New MS Security Updates

[Robinb]

Microsoft has released the following security bulletins today:

MS07-023 - Vulnerabilities in Microsoft Excel Could Allow Remote Code
Execution (934233)
http://www.microsoft.com/technet/security/Bulletin/MS07-023.mspx
-- Affected Software: Office 2000, Excel 2000, Office XP, Excel 2002,
Office 2003, Excel 2003, Excel Viewer 2003, Office System 2007, Excel 2007,
Office 2004 for Macintosh

MS07-024 - Vulnerabilities in Microsoft Word Could Allow Remote Code
Execution (934232)
http://www.microsoft.com/technet/security/Bulletin/MS07-024.mspx
-- Affected Software: Office 2000, Word 2000, Office XP, Word 2002, Office
2003, Word 2003, Word Viewer 2003, Office 2004 for Macintosh, Works 2004,
Works 2005, Works 2006

MS07-025 - Vulnerability in Microsoft Office Could Allow Remote Code
Execution (934873)
http://www.microsoft.com/technet/security/Bulletin/MS07-025.mspx
-- Affected Software: Office 2000, Excel 2000, FrontPage 2000, Publisher
2000, Office XP, Excel 2002, FrontPage 2002, Publisher 2002, Office 2003,
Excel 2003, FrontPage 2003, Publisher 2003, Excel Viewer 2003, Office System
2007, Excel 2007, Publisher2007, SharePoint Designer 2007, Expression Web,
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats , Office 2004 for Macintosh

MS07-026 - Vulnerabilities in Microsoft Exchange Could Allow Remote Code
Execution (931832)
http://www.microsoft.com/technet/security/Bulletin/MS07-026.mspx
-- Affected Software: Exchange 2000 Server, Exchange Server 2003, Exchange
Server 2007

MS07-027 - Cumulative Security Update for Internet Explorer (931768)
http://www.microsoft.com/technet/security/Bulletin/MS07-027.mspx
-- Affected Software: Windows 2000 Server, Windows 2000 Professional,
Windows 2000 Datacenter Server, Windows 2000 Advanced Server, Windows XP
Home Edition, Windows XP Professional, Windows XP Professional 64-Bit
Edition, Windows Server 2003 for Small Business Server, Windows Server 2003,
Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server
2003, Standard Edition, Windows Server 2003, Web Edition, Windows Server
2003 Datacenter Edition for Itanium-based Systems, Windows Server 2003
Enterprise Edition for Itanium-based Systems, Internet Explorer 5.01,
Windows Server 2003 Datacenter x64 Edition, Windows Server 2003 Enterprise
x64 Edition, Windows Server 2003 Standard x64 Edition, Windows Vista,
Windows Vista x64, Internet Explorer 6.0, Internet Explorer 6.0 for Windows
XP Service Pack 2, Internet Explorer 6 for Microsoft Windows XP Professional
x64 Edition, Internet Explorer 6.0 for Windows Server 2003, Internet
Explorer 6 for Microsoft Windows Server 2003 x64 Edition, Internet Explorer
6 for Microsoft Windows Server 2003 for Itanium-based Systems, Internet
Explorer 7.0 for Windows XP Service Pack 2 , Internet Explorer 7.0 For
Windows 2003, Internet Explorer 7 for Windows 2003 for Itanium, Internet
Explorer 7 for Windows 2003 x64 Edition, Internet Explorer 7.0 for Windows
Vista, Internet Explorer 7.0 for Windows Vista x64

MS07-028 - Vulnerability in CAPICOM Could Allow Remote Code Execution
(931906)
http://www.microsoft.com/technet/security/Bulletin/MS07-028.mspx
-- Affected Software: CAPICOM, Platform SDK Redistrubutable: CAPICOM,
BizTalk Server 2004

