FYI...

- http://www.microsoft.com/technet/security/bulletin/ms07-oct.mspx
Published: October 9, 2007
"This bulletin summary lists security bulletins released for October 2007...


Critical (4)

Microsoft Security Bulletin MS07-055
Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)
- http://www.microsoft.com/technet/security/bulletin/ms07-055.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Affected Software: Windows...

Microsoft Security Bulletin MS07-056
Security Update for Outlook Express and Windows Mail (941202)
- http://www.microsoft.com/technet/security/bulletin/ms07-056.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Affected Software: Windows, Outlook Express, Windows Mail...

Microsoft Security Bulletin MS07-057
Cumulative Security Update for Internet Explorer (939653)
- http://www.microsoft.com/technet/security/bulletin/ms07-057.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Affected Software: Windows, Internet Explorer...

Microsoft Security Bulletin MS07-060
Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)
- http://www.microsoft.com/technet/security/bulletin/ms07-060.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Affected Software: Office...


Important (2)

Microsoft Security Bulletin MS07-058
Vulnerability in RPC Could Allow Denial of Service (933729)
- http://www.microsoft.com/technet/security/bulletin/ms07-058.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service
Affected Software: Windows...

Microsoft Security Bulletin MS07-059
Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)
- http://www.microsoft.com/technet/security/bulletin/ms07-059.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege
Affected Software: Windows, Office...

------------------------------------------------------

ISC Analysis
- http://isc.sans.org/diary.html?storyid=3480

==========================================

- http://blogs.technet.com/msrc/archive/2007/10/09/october-2007-monthly-release.aspx
"...Microsoft also re-released bulletin MS05-004*. This re-release updates detection includes Server 2003 Service Pack 2 and Vista as affected platforms. There were no changes to the update binaries, so if you have already successfully installed this update, you do not need to reinstall it..."

Microsoft Security Bulletin MS05-004
ASP.NET Path Validation Vulnerability (887219)
* http://www.microsoft.com/technet/security/Bulletin/MS05-004.mspx
Revisions:
• V1.0 (February 8, 2005): Bulletin published
• V1.1 (February 15, 2005): Bulletin updated to include Knowledge Base Article numbers for each individual download under Affected Products.
• V1.2 (March 16, 2005): Bulletin “Caveats” section has been updated to document known issues that customers may experience when installing the available security updates.
• V2.0 (June 14, 2005): Bulletin updated to announce the availability of an updated package for .NET Framework 1.0 Service Pack 3 for the following operating system versions: (887998) Windows XP Tablet PC Edition and Windows XP Media Center Edition.
• V3.0 (August 8, 2006): Bulletin updated to reflect the addition of Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 x64 Edition for .NET Framework 1.1 Service Pack 1 under “Affected Software” for “Microsoft .NET Framework 1.1”.
• V4.0 (October 9, 2007): Bulletin updated as Windows Server 2003 Service Pack 2 and Windows Vista have been added to the “Affected Software” sections for .NET Framework 1.0 Service Pack 3 KB886906 and .NET Framework 1.1 Service Pack 1 KB886903.

.

FYI...

Microsoft Security Advisory (943521)
URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/943521.mspx
Published: October 10, 2007
"Microsoft is investigating public reports of a remote code execution vulnerability in supported editions of Windows XP and Windows Server 2003 with Windows Internet Explorer 7 installed. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time. Microsoft is investigating the public reports.
• This vulnerability does not affect Windows Vista or any supported editions of Windows where Internet Explorer 7 is not installed..."

MSRC blog
> http://preview.tinyurl.com/yoadp8
October 10, 2007
--------------------

> http://www.microsoft.com/technet/security/advisory/943521.mspx
Updated: November 13, 2007 - "...We have issued MS07-061* to address this issue..."
* http://www.microsoft.com/technet/security/bulletin/MS07-061.mspx

.

FYI...

