MS07-035 — Critical: Vulnerability in Win 32 API Could Allow Remote Code Execution (935839)   12 Jun 2007 08:00 GMT
Bulletin Severity Rating:Critical - This critical security update resolves a privately reported vulnerability in a Win32 API. This vulnerability could allow remote code execution or elevation of privilege if the affected API is used locally by a specially crafted application. Therefore applications that use this component of the Win32 API could be used as a vector for this vulnerability. For example, Internet Explorer uses this Win32 API function when parsing specially crafted Web pages.
Source: TechNet

MS07-034 - Critical: Cumulative Security Update for Outlook Express and Windows Mail (929123)   12 Jun 2007 08:00 GMT
Bulletin Severity Rating:Critical - This critical security update resolves two privately reported and two publicly disclosed vulnerabilities. One of these vulnerabilities could allow remote code execution if a user viewed a specially crafted e-mail using Windows Mail in Windows Vista. The other vulnerabilities could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer and cannot be exploited directly in Outlook Express. For the information disclosure vulnerabilities, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Source: TechNet

MS07-033 - Critical: Cumulative Security Update for Internet Explorer (933566)   12 Jun 2007 08:00 GMT
Bulletin Severity Rating:Critical - This critical security update resolves five newly privately reported vulnerabilities and one publicly disclosed vulnerability. All but one of these vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. One vulnerability could allow spoofing, and also involves a specially crafted Web page. In all remote code execution cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. For the spoofing case, exploitation requires user interaction.
Source: TechNet

MS07-032 - Moderate: Vulnerability in Windows Vista Could Allow Information Disclosure (931213)   12 Jun 2007 08:00 GMT
Bulletin Severity Rating:Moderate - This moderate security update resolves a privately reported vulnerability. This vulnerability could allow non-privileged users to access local user information data stores including administrative passwords contained within the registry and local file system.
Source: TechNet

MS07-031 — Critical: Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)   12 Jun 2007 08:00 GMT
Bulletin Severity Rating:Critical - This critical security update resolves a privately reported vulnerability in the Secure Channel (Schannel) security package in Windows. The Schannel security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using an Internet Web browser or used an application that makes use of SSL/TLS. However, attempts to exploit this vulnerability would most likely result in the Internet Web browser or application exiting. The system would not be able to connect to Web sites or resources using SSL or TLS until a restart of the system.
Source: TechNet

MS07-030 - Important: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)   12 Jun 2007 08:00 GMT
Bulletin Severity Rating:Important - This important update resolves two privately discovered and responsibly reported vulnerabilities in addition to other security issues identified during the course of the investigation. The privately reported vulnerabilities could allow remote code execution if a user opened a specially crafted Visio file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required to exploit these vulnerabilities.
Source: TechNet

Review roundup: Slim is in for Windows desktop firewalls   12 Jun 2007 04:51 GMT
You don't have to buy big, bloated software from a well-known security company to get solid protection from a firewall -- in fact, many of the biggest names offer less protection than simpler, lesser-known security products.

Source: Computerworld

IDC White Paper: Storage Encryption: Implementing the Linchpin of Data Security   11 Jun 2007 13:00 GMT
(Source: IDC) Encrypting data in transit is a start - but encrypting data in storage is widely recognized as the next frontier in security. Find out how you can mitigate financial risk, prevent identity theft, block internal leaks and more - while keeping your vital information accessible and manageable.

Source: Computerworld

Hackers access personal info on faculty members at Univ. of Virginia   11 Jun 2007 13:00 GMT
Personal information on more than 5,700 current and former faculty members at the University of Virginia may have been stolen by hackers who accessed the data multiple times over a period of almost two years.

Source: Computerworld

Patch and Vulnerability Management - The Core of a Comprehensive Security Strategy   11 Jun 2007 13:00 GMT
(Source: Patchlink) Organizations today must tackle a wide range of challenges, including the need to prioritize their security initiatives to mitigate risk as efficiently and effectively as possible. Learn why organizations should first establish a robust patch and vulnerability management solution as the core of their information security strategy.

Source: Computerworld