November 2007 Monthly Release

Hi, this is Simon, Release Manager in the MSRC.  I’d like to introduce you to our November security release.  Today we are releasing two new bulletins:


·         MS07-061: This update addresses a vulnerability in Windows URI handling, which could allow remote code execution and has a maximum severity of Critical.

·         MS07-062: This update addresses a vulnerability in DNS which could allow spoofing and has a maximum severity of Important


Additionally we are re-releasing one bulletin:


·         MS07-049: This update addresses a vulnerability in Virtual PC and Virtual Server and could allow elevation of privilege. This is a change to the installer code only, to address some limited installation problems that we have seen.  There’s no change to the update binaries, so if you have already successfully installed this update, you do not need to reinstall it.  Please refer to the bulletin revision notes for more detail.


As your probably also aware we recently released Security Advisory 944653 regarding a vulnerability in secdrv.sys, a SafeDisc driver, which is made by Macrovision and shipped in certain versions of Microsoft Windows.  Macrovision has also released an Advisory and posted a manual patch to update the system driver, secdrv.sys, on Window XP and Windows Server 2003 systems, which is available at It’s important to note that Microsoft Windows Vista is not affected by this vulnerability.  As the vulnerable driver is included with Windows XP and Windows Server 2003 we wanted to make sure you knew that we are working with Macrovision to test the Macrovision update for deployment using Microsoft’s security update process.  Once the update has gone through the Microsoft security update testing process, completed deployment testing and is ready for release, Microsoft will release it to customers as part of the Microsoft security update process.


You can find more detailed information on the URI issue resolved in MS07-061 (Advisory 943521) in my colleague Jonathan’s blog entry at


Finally, some WSUS administrators might have encountered a problem with some WSUS Console data corruption if they synched with the Microsoft WSUS servers in the last few days.  For further details on this issue, including the resolution if you have hit this problem, please see the WSUS blog at:


As we do each month, we will be hosting our regular webcast tomorrow at 11 a.m. Pacific Time. We’ll review the bulletins and provide you with answers on the air to your questions from our subject matter experts.


You can register for the webcast here:

 *This posting is provided “AS IS” with no warranties, and confers no rights.*