Nortel Response to Microsoft Security Bulletin MS07-031
| Description: |
Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories On June 12, 2007, Microsoft released a security update MS07-031 - Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840). Some Nortel products are potentially affected by the vulnerabilities addressed in MS07-031. This bulletin provides a multi-product consolidated response for the Nortel products which contain a Microsoft software component potentially affected by MS07-031 MS07-031 addresses the following potential vulnerability: 1) Vulnerability in the Windows Schannel Security Package - CVE-2007-2218 A remote code execution vulnerability exists in the way that Windows Schannel on a client machine validates server-sent digital signatures. An attacker could host a specially crafted Web site that is designed to exploit these vulnerabilities through an Internet Web browser and then convince a user to view the Web site. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site Maximum Severity Rating: Critical Security Update Replacement: This security update does not replace a prior security update. For more information: Please contact your next level of support or visit for support numbers within your region. Nortel security advisories: Nortel Partner Information Center (PIC) website: |
| Type: |
Security Advisories |
| Number: |
2007008068, Rev 1 |
| Status: |
Retired |
| Date: |
2007-11-16 |