MS07-029 - Vulnerability in Windows DNS RPC Interface Could Allow Remote
Code Execution (935966)
http://www.microsoft.com/technet/security/Bulletin/MS07-029.mspx
-- Affected Software: Windows 2000 Server, Windows 2000 Professional,
Windows 2000 Datacenter Server, Windows 2000 Advanced Server, Windows Server
2003 for Small Business Server, Windows Server 2003, Datacenter Edition,
Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard
Edition, Windows Server 2003, Web Edition, Windows Server 2003 Datacenter
Edition for Itanium-based Systems, Windows Server 2003 Enterprise Edition
for Itanium-based Systems, Windows Server 2003 Datacenter x64 Edition,
Windows Server 2003 Enterprise x64 Edition, Windows Server 2003 Standard x64
Edition


I have not done them yet- wanted to see how you all did
robin

 

[Bill Sanderson MVP]

No problems thus far. If you run servers, that last one is long-awaited.

--

 

[Guest]

So far I only got 3:

Windows XP Windows Malicious Software Removal Tool - May 2007 (KB890830)
Tuesday, May 08, 2007 Windows Update

Windows XP Cumulative Security Update for Internet Explorer 6 for Windows XP
(KB931768) Tuesday, May 08, 2007 Windows Update

Windows XP Update for Windows XP (KB930916) Tuesday, May 08, 2007 Windows
Update


I got 2 this morning, then one this afternoon.

I have Office 2003, Excel and powerpoint viewer, but don't see anything for
it?

Had to reboot for the first 2 but not the last one. Didn't have any
problems, so good luck with yours......

 

[Anonymous Bob]

MS07-027 - Cumulative Security Update for Internet Explorer (931768)
http://www.microsoft.com/technet/security/Bulletin/MS07-027.mspx
-- Affected Software: Windows 2000 Server, Windows 2000 Professional,
Windows 2000 Datacenter Server, Windows 2000 Advanced Server, Windows XP
Home Edition, Windows XP Professional, Windows XP Professional 64-Bit
Edition, Windows Server 2003 for Small Business Server, Windows Server 2003,
Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server
2003, Standard Edition, Windows Server 2003, Web Edition, Windows Server
2003 Datacenter Edition for Itanium-based Systems, Windows Server 2003
Enterprise Edition for Itanium-based Systems, Internet Explorer 5.01,
Windows Server 2003 Datacenter x64 Edition, Windows Server 2003 Enterprise
x64 Edition, Windows Server 2003 Standard x64 Edition, Windows Vista,
Windows Vista x64, Internet Explorer 6.0, Internet Explorer 6.0 for Windows
XP Service Pack 2, Internet Explorer 6 for Microsoft Windows XP Professional
x64 Edition, Internet Explorer 6.0 for Windows Server 2003, Internet
Explorer 6 for Microsoft Windows Server 2003 x64 Edition, Internet Explorer
6 for Microsoft Windows Server 2003 for Itanium-based Systems, Internet
Explorer 7.0 for Windows XP Service Pack 2 , Internet Explorer 7.0 For
Windows 2003, Internet Explorer 7 for Windows 2003 for Itanium, Internet
Explorer 7 for Windows 2003 x64 Edition, Internet Explorer 7.0 for Windows
Vista, Internet Explorer 7.0 for Windows Vista x64

On my w2k system since installing KB931768 I'm in a loop installing
KB867801!!!!!

Very strange. That's a very old update. I finally executed the update from
the Microsoft page rather than downloading it. It says it requires SP1.??

My update history on Windows Update shows I've successfully installed
KB867801 9 times today.

I've got to wonder what shape my system is in now.

Bob Vanderveen

 

[Anonymous Bob]

On my w2k system since installing KB931768 I'm in a loop installing
KB867801!!!!!

Very strange. That's a very old update. I finally executed the update from
the Microsoft page rather than downloading it. It says it requires SP1.??

My update history on Windows Update shows I've successfully installed
KB867801 9 times today.

I've got to wonder what shape my system is in now.

Problem resolved with a dirty install of w2k.
http://www.bleepingcomputer.com/forums/topic34234.html

Bob Vanderveen

 

[Bill Sanderson MVP]

Hmm - more work than I'd have hoped to go through. Such a repair install
has sometimes had some risks associated with it--mostly on machines with a
specific OEM installation of Windows XP, as I recall.

I haven't spotted any cycling updates this time around, but I did a lot last
night, and I haven't looked back at all the machines yet.

--

 

[Anonymous Bob]

Hmm - more work than I'd have hoped to go through. Such a repair install
has sometimes had some risks associated with it--mostly on machines with a
specific OEM installation of Windows XP, as I recall.

I haven't spotted any cycling updates this time around, but I did a lot last
night, and I haven't looked back at all the machines yet.

I tried to remove all the fixes related to IE6 SP1, but after 2 years of
updates, the chronology and interdependencies were impossible to determine.
At that point I had little choice.

The really surprising aspect of this incident is that I'm a fanatic on
updates and neither Belarc nor MSBA flagged anything prior to yesterday's
updates. However, after the dirty install I noticed that the "about IE"
dialog box showed SP1; Q867801 and it was SP1; Q823353 before. I just can't
believe KB867801 has been missing all this time.

Bob Vanderveen

 

[Guest]

Hi Bill,

FYI

Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB931768)

Installation date: ‎5/‎9/‎2007 8:04 AM

Installation status: Successful



Windows Malicious Software Removal Tool - May 2007 (KB890830)

Installation date: ‎5/‎9/‎2007 8:03 AM

Installation status: Successful


Those 2 D/L came this morning (via Notify me but don't automatically
download or install them.)

After D/L an installation with the required restart, everything looks Ok (so
far so good) only time will tell.

Have a good day

 

[Bill Sanderson MVP]

That's definitely odd.
What about Q833989 and Q903235 ?
--

 

[Anonymous Bob]

That's definitely odd.
What about Q833989 and Q903235 ?

Belarc Advisor doesn't show either, but I'm not too concerned.

Q833989
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx
Non-Affected Software
.. Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service
Pack 4

Q903235
http://www.microsoft.com/technet/security/Bulletin/MS05-037.mspx
Inclusion in Future Service Packs:
The update for this issue may be included in a future Update Rollup.
....

Now the problem has changed. It's KB832894 now. This didn't show until a day
after the previous problem was resolved.
The update log shows no problem, however the best hint I've found is that if
I download and install it manually I'm told that SP1 is required for this
update.

The Help | About dialog for IE6 shows an update version of "SP1; Q867801;".
If you have access to a w2k machine, I'd be curious to know what you're
showing.

Thanks.

Bob Vanderveen

 

[Bill Sanderson MVP]

I've got a couple of Windows 2000 servers.

1) SP1;Q810847 (and then a list of 14 more ending with those I listed below)
2) SP1;Q823353 and then just two more--those listed below.

Hmm--interesting. I would have expected these two servers to be near
identical--I've maintained both of them, autoupdate full on, and typically
updated via MU on patch tuesdays.

--

 

[Anonymous Bob]

I've got a couple of Windows 2000 servers.

1) SP1;Q810847 (and then a list of 14 more ending with those I listed below)
2) SP1;Q823353 and then just two more--those listed below.

Hmm--interesting. I would have expected these two servers to be near
identical--I've maintained both of them, autoupdate full on, and typically
updated via MU on patch tuesdays.

I called 1-866-PCSAFTEY. They're getting a lot of calls on this and they're
working on a fix. Their advice was to remove KB931784 until they fix it.

As there are critical updates involved, I've chosen to simply disable
automatic updates.
YMMV

Bob Vanderveen

 

[Anonymous Bob]

I was able to fix my problem with KB832894 by re-downloading Media Player 9
from:
http://www.microsoft.com/windows/windowsmedia/download/AllDownloads.aspx?displang=en&qstechnology=

I installed it on top of the existing Media Player 9. Windows Update now has
no updates for me. MBSA runs cleanly.
If I can get some verification on other systems, I'll pass the info on to
Microsoft tech support.

Bob Vanderveen