| FNAL Critical Vulnerability Platform: Windows system Product: Microsoft Windows (VML Buffer Overrun Vulnerability) Exploitation: Remote Code Execution Patch URL: http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx or Fermi SMS or Fermi WSUS or Microsoft Windows Update Patch By: 01-19-2007 There is a now a working exploit for the announced vulnerability from Microsoft (MS07-004 929969) in the Vector Markup Language for Windows systems. This looks to be an extension from an older MS06-055 (925486) vulnerability. The two primary attack vectors are web pages and HTML email. Since we have a lot of users who read email in HTML format or utilize Web based email, this patch is declared critical. Please patch by Friday, 1-19-2007. |
|
For assistance contact helpdesk@fnal.gov.
Information compiled and maintained by Computer Security Team ; last modified by JK on Jan 12, 2007. (Address comments about page to the Computer Security Team.) |