Microsoft Corp. has released two security bulletins encompassing two vulnerabilities. This report provides an initial summary of these pending issues.
 

Security Bulletin MS07-061: Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)
http://www.microsoft.com/technet/security/bulletin/MS07-061.mspx

CVE Number: CVE-2007-3896
iDefense Title: Microsoft Windows Internet Explorer 7 URI Handler Command Injection Vulnerability
iDefense Master ID: 464668
iDefense Severity: HIGH

Remote exploitation of an input validation vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code with the privileges of the victim.
 

Security Bulletin MS07-062: Vulnerability in DNS Could Allow Spoofing (941672)
http://www.microsoft.com/technet/security/bulletin/MS07-062.mspx

CVE Number: CVE-2007-3898
iDefense Title: Microsoft Windows DNS Server Weak Entropy Transaction ID Information Disclosure Vulnerability
iDefense Master ID: 465540
iDefense Severity: MEDIUM

An information disclosure