- http://preview.tinyurl.com/2q4xop
October 11, 2007 (Computerworld) - Security researchers spotted an attack yesterday that exploits a vulnerability in Microsoft Word patched just the day before. On Wednesday, Symantec Corp. reported it had obtained a suspicious Word document that crashed every version of the application except the newest, Word 2007, when opened. After it examined the document, Symantec found that the document included shell code and three pieces of malware. Among its more surprising findings: Symantec found that the document had been created with the edition of Word included with Office for Mac 2004. On Tuesday, Microsoft Corp. issued a patch that closed a critical vulnerability in multiple editions of the popular word processor, including Word 2000, Word XP and Word for the Mac. Symantec put the two together. "Taking a closer look at that vulnerability, we confirmed that this document was in fact exploiting the same vulnerability"... Updates to the Windows versions of Word can be obtained via Microsoft Update or Office Update..."

- http://preview.tinyurl.com/2saysc
October 10, 2007 (Symantec Security Response Weblog)

> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3899

> http://cwe.mitre.org/data/definitions/94.html

:fear:

FYI...

- http://preview.tinyurl.com/27znt2
October 16, 2007 (Computerworld) - "For the second time in a month, Microsoft Corp. has had to defend Windows Update against charges that it upgraded machines without users' permission. So far, it has no explanation for the newest instance of unauthorized updating..."

- https://windowssecrets.com/2007/10/25/03-PC-rebooting-The-cause-may-be-MS-OneCare
October 25, 2007 - "...My finding is that Windows Live OneCare silently changes the AU settings. This explains at least some of the complaints that have been reported so far. Users could have installed OneCare — even a free-trial version — at any time in the recent past and been unaware of any changes until Automatic Updates forced a reboot in the wee hours..."

- http://support.microsoft.com/kb/943144/en-us
Last Review: October 26, 2007
Revision: 2.2

FYI...

URL Update to IE URL Handling Vuln
- http://isc.sans.org/diary.php?storyid=3547
Last Updated: 2007-10-26 02:05:06 UTC - "Earlier this month, Microsoft published KB943521. This article acknowledged that third party software had to validate URLs before passing them to Internet Explorer, as Internet Explorer will not validate them. Today, Microsoft published an update to the advisory, suggesting limited exploitation of this vulnerability.
Microsoft does not appear to plan to fix the issue in Internet Explorer. Instead, it asks vendors releasing tools that pass URLs to Internet Explorer to validate them...

Links:

http://www.microsoft.com/technet/security/advisory/943521.mspx
Revisions:
• October 10, 2007: Advisory published
• October 25, 2007: Advisory updated to reflect increased threat level

http://blogs.technet.com/msrc/archive/2007/10/25/msrc-blog-october-25th-update-to-security-advisory-943521.aspx "

.

FYI...

- http://preview.tinyurl.com/ysz6so
October 29, 2007 - (Infoworld) "A hacker has released attack code that could be used to exploit a critical bug in some versions of the Windows operating system. Microsoft patched the flaw, which affects older versions of Windows, on Oct. 9. When the Image Viewer tries to open a maliciously encoded TIFF file, it can be tricked into running unauthorized software on the PC. A sample of the exploit was posted Monday to the Milw0rm Web site. The code has not yet been used in online attacks, according to Symantec, which issued an alert Monday. Symantec recommends that Windows users install the MS07-055 update* as quickly as possible. Microsoft took the unusual step of issuing its own security update for Kodak's software, because the image viewer (formerly known as the Wang Image Viewer) had shipped in Windows 2000 systems by default. Still, many Windows users are not affected by the problem. Windows XP and Windows Server 2003 users should not have the software installed on their PCs, unless they downloaded it directly or upgraded from Windows 2000. Windows Vista users are not affected by the bug. Also, users would have to open the TIFF file using the Kodak Image Viewer for the attack to work..."

* http://forums.spybot.info/showpost.php?p=125886&postcount=17

:fear:

FYI...

