CERT-In Advisory CIAD-2007-18
Multiple Vulnerabilities in Microsoft Windows GDI, CMS, Kernel, UPnP, Agent and CSRSS
Original issue date:
April 11, 2007
Systems Affected
- Microsoft Windows Operating Systems
- Microsoft Content Management Servers
Overview
Multiple vulnerabilities have been reported in various components of Microsoft Windows
and Microsoft Content Management Servers. This advisory describes these vulnerabilities addressed by the Microsoft Security Bulletins of April 2007.
Description
The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:
| Microsoft Security Bulletin |
Severity |
CERT-In Advisory/ Vulnerability Notes |
| MS07-017: Vulnerabilities in GDI Could Allow Remote Code Execution |
High |
CIAD-2007-17: Multiple Vulnerabilities in Microsoft Windows GDI
(Updated : April 11,2007) |
| MS07-018: Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution |
High |
CIVN-2007-44: Multiple Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution and Cross-Site Scripting Attacks
|
| MS07-019: Vulnerability in Universal Plug and Play Could Allow Remote Code Execution |
High |
CIVN-2007-45: Microsoft Windows Universal Plug and Play (UPnP) Memory Corruption Vulnerability |
| MS07-020: Vulnerability in Microsoft Agent Could Allow Remote Code Execution |
High |
CIVN-2007-46: Microsoft Windows Agent URL Parsing Remote Code Execution Vulnerability |
| MS07-021: Vulnerabilities in CSRSS Could Allow Remote Code Execution |
High |
CIVN-2007-47: Multiple Vulnerabilities in Client/ server run-time subsystem (CSRSS) |
| MS07-022: Vulnerability in Windows Kernel Could Allow Elevation of Privilege |
Medium |
CIVN-2007-48: Microsoft Windows Kernel Mapped Memory Insecure Permissions Vulnerability |
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin April 2007
http://www.microsoft.com/technet/security/bulletin/ms07-apr.mspx
Vendor Information
Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms07-apr.mspx
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
