Saturday, February 04, 2012
Register  Login
  Our sponsors   
  Users currently online   
Membership Membership:
Latest New User Latest: kevin
New Today New Today: 0
New Yesterday New Yesterday: 0
User Count Overall: 56
People Online People Online:
Visitors Visitors: 3
Members Members: 0
Total Total: 3
Online Now Online Now:
Wizardwrx
Viruswarn banner
you are here: Forums  Search

Welcome to the Viruswarning forums.  All your original content has been ported to the new forums as  well as new content and additional opportunities to interact with the authors of Viruswarn.com.  You can always access old content at www.leedrake.com/forum .  You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....

But at least it's all here.

Enjoy!
  Viruswarn Forums
Forums > Viruswarning Forum > Viruswarning archive
Subject: February 2007 "super-size" windows update

You are not authorized to post a reply.   
Author Messages
Lee Drake
Posts:6
02/14/2007 3:12 PM  

What it is

 

Although we typically don’t cover each and every release of a normally scheduled patch – we wanted to emphasize the February 2007 patch release because it covers a wide range of issues and because changes rendered by the DST update may require you to make changes to your outlook calendar entries. 

 

Here is a brief overview of the February 2007 patch release:

 

  • A vulnerability in the way OLE files are handled in RTF emails and attachments could allow a user to compromise and take over a system.  This vulnerability has been exploited already and effects both email and RTF files hosted on web servers or file servers.  This affects all versions of Windows except for Vista.
  • A vulnerability in Microsoft’s “step-by-step” interactive training guide could allow a remote user to take over a system.  This can be exploited via a web link on a page.  This affects all versions of Windows except Win9x (no longer supported) and Vista.
  • Microsoft has moved the DST adjustment into the critical patches section.  Note that you should DOUBLE CHECK your outlook calendar for appointments made between the new DST date and the old DST date to ensure that times are correct.
  • A vulnerability in hardware detection could interact with other vulnerabilities to allow an attacker to escalate their privileges to admin or system level.  Affects Windows XP and 2003.
  • A vulnerability in the help ActiveX control could allow a website to take control over your system and install spyware or other programs.  This affects all versions of Windows except Vista.
  • A vulnerability in the Windows Imaging application responsible for connecting to cameras, scanners and other devices could allow a limited user to escalate privileges and install software on your machine.  This affects Windows XP SP2 only.
  • A vulnerability in Internet Explorer in the way it handles certain types of COM objects and ActiveX controls could allow a remote attacker to take over your system.  On all Windows systems running IE 5 or more, except for Vista – this is an essential update.  IE 7 on XP systems are less vulnerable if they are configured with default privileges.  Email html rendered mails are less vulnerable as well, since they run in the restricted zone.
  • A vulnerability in all versions of Windows except Vista, and in all versions of Visual Studio except Visual Studio 2005 could allow an attacker to craft a specially formatted RTF file (similar to the first vulnerability) that would allow them to take over a system.  This vulnerability is distinct from the first one – both patches must be applied for protection.
  • A security issue in MDAC – the data access component that allows programs to Access ADO and is installed by default on Windows 2003 and XP systems, could allow a remote attacker to take over a system.  This vulnerability is a public one and should be patched immediately – especially on machines such as web servers.  You can get hacked simply by browsing to a site that hosts the control.  It does not affect Vista or x64 versions of Windows or Server.
  • There is an unspecified windows vulnerability (KB918118) that is currently undocumented
  • Multiple vulnerabilities (at least 4 depending on what Office Apps you have) in Office 2003, Office XP/2002, and Office 2000 – two tied in with the MFC and MDAC vulnerabilities detailed above, two which involve maliciously modified or accidentally corrupted PowerPoint and Excel files.  There are also security and stability updates for Word, PowerPoint and Excel, and an update involving EU currency changes for certain countries that have newly adopted the EU.
  • There are also the normal updates to the junk mail filter and the malicious software removal tool.
  • Depending on what other applications you have installed there may be other updates.

What to do

Be sure to run windows update.  Consider running the optional updates as well – there may well be a number of those that you haven’t patched recently.  Apply all security and DST time change patches, and be sure you’re patching Office as well as Windows.  DOUBLE CHECK ALL APPOINTMENTS IN MARCH/APRIL – both before and after the update to be sure that you don’t have any problems.  Sync up with your mobile device after patching to be sure your phone or PocketPC is properly updated.

For more information

Simple summary: http://www.microsoft.com/athome/security/update/bulletins/200702.mspx

Technical summary: http://www.microsoft.com/technet/security/bulletin/ms07-feb.mspx

More information on the DST Changes:

Main DST Support center: http://support.microsoft.com/gp/cp_dst

Other DST knowledgebase articles:

http://support.microsoft.com/default.aspx/kb/325413

http://support.microsoft.com/kb/914387

 

This concludes this viruswarning notice.

 

http://www.os-cubed.com/
ldrake@os-cubed.com

Lee Drake
OS-Cubed, Inc.
274 North Goodman St. Suite A401
Rochester, NY 14607

Main: 585-756-2444  
Fax: 585-756-2443

 
You are not authorized to post a reply.
Forums > Viruswarning Forum > Viruswarning archive > February 2007 "super-size" windows update


ActiveForums 3.6
  Register or Login


Forgot Password ?
Copyright 2006 by OS-Cubed, Inc.   Terms Of Use  Privacy Statement