Microsoft Security Bulletins for February 2007

[Donna Buenaventura]

The Microsoft Security Bulletins for February, 2007 has been released.
6 Critical
.. MS07-008 - Vulnerability in HTML Help ActiveX Control Could Allow Remote
Code Execution (928843)
.. MS07-009 - Vulnerability in Microsoft Data Access Components Could Allow
Remote Code Execution(927779)
.. MS07-010 - Vulnerability in Microsoft Malware Protection Engine Could
Allow Remote Code Execution (932135)
.. MS07-014 - Vulnerabilities in Microsoft Word Could Allow Remote Code
Execution (929434)
.. MS07-015 - Vulnerabilities in Microsoft Office Could Allow Remote Code
Execution (932554)
.. MS07-016 - Cumulative Security Update for Internet Explorer (928090)
6 Updates
.. MS07-005 - Vulnerability in Step-by-Step Interactive Training Could Allow
Remote Code Execution (923723)
.. MS07-006 - Vulnerability in Windows Shell Could Allow Elevation of
Privilege (928255)
.. MS07-007 - Vulnerability in Windows Image Acquisition Service Could Allow
Elevation of Privilege (927802)
.. MS07-011 - Vulnerability in Microsoft OLE Dialog Could Allow Remote Code
Execution (926436)
.. MS07-012 - Vulnerability in Microsoft MFC Could Allow Remote Code
Execution (924667)
.. MS07-013 - Vulnerability in Microsoft RichEdit Could Allow Remote Code
Execution (918118)

The Microsoft Security Bulletin Summary for February, 2007 is at
http://www.microsoft.com/technet/security/bulletin/ms07-feb.mspx. An
end-user version of this information is available at
http://www.microsoft.com/athome/security/update/bulletins/200702.mspx

Security Updates Support: If you have any questions regarding the patch or
its implementation, you should contact Product Support Services in the
United States at 1-866-PCSAFETY. International customers should contact
their local subsidiary.

Update sources: As always, download the updates only from the vendors'
website - visit Windows Update and Office Update or Microsoft Update. You
may also get the updates thru Automatic Updates functionality in Windows.
Note: Don't be a victim of spoofed emails. Read "How to tell whether a
security e-mail message is really from Microsoft"
http://www.microsoft.com/athome/security/email/ms_genuine_mail.mspx

Recommendations: Microsoft advises customers to install the latest product
releases, security updates, and service packs to remain as secure as
possible. Older products, such as Microsoft Windows NT 4.0, may not meet
today's more demanding security requirements. It may not be possible for
Microsoft to provide security updates for older products. More info at
Support Lifecycle website.
http://support.microsoft.com/lifecycle/

Webcast: Microsoft will host a webcast tomorrow. The webcast focuses on
addressing your questions and concerns about the security bulletins.
Therefore, most of the live webcast is aimed at giving you the opportunity
to ask questions and get answers from their security experts.
http://msevents.microsoft.com/CUI/W...&EventCategory=4&culture=en-US&CountryCode=US

Security Tool: Find out if you are missing important security updates by
using MBSA.
http://www.microsoft.com/technet/security/tools/mbsahome.mspx


--
Regards,
Donna Buenaventura
Windows Security MVP
w: http://cou.dozleng.com
b: http://msmvps.com/donna

 

[NOMIS42]

Hi:

The Malicious Software Removal tool, which was released with the new batches
today (2/13/2007) is for December 2006. Should be for Feb 2007. Someone
please advise. Thanks.

 

[Michael 1952]

Hello Donna,

My name is Michael and I am now very confused with something that happened
during the 15 update cycle this afternoon. I downloaded them throught the
Microsoft Update tool in IE7 Tools. All went well until the fifth download
which failed all others downloaded and installed with no problems. Five was
identified as KB924667 after going through the reboot, I tried using the
update tool again to install the one that failed the download. The update
tool now said there were no priority updates to download or install. I
checked the history file and it showed KB924667 and an error code of
0X800706BE when I clicked on the status red X. I called the 800 number for
assistance with updates, case number 1029608605, which is now closed. They
told me that this update was for Visual Studio which does not appear using
program files install/remove in the control panel, but there is a Visual
Studio folder in C:\program files. He told me that there was no problem with
the failure since I do not use visual studio and because when I retried the
update tool no priority updates were identified. OK so far. Then I go to
your note and it tells me that this knowledge base article is the twelfth
downloand and does not have anything to do with visual studio. Do I have a
problem or not?

