Patch Now!

It’s Black Tuesday — the day when Microsoft releases it’s monthly security updates. Please go to Microsoft Update if you use Microsft and get patched now. There’s a pernicious virus exploit already out there in the wild for the Skype / IE7 problem.

Summary of patches from The Internet Storm center at SANS:
Overview of the November 2007 Microsoft patches and their status.

# Affected Contra Indications Known Exploits Microsoft rating ISC rating(*)
clients servers
MS07-061 An input validation failure allows remote code execution. Replaces MS06-045
Windows shell – exposed via IE7, skype, acrobat, …

CVE-2007-3896 KB 943460
Well known problem, exploit in the wild Critical PATCH NOW

MS07-062 Lack of entropy in pseudo random number generation results in weak transaction IDs and therefore in DNS spoofing vulnerabilities. DNS spoofing can lead to man-in-the-middle attacks and more.
Replaces MS07-029

CVE-2007-3898 KB 941672 No publicly known exploits Important Important(**) Critical(**)