Microsoft Security Advisory (944653)
Vulnerability in Macrovision SECDRV.SYS Driver on Windows Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/944653.mspx
November 5, 2007 - "Microsoft is working with Macrovision, investigating new public reports of a vulnerability in the Macrovision secdrv.sys driver on supported editions of Windows Server 2003 and Windows XP. This vulnerability does not affect Windows Vista. We are aware of limited attacks that try to use the reported vulnerability. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This will include providing a security update through our monthly release process..."

> http://www.macrovision.com/promolanding/7352.htm

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5587

:fear:

FYI...

Follow-up on Macrovision Secdrv exploit
- http://www.symantec.com/enterprise/security_response/weblog/2007/11/followup_on_macrovision_secdrv.html
November 6, 2007 - "...Microsoft posted Microsoft Security Advisory (944653) about this issue. With the release of this advisory, I’d like to answer a few follow-up questions for blog readers:
Q: I don’t play games and I don’t use Macrovision software, so am I safe?
A: No. The vulnerable component affected by the bug is the Macrovision driver SECDRV.SYS, which is shipped by default with Windows systems. It is usually installed under the %System%\drivers folder.
Q: Is Windows Vista affected by this vulnerability?
A: Vista is not affected. Only SECDRV versions shipped with Windows XP and 2003 are. Instead the version shipped with Vista is a completely different driver, reworked and not vulnerable to this attack.All users should keep in mind that, in a multi-layered defense perspective, it is possible that malware dropped on the system via some other exploit (e.g. browser vulnerability or the recent PDF exploit) could potentially take advantage of the SECDRV bug to take further control of the computer and bypass other layers of protection.
Q: Where is the patch?
A: Macrovision released a version of the driver today (almost identical to the one shipped with Vista) that fixes this problem. The update is available here:
http://www.macrovision.com/promolanding/7352.htm
It’s not clear at the moment if Microsoft will distribute this update with the next cycle of Windows Update."

- http://www.microsoft.com/technet/security/advisory/944653.mspx
Revisions:
• November 05, 2007: Advisory published
• November 07, 2007: Advisory revised to include indentified workarounds for this vulnerability and additional information on what is secdrv.sys.

:fear:

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms07-nov.mspx
November 13, 2007
"...The security bulletins for this month are as follows, in order of severity:

Critical (1)

Microsoft Security Bulletin MS07-061
Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)
- http://www.microsoft.com/technet/security/bulletin/MS07-061.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...

Important (1)

Microsoft Security Bulletin MS07-062
Vulnerability in DNS Could Allow Spoofing (941672)
- http://www.microsoft.com/technet/security/bulletin/MS07-062.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Spoofing...
Affected Software: Windows...
------------------------------------

ISC Analysis
- http://isc.sans.org/diary.html?storyid=3642
Last Updated: 2007-11-13 18:47:44 UTC

.

FYI...

- http://www.eweek.com/article2/0,1759,2218894,00.asp?kc=EWRSS03119TX1K0000594
November 18, 2007 - "An MSN Messenger Trojan is growing a botnet by hundreds of infected PCs per hour, adding VMs to the mix as well... The malware is being introduced by MSN Messenger files posing as pictures, mostly seeming to come from known acquaintances. The files are a new type of Trojan that has snared several thousand PCs for a bot network within hours of its launch earlier on Nov. 18 and is being used to discover virtual PCs as a means of increasing its growth vector. The eSafe CSRT (Content Security Response Team) at Aladdin — a security company — detected the new threat propagating around noon EST on Nov. 18. At 18:00 UTC (Coordinated Universal Time), eSafe had detected 1 operator and more than 500 on-command bots in the network. Less than three hours later, or by 2:30 EST, when eWEEK spoke with Roei Lichtman, eSafe director of product management, the number had soared to several thousand PCs and was growing by several hundred systems per hour. eSafe is monitoring the IRC channel used to control the botnet. The only inhabitants of the network besides the operator are in fact infected PCs. The Trojan is an IRC bot that's spreading through MSN Messenger by sending itself in a .zip file with two names. One of the names includes the word "pics" as a double extension executable — a name generally used by scanners and digital cameras: for example, DSC00432.jpg.exe. The Trojan is also contained in a .zip file with the name "images" as a .pif executable—for example, IMG34814.pif... Given the familiar social engineering aspect of the attack, individuals are being urged to not open files sent unexpectedly from either friends or strangers..."

