Alert Number:  111307-01
Alert Date:  11/13/07
Alert Title:  Microsoft security bulletin release for November
Update-to:  101707-01 "*UNPATCHED* Vulnerability in Windows XP/Server 2003 running IE 7"
OS/Platform/Application:
Microsoft Windows XP (including Service Pack 2, Professional, and x64 Edition)
Microsoft Windows Server 2003 (including Service Pack 1&2, x64, and Itanium-based systems)
Microsoft Windows 2000 Service Pack 4
Category:  ALERT
Severity:  HIGH
Attention:  Windows system Administrators, Desktop Support Personnel, Microsoft users

Summary:  On November 13 2007 Microsoft released the latest in its monthly cycle of security bulletins.  Included in this update are two bulletins (MS07-061 through MS07-062), one of which is listed as "critical" by the vendor. 

Readers should take note that MS07-061 (The Microsoft URI Handling vulnerability) is CURRENTLY BEING ACTIVELY EXPLOITED per reports from Microsoft and other Internet security-related agencies.  A link to the original ALARM Alert detailing this vulnerability is provided below.

Recommended Actions:  Windows System Administrators/users are encouraged to read the security bulletin and (if appropriate) install the updated bulletins as soon as possible.

ITS Actions:  ITS Systems Management and Operations Staff will apply all necessary patches to the appropriate ITS servers as part of the next scheduled system update.

Resources:

Microsoft Security Bulletin for November 2007:
http://www.microsoft.com/technet/security/bulletin/ms07-nov.mspx

ALARM Alert 101707-01 (details various aspects of the URI Vulnerability):
http://www.albany.edu/its/alerts_archive_2007_101707-01.htm