Microsoft released its security patches for September, fixing known vulnerabilities in its MSN Messenger software and Unix services for Windows as well as a critical bug in Windows 2000.
Microsoft patched four bugs in its products.
The Windows 2000 update (MS07-051) is the only one Microsoft rates as critical. It affects the Microsoft Agent software that Web developers use to create interactive characters on Web pages. By tricking a Windows 2000 user into visiting a maliciously encoded Web page, an attacker could exploit this flaw to run unauthorized software on a victim's computer.
The second patch (MS07-053) is related to a vulnerability in Windows Services for UNIX. Rated as important, this security update resolves a vulnerability that exists in Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications that where running certain setuid binary files that could allow an attacker to gain elevation of privilege.
MSN Messenger and Windows Live Messenger users will be prompted to upgrade their software (MS07-054) when they connect with Microsoft's instant-messaging services, Microsoft said in its notes on the security update. MSN Messenger 7.0.0820 or Windows Live Messenger 8.1 are not vulnerable to the flaw, Microsoft said.
The fourth patch (MS07-052) issued Tuesday fixes a bug in Crystal Reports for Visual Studio. Attackers could run code on a victim's PC by getting them to open a specially crafted Crystal Reports RPT file, Microsoft said.
For more information visit
http://www.microsoft.com/technet/security/bulletin/ms07-sep.mspx.