- http://www.us-cert.gov/current/#msn_messenger_trojan
November 19, 2007 - "...The Trojan arrives as a chat message that appears to contain an image file, that when opened, downloads and installs a Internet Relay Chat Bot. These messages may appear to come from a known contact..."

:fear:

FYI...

- http://preview.tinyurl.com/2sezx7
November 21, 2007 (Computerworld) - "Windows XP, Microsoft Corp.'s most popular operating system, sports the same encryption flaws that Israeli researchers recently disclosed in Windows 2000, Microsoft officials confirmed late Tuesday... As recently as last Friday, Microsoft hedged in answering questions about whether XP and Vista could be attacked in the same way, saying only that later versions of Windows "contain various changes and enhancements to the random number generator." Yesterday, however, Microsoft responded to further questions and acknowledged that Windows XP is vulnerable to the complex attack that Pinkas, Gutterman and Dorrendorf laid out in their paper, which was published earlier this month. Windows Vista, Windows Server 2003 and the not-yet-released Windows Server 2008, however, apparently use a modified or different random number generator; Microsoft said they were immune to the attack strategy. In addition, Microsoft said Windows XP Service Pack 3 (SP3), a major update expected sometime in the first half of 2008, includes fixes that address the random number generator problem... Because the company has determined that the PRNG problem is not a security vulnerability, it is unlikely to provide a patch."

:fear:

FYI...

Microsoft Security Advisory (945713)
Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure
- http://www.microsoft.com/technet/security/advisory/945713.mspx
December 3, 2007 - "Microsoft is investigating new public reports of a vulnerability in the way Windows resolves hostnames that do not include a fully-qualified domain name (FQDN). The technology that the vulnerability affects is Web Proxy Auto-Discovery (WPAD). Microsoft has not received any information to indicate that this vulnerability has been publicly used to attack customers, and Microsoft is not aware of any customer impact at this time. Microsoft is aggressively investigating the public reports. Customers whose domain name begins in a third-level or deeper domain, such as “contoso.co.us”, or for whom the following mitigating factors do not apply, are at risk from this vulnerability. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers...
Mitigating Factors:
• Customers who do not have a primary DNS suffix configured on their system are not affected by this vulnerability. In most cases, home users that are not members of a domain have no primary DNS suffix configured. Connection-specific DNS suffixes may be provided by some Internet Service Providers (ISPs), and these configurations are not affected by this vulnerability.
• Customers whose DNS domain name is registered as a second-level domain (SLD) below a top-level domain (TLD) are not affected by this vulnerability. Customers whose DNS suffixes reflect this registration would not be affected by this vulnerability. An example of a customer who is not affected is contoso.com or fabrikam.gov, where “contoso” and “fabrikam” are customer registered SLDs under their respective “.com” and “.gov” TLDs.
• Customers who have specified a proxy server via DHCP server settings or DNS are not affected by this vulnerability.
• Customers who have a trusted WPAD server in their organization are not affected by this vulnerability. (See the Workaround section for specific steps in creating a WPAD.DAT file on a WPAD server.)
• Customers who have manually specified a proxy server in Internet Explorer are not at risk from this vulnerability when using Internet Explorer.
• Customers who have disabled 'Automatically Detect Settings' in Internet Explorer are not at risk from this vulnerability when using Internet Explorer..."

- http://secunia.com/advisories/27901/
"...WPAD feature resolves "wpad" hostnames up to the second-level domain, which is potentially untrusted. This can be exploited to conduct man-in-the-middle attacks against third-level or deeper domains..."