Our computer has Windows XP Professional SP2, Outlook 2007 Professional with
Business Contacts, and Internet Explorer 7.

Thank you for your time and support.

 

[Donna Buenaventura]

Hi,
Try to visit Microsoft Update site again. It is shown as February 2007 to
me. If it's still showing December 2006 at your end, you might want to
download the MSRT manually from the download center of MS:
http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
The KB article has been updated too to reflect the addition on the MSRT,
http://support.microsoft.com/?kbid=890830

Donna

 

[Donna Buenaventura]

Hi Michael,
It affects some editions of Windows as well not only Visual Studio because
mfc40u.dll and mfc42u.dll exists in Windows that are affected.
Try to resolve the 0X800706BE by ensuring RPC service is or has started. It
maybe hung so you might want to restart RPC service then visit MU again.
If the problem occurs again, you may download and install the update
manually. Go to
http://www.microsoft.com/technet/security/bulletin/ms07-012.mspx and look
for your operating system under 'Affected Software' then click the link to
download the security update.
Verify the update has been installed after installation.

Donna

 

[Michael 1952]

Hi Donna,

Thanks so much for your solution, the update worked perfectly and all I have
to do now is reboot the computer which I will do after I finish this. It
seems that the tech support folks need to study a little more. I asked them
if I should go to the KB article and download from there, but they said it
was not necessary. The problem is now corrected, I truly appreciate your
time. Sincerely, Michael

 

[Donna Buenaventura]

You're welcome Michael! Glad to hear you are done with this months security
update.

Donna

 

[Michael 1952]

Hi Donna,

Another tribulation. I keep the MBSA on my desk top and just used it to
make sure all of Februarys updates were installed, they were. Now it is
telling me that KB917283 and KB922770 are missing. I checked the control
panel and they are there and available for uninstall. I re installed them
using the mbsa results and then ran mbsa again. Again it says that they are
missing. Am I doing something wrong or is the mbsa just not able to find
them for some reason? These are .net 2.0 security updates and I have already
installed .net 3.0. I am sorry to keep bothering you, but it is something of
concern to me. Thanks very much. Michael

 

[Donna Buenaventura]

Michael,
Are you using MBSA v2?
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
Version 1 of MBSA will not detect KB917283 and KB922770 as per:
http://www.microsoft.com/technet/security/bulletin/ms06-033.mspx and
http://www.microsoft.com/technet/security/bulletin/ms06-056.mspx

Donna

 

[Michael 1952]

Hi Donna,

When I select it at the top is printed Microsoft Baseline Security Analyzer
2. I hope that means Version 2, but there is no help to check about to make
sure it is v2. Thanks, Michael

 

[Donna Buenaventura]

When you open MBSA, click 'About MBSA' at the left, under 'See Also'
Post back the version. If it is version 2.0 or 2.0.1 already, try to scan
again but change the configuration to scan a computer>put a check for
'Advanced Security Services options' then select 'Microsoft Update only'.
Ensure you're connected so it can download the catalog.
Run the scan and see how it goes.

Donna

 

[Michael 1952]

I waited to reply in order to run the MBSA several times. Each time the
analysis indicated Scanned with MBSA Version 2.1.2005.0 and each time the
same two .net updates show that they need to be installed. Thanks, Michael

 

[Donna Buenaventura]

Sorry for the delay Michael!
I suggest that you uninstall the updates for .NET Framework 2 and the .NET
framework 2 itself.
Next, install .NET Framework 2 again. Visit MU again and let it install the
2 security updates for it. Run MBSA again after doing that.
I read before that there was issue on .NET Framework updates not installing
properly. MBSA is right. The security updates who have this time is maybe
misconfigured and it is why MBSA is detecting.

Let us know how it goes.

Donna

 

[Michael 1952]

Hi Donna,

I uninstalled the two .NET updates, rebooted, went to MU. MU indicated that
there were no updates to install. I then went to the two bulletins using the
MBSA and installed them through each of the bulletins. I then rebooted and
ran the MBSA. It still showed me that the two .NET updates were missing. I
cannot think of anything else to do to cure this problem, can you? Take
care, Michael

 

[Donna Buenaventura]

I ran out of ideas too Michael. But wait, you didn't remove .NET Framework?
In my XP SP2, I have .NET Framework 2 and the said 2 security bulletins. I
ran MBSA 2.1 Beta the other day and it didn't say the said updates aren't
installed.
I uninstalled MBSA 2.1 yesterday, and let MBSA 2.0.1 'in'. Ran the scan and
it also didn't say I'm missing the said updates for .NET Framework 2.0
I think you should try to uninstall not only the updates for it but the .NET
Framework? Reboot then install only the .NET Framework.

Actually if those updates are installed already.. we can rest but MBSA is
designed to not to only find missing hotfixes or security updates but also
designed to find updates that are misconfigured. If MBSA here find no
issues, and yours has issue then there's something wrong for you to attend.

Hope I'm not making it a pain process but that's what I'll do if I'm in that
situation. Remove the offending programs that MBSA says 'not there' and
remove the .NET Framework. Reboot. Run MBSA and it shouldn't see missing
updates since there's no more .NET Framework 2.0

Next, install it again (just the framework but not the updates) and see what
MBSA will find. Install manually the updates then scan again using MBSA.

Trial and error I guess is my last resort and I hope you'll give it a try
Michael.

Donna

 

[ehanley12]

This all sounds sadly familiar to me. I am having a series of problems, most
recently that I can download but cannot install the latest Windows & Office
Updates -- those released on 2/13/07 (KB920813, KB929057, KB929064, KB929058,
KB 929060, KB9295251, and KB924885). Previously, following the upgrade to IE
7, IE became unstable along with Office, and both eventually crashed (I
reverted to IE 6, uninstalled and reinstalled Office 2003 and IE 7 with
wonderful help from Microsoft Support although the cause of problems never
determined). Throughout this trying period, several other applications --
most notably Quicken and, at times, Norton anti-virus and internet security
programs -- became unstable and continue to be unpredictable today. I also
had trouble with the Microsoft verification process, solved that with their
help when I reinstalled IE7, but it failed again today when I attempted to
re-downlaod the Feb updates manually.

Most of the many scans I have run using various analytic tools identify two
*.dll files that are "necessary" for various applications (e.g.,
NETFramework, Quicken, et al), but that are not accessible due to incorrect
paths. They are: mscvr80.dll and mfc80.dll.

I have been unable to find any definitive information on the Microsoft web
site or anywhere else saying whether the problems with these files is serious
or how to fix it. Norton's web site finesses the problem by providing
instructions on how to get their scanning tools to stop reporting the missing
files.

After a week of attempting to re-download and install Microsoft's Feb
security patches, I have gone through a lengthy series of steps suggested in
bulletin Article 822798 for fixing problems with the Microsoft update
service. None have worked. Now, Since the issues with Qquicken involve
unreliable downloads, I am wondering whether my Microsoft download problems,
as well as the issues with with Quicken and other applications, all trace
back to the two missing or corrupted *.dll files.

Each vendor I contact advises that I uninstall and re-install everything,
which I am willing to do. I am reluctant to so, howewver, as long as these
two dll files remain a problem since none of the individual applications seem
to be the source of these tow files.

One of the techniques I used in following Article 822798 was to unregister
and re-register some dll files associated with the cryptographic service. I
wonder if that would work on the two dll files, ,but I am afraid to mess with
the registry without knowing if it will help or hurt. Do you know if
reregistering will lhelp or hurt, or do you have any other suggestions. Do
you know the source of these two dll files, and how I can repair them?

 

[Michael 1952]

Hi Donna,

I have found the solution. My friend, who builds our computers when he has
time, is returning our second computer next week and will take this computer
and completely rebuild it. That should take care of this set of problems as
well as another that is now occuring with some third party software. We do
not know if it is because I installed IE 7 and Outlook 2007 Pro on an
unstable system or not. Anyway it should run a lot better when he is
through. We will be reconnecting the GB network between the two and I have
been doing some reading on the Microsoft home server. We have about 3TB of
disk and it would be nice to use a server rather than sharing. Again thank
you very much for your time, excellent advice, and kind consideration.
Sincerely, Michael

 

[Donna Buenaventura]

You're welcome Michael.

Hi Donna,

I have found the solution. My friend, who builds our computers when he
has
time, is returning our second computer next week and will take this
computer
and completely rebuild it. That should take care of this set of problems
as
well as another that is now occuring with some third party software. We
do
not know if it is because I installed IE 7 and Outlook 2007 Pro on an
unstable system or not. Anyway it should run a lot better when he is
through. We will be reconnecting the GB network between the two and I
have
been doing some reading on the Microsoft home server. We have about 3TB
of
disk and it would be nice to use a server rather than sharing. Again
thank
you very much for your time, excellent advice, and kind consideration.
Sincerely, Michael