main
Report a problem

Microsoft Security Patch Tuesday - May 2007

Tom Warren   on 03 May 2007 - 18:22 · 10 comments & 6197 views

Advertisement (Why?)
On Tuesday 8 May 2007 Microsoft is planning to release:

Security Updates
  • Two Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
  • Three Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting Microsoft Exchange. The highest Maximum Severity rating for these is Critical. These updates will not require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting CAPICOM and BizTalk. The highest Maximum Severity rating for these is Critical. These updates will not require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.
Microsoft Windows Malicious Software Removal Tool
  • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS
  • Microsoft will release 1 NON-SECURITY High-Priority Update for Windows on Windows Update (WU) and Software Update Services (SUS).
  • Microsoft will release 6 NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
View: Microsoft Security Bulletin Advance Notification

Share this Article

  • Technorati
  • Magnolia
  • Stumble upon it
  • Reddit
  • Blink List
  • Delicious
  • Slashdot
  • Furl
  • Facebook
  • Windows Live
  • Google
  • Newsvine
  • Yahoo
  • RawSugar
  • Netvouz

About the Author

Full name: Tom Warren
User name: Tom W
Contact: via forum PM
Submissions: View All
More: View Bio   New!

Related news

 

Post a comment · Send to friend Comments · There are 10 additional comments
(4 replies) #1 rich.bradshaw on 03 May 2007 - 19:28
Why do you have to restart after Windows updates? What a stupid way to patch things...
#1.1 virtorio on 03 May 2007 - 20:48
Can't replace files that are currently being used.
#1.2 dugbug on 03 May 2007 - 20:50
Quote - (rich.bradshaw said @ #1)
Why do you have to restart after Windows updates? What a stupid way to patch things...


It depends on whats being patched. Some services can be stopped, patched, and restarted, others cannot without loosing important capability. Vista is much better in this regard, but xp requires a lot of restarts
#1.3 Andareed on 04 May 2007 - 11:54
Could be a kernel update.
#1.4 GP007 on 04 May 2007 - 14:44
Quote - (Andareed said @ #1.3)
Could be a kernel update.


If it's a kernel update then ANY OS will need a restart. As said above, Vista is a bit beter at patching then XP when it comes to restarts, but any low level updates will need a restart, that's kernel mode stuff. Now that MS has started to move more parts out of kernel mode and into user mode space restarts will be fewer and fewer.
(2 replies) #2 JockStrap on 03 May 2007 - 19:31
I like how some of those are critical, but they're waiting a little while before releasing them. Thanks for caring about your customers so much that you'll let them sit with a critical flaw in a product they paid for.
#2.1 J_R_G on 03 May 2007 - 22:21
Alternate timeline, with one slight difference, MS released the patch early and it had critical bugs:

JockStrap: "I like how many of these could have easily been prevented with a little extra testing. Thanks for caring
about your customers so much that you'll cripple their systems with untested patches for a product they paid far." ad naseum.
#2.2 GP007 on 04 May 2007 - 14:48
You have to also keep in mind that many security holes that get patched aren't attacked until after the patch is out, hackers use the patch to figure out what's going on and how to attack it. Since many people don't update right away anyways.

The key thing to look at here is what's being activilly attacked before a patch is issued and what is attacked after a patch is out. Just like the Blaster worm a few years ago, a patch was out before that happend, but many systems weren't updated.
#3 nanuk on 03 May 2007 - 19:47
These critical patches are only released when new flaws are found. You have to remember that an OS when released supposedly stands up to all its current possible attacks and flaws. However as the days and weeks pass after release date new flaws are found and are patched as quickly as possible. For a lot of us we are very grateful for the patching no matter if it takes a few hours to a few days to be released as we know the company is trying to look after its customers. Yet there are still a few who will make a mockery of the system and whine about it till their pc bsod's.

p.s.

I'm guessing Jock and rich have still patched
#4 cyberfox2004 on 04 May 2007 - 00:42
Next week's Patch Tuesday updates from Microsoft will include fixes for a wide range of "critical" vulnerabilities in the Windows, Office and Exchange product lines, the software giant announced today.

As part of its advance notice mechanism, Microsoft said a total of 7 bulletins will be released on May 8, 2007. Here are the barebones details.

Two Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will require a restart.
Three Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates may require a restart.
One Microsoft Security Bulletin affecting Microsoft Exchange. The highest Maximum Severity rating for these is Critical. These updates will not require a restart.
One Microsoft Security Bulletin affecting CAPICOM and BizTalk. The highest Maximum Severity rating for these is Critical. These updates will not require a restart.
One of the "critical" bulletins will most certainly contain fixes for the Windows DNS RPC vulnerability that was being used in attacks by botnet herders last month.

According to FrSIRT, there are several known Microsoft Office vulnerabilities that are unpatched. The list includes two code-execution vulnerabilities, one each in Microsoft Word and Microsoft Powerpoint. The PowerPoint bug was reported to Microsoft nine months ago (July, 2006).

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.1387) © 2000 - 2008 Neowin.net