Microsoft Corporation has released seven latest security bulletins recently: MS07-023 through MS07-029, which affect certain versions of Microsoft Windows, IE, Office and Exchange Server products and services. According to the test results from NSFOCUS Security Team, all the reported vulnerabilities are categorized as "Critical", which might be exploited by attackers to compromise remotely a victim server and even take complete control over the client system.

As a response NSFOCUS security professionals strongly suggest that Windows operating system users install the latest patches with the WSUS update utility, and restart the computer for the update to take effect. Also, NSFOCUS recommends the following measures to mitigate the threat if the update patch is not available.

1. Do not open Excel documents from unknown sources; do not open unfamiliar or unexpected Excel or other Office documents; open and view files with Microsoft Word Viewer 2003.
2. Disable Outlook Web Access（OWA）on computers running Exchange Server; block HTML attachment as Level1 type in OWA; block HTML attachments as Level2 type in OWA.
3. Require authentication for connections to a server that is running Microsoft Exchange Server for all client and message transport protocols; 
4. Block iCal on Microsoft Exchange Server to protect against attempts to exploit this vulnerability through SMTP e-mail. Block TCP port 143 at the firewall if the IMAP service is not needed; disable the IMAP service; stop the IMAP virtual server;
5. Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX controls and Active Scripting in these zones;
6. Disable the COM object in Internet Explorer; disable attempts to instantiate the CAPICOM control in Internet Explorer.
7. Configure the registry to disable the remote management function via RPC of the DNS server; prohibit remote management through RPC; block all unsolicited inbound traffic on TCP and UDP port 445 and 139 as well as ports greater than 1024; enable advanced TCP/IP filtering on the system; use IPsec to block all affected TCP and UDP port 445 and 139 as well as ports greater than 1024 on the affected systems.

As a practice of “achieving security with the minimum service and privilege”, the above workarounds will basically not affect the normal operation of the system. Therefore, NSFOCUS security professionals suggest that the workarounds can still be followed even the latest patches have been installed on the system so as to block the potential intrusion and protect against the threatening due to unknown security vulnerabilities.

About NSFOCUS
NSFOCUS is a leading network security vendor in China that is devoted to network and system security research, as well as R&D, sales and service of high-level network security products. NSFOCUS is capable of providing IDS/IPS, remote assessment, DDoS prevention and other advanced products with internationally competitive advantages, and is the most experienced professional security service vendor in China.