Microsoft Patch-Day: Updates sind erschienen

Microsoft Security Bulletin MS07-061 – Critical

This update resolves a publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003.

Download

Microsoft Security Bulletin MS07-062 – Important

This important security update resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS Servers and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations. This is an important security update for all supported editions of Microsoft Windows 2000 Server and Windows Server 2003.

Download.

Die Updates werden auch über die automatische Update-Funktionvon Windows verteilt. Außerdem gibt es neue Versionen des Tools zum Entfernen bösartiger Software und des Junk-E-Mail-Filters für Outlook.