:fear:

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx
Published: December 11, 2007
Version: 1.0
"This bulletin summary lists security bulletins released for December 2007..."

Critical (3)

Microsoft Security Bulletin MS07-064
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
- http://www.microsoft.com/technet/security/bulletin/MS07-064.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, DirectX, DirectShow...

Microsoft Security Bulletin MS07-068
Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)
- http://www.microsoft.com/technet/security/bulletin/MS07-068.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Windows Media Format Runtime...

Microsoft Security Bulletin MS07-069
Cumulative Security Update for Internet Explorer (942615)
- http://www.microsoft.com/technet/security/bulletin/MS07-069.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...


Important (4)

Microsoft Security Bulletin MS07-063
Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)
- http://www.microsoft.com/technet/security/bulletin/MS07-063.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...

Microsoft Security Bulletin MS07-065
Vulnerability in Message Queuing Could Allow Remote Code Execution (937894)
- http://www.microsoft.com/technet/security/bulletin/MS07-065.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...

Microsoft Security Bulletin MS07-066
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)
- http://www.microsoft.com/technet/security/bulletin/MS07-066.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows...

Microsoft Security Bulletin MS07-067
Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)
- http://www.microsoft.com/technet/security/bulletin/MS07-067.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Local Elevation of Privilege...
Affected Software: Windows..."

===================================

ISC Analysis
- http://isc.sans.org/diary.html?storyid=3735
Last Updated: 2007-12-11 19:14:09 UTC

===================================

- http://blog.washingtonpost.com/securityfix/2007/12/microsoft_plugs_11_windows_sec.html
December 11, 2007 - "...December's seven update bundles includes fixes for four separate security holes in Internet Explorer 6 and IE7, vulnerabilities that are considered critical for Windows 2000, Windows XP and Windows Vista users. Microsoft rates a flaw "critical" if it can be exploited to break into vulnerable systems with little or no help from the user, save perhaps for browsing a Web site or by clicking on a malicious link in an e-mail or instant message. The IE patch is probably the most important update Redmond issued this month, as the vulnerabilities it corrects have the potential to affect the largest number of people. Microsoft said that criminals already exploited one of the IE flaws to remotely compromise IE users. Microsoft also issued critical updates to fix at least two different problems with the way Windows handles the processing and display of various video and audio files..."

:santa:

FYI...

- http://preview.tinyurl.com/2rtbmz
December 11, 2007 (Symantec Security Response Weblog) - "...Microsoft released seven bulletins this month, covering a total of eleven vulnerabilities. Nine of the vulnerabilities affect Microsoft Vista either directly or through applications running on that operating system..."

> http://forums.spybot.info/showpost.php?p=144071&postcount=31

:fear:

FYI...

- http://www.microsoft.com/presspass/features/2007/dec07/12-11Office2007SP1.mspx
Dec 11, 2007 - "...Customers can download SP1 immediately from http://office.microsoft.com/en-us/downloads/default.aspx . They can also place an order for a CD at http://office.microsoft.com/en-us/default.aspx . At a later date, we also will provide SP1 through automatic update..."
=====================================

Office 2007 SP1 auto-installs confuse Vista, XP users
- http://preview.tinyurl.com/2aysx4
December 13, 2007 (Infoworld) - "Some users have gotten the massive Office 2007 SP1 update automatically, even though Microsoft said it would not use Windows' AU (Automatic Updates) to push out the large upgrade for several months, the company confirmed Thursday. Anyone running a preview copy of Windows Vista Service Pack 1 (SP1), which was made available to all comers only Wednesday, will receive the Office 2007 upgrade automatically. Users of other in-beta Microsoft products, including Windows XP SP3, which is still in limited testing, will also be hit by the Office update, which weighs in at almost 220MB. "As noted to beta customers, if [they] are running Vista SP1 beta software, as part of the beta program, Office 2007 SP1 on pre-release Windows Vista SP1 will automatically install as planned for this beta program," said Bobbie Harder, a senior program manager with the WSUS (Windows Server Update Services) group... even if users of Vista SP1, Windows XP SP3, or WSUS 3.0 SP3 manually installed Office 2007 SP1, AU later automatically installs -- actually re-installs -- the service pack... The next time Windows Update runs, however, Office 2007 SP1 reappears, again checked by default. To strike it off the list, users must right-click the item in the list and choose "hide update."

