CERT-In Advisory CIAD-2007-65
Multiple Vulnerabilities in various components of Microsoft Products:
Microsoft Windows Vista, Microsoft Windows 2000 Server, Internet Explorer , Microsoft Windows SMBv2 Code Signing, Microsoft DirectX, Microsoft Windows Macrovision SafeDisc secdrv.sys driver, Microsoft Windows Media File Format
Original issue date:
December 12, 2007
Systems Affected
• Microsoft Windows SMBv2 Code Signing
• Microsoft DirectX
• Microsoft Windows 2000 Server
• Microsoft Windows Vista
• Microsoft Windows Macrovision SafeDisc secdrv.sys driver
• Microsoft Windows Media File Format
• Internet Explorer
Overview
Multiple vulnerabilities have been reported in various components of Microsoft Products: Microsoft Windows Vista, Microsoft Windows 2000 Server, Internet Explorer , Microsoft Windows SMBv2 Code Signing, Microsoft DirectX, Microsoft Windows Macrovision SafeDisc secdrv.sys driver, Microsoft Windows Media File Format
Description
The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:
| Microsoft Security Bulletin |
Severity |
CERT-In Vulnerability Notes |
| MS07-063: Vulnerability in SMBv2 Could Allow Remote Code Execution |
Medium |
CIVN-2007-151: Remote Code Execution Vulnerability in Microsoft Windows SMBv2 Code Signing
|
| MS07-064: Vulnerabilities in DirectX Could Allow Remote Code Execution |
High |
CIVN-2007-152: Microsoft DirectX SAMI/WAV/AVI File Parsing Vulnerabilities
|
MS07-065: Vulnerability in Message Queuing Could Allow Remote Code Execution
|
Medium |
CIVN-2007-153: Message Queuing Service Remote Code Execution Vulnerability
|
MS07-066: Vulnerability in Windows Kernel Could Allow Elevation of Privilege
|
Medium |
CIVN-2007-154: Local Privilege Escalation Vulnerability in Microsoft Windows Vista Kernel ALPC
|
| MS07-067: Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege |
Medium |
CIVN-2007-155: Microsoft Windows Macrovision SafeDisc secdrv.sys driver Local Elevation of Privilege vulnerability
|
MS07-068: Vulnerability in Windows Media File Format Could Allow Remote Code Execution
|
High |
CIVN-2007-156: Microsoft Windows Media File Format Remote Code Execution vulnerability
|
| MS07-069: Cumulative Security Update for Internet Explorer |
High |
CIVN-2007-157: Internet Explorer Multiple Code Execution Vulnerabilities |
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin December 2007
http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx
Vendor Information
Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
