351
Executive Summary:
This important security update resolves a privately reported vulnerability in Server Message Block Version 2 (SMBv2). The vulnerability could allow an attacker to tamper with data transferred via SMBv2, which could allow remote code execution in domain configurations communicating with SMBv2.
---
MS07-064
Microsoft DirectX Code Execution Vulnerability Parsing SAMI Files - CVE-2007-3901
Microsoft DirectX Code Execution Vulnerability Parsing WAV and AVI Files - CVE-2007-3895
Executive Summary:
This critical security update resolves two privately reported vulnerabilities in Microsoft DirectX. These vulnerabilities could allow code execution if a user opened a specially crafted file used for streaming media in DirectX. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
---
MS07-065
Message Queuing Service Remote Code Execution Vulnerability - CVE-2007-3039
Executive Summary:
This important security update resolves a privately reported vulnerability in Message Queuing Service (MSMQ) that could allow remote code execution in implementations on Microsoft Windows 2000 Server, or elevation of privilege in implementations on Microsoft Windows 2000 Professional and Windows XP. An attacker must have valid logon credentials to exploit this vulnerability. An attacker could then install programs; view, change, or delete data; or create new accounts.
---
MS07-066
Windows Kernel Vulnerability - CVE-2007-5350
Executive Summary:
This important security update resolves a privately reported vulnerability in the Windows kernel. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
---
MS07-067
Macrovision Driver Vulnerability - CVE-2007-5587
Executive Summary:
This important security update resolves one publicly disclosed vulnerability. A local elevation of privilege vulnerability exists in the way that the Macrovision driver incorrectly handles configuration parameters. An attacker who successfully exploited this vulnerability could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
---
MS07-068
Windows Media Format Remote Code Execution Vulnerability Parsing ASF - CVE-2007-0064
Executive Summary:
This critical security update resolves a privately reported vulnerability in Windows Media File Format. This vulnerability could allow remote code execution if a user viewed a specially crafted file in Windows Media Format Runtime. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
---
MS07-069
Uninitialized Memory Corruption Vulnerability - CVE-2007-3902
Uninitialized Memory Corruption Vulnerability - CVE-2007-3903
Uninitialized Memory Corruption Vulnerability - CVE-2007-5344
DHTML Object Memory Corruption Vulnerability - CVE-2007-5347
Executive Summary:
This critical security update resolves four privately reported vulnerabilities. The most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