:fear:

FYI...

Microsoft Security Advisory (944653)
Vulnerability in Macrovision SECDRV.SYS Driver on Windows Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/944653.mspx
Updated: December 11, 2007 - "...We have issued MS07-067* to address this issue..."

* http://www.microsoft.com/technet/security/Bulletin/MS07-067.mspx

:fear:

FYI... (Windows Genuine Annoyance)

- http://support.microsoft.com/kb/892130/en-us
Last Review: December 5, 2007
Revision: 3.8
"...you may be prompted to complete the Windows Genuine Advantage (WGA) validation check process. On the Download Center Web site, you may be prompted to install an ActiveX control when you select a download that is marked with the WGA icon. On the Windows Update Web site, the ActiveX control is a mandatory update..."

.

FYI...

MS07-069 (IE update)... Post Install Issue
- http://preview.tinyurl.com/252f8d
December 18, 2007 (MSRC) - "...We have been investigating public reports of possible problems on systems that have installed the Cumulative Security Update for Internet Explorer (942615),
http://www.microsoft.com/technet/security/bulletin/ms07-069.mspx
released earlier this month. We have some information to share with you regarding the results of our investigation into these reports. First, I want to note the security update does protect against the vulnerabilities noted in the bulletin. If you are not experiencing issues noted in the below referenced Knowledge Base article, no action is needed. We have been working with a small number of customers that reported issues related to the installation of MS07-069. Specifically, on a Windows XP Service Pack 2 (SP2)-based computer, Internet Explorer 6 may stop responding when you try to a visit a web site. We’ve made an update to the Knowledge Base article for MS07-069, KB942615, which highlights the known issue.
http://support.microsoft.com/kb/942615
We have also added the following known issue Knowledge Base article KB946627. Because this occurs in a customized installation, this isn’t a widespread issue.
http://support.microsoft.com/kb/946627
Customers who believe they are affected can contact Customer Support Services at no charge using the PC Safety line at 1-866-PCSAFETY (North America). All customers, including those outside the U.S., can visit http://support.microsoft.com/security for assistance."
-----------------------------

- http://secunia.com/advisories/28036/
"...NOTE: This vulnerability is reportedly being actively exploited.
Successful exploitation of the vulnerabilities allows execution of arbitrary code when a user e.g. visits a malicious website..."

> http://www.microsoft.com/technet/security/Bulletin/MS07-069.mspx
• V1.2 (December 18, 2007): Bulletin updated to reflect a known issue; a change to the Removal Information text in the Windows Vista Reference Table in the Security Update Information section; and, a change to the File Information text in the Reference Table within the Security Update Information section for all affected operating systems...

:fear:

What?

XPSP2 w/IE6 registry edit fix for MS07-069
- http://support.microsoft.com/kb/946627
Last Review: December 19, 2007
Revision: 1.0
"...WORKAROUND
Warning: Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk..."

- http://blogs.msdn.com/ie/archive/2007/12/18/post-install-issues-with-ms07-069-ie6-on-xpsp2.aspx#6806843
December 19, 2007 - "...can Microsoft be serious that the solution is to edit each registry? Is this some sort of joke? It would be easier to have each user install Mozilla Firefox and stop using IE completely."

:sad:

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS07-069.mspx
• V1.3 (December 20, 2007): Bulletin revised to reflect a new Security Update FAQ entry for a known issue documented in KB946627.

IE 6 crashes after you install (MS07-069) security update 942615 on a computer that is running Windows XPSP2
- http://support.microsoft.com/kb/946627/
Last Review: December 21, 2007
Revision: 2.0

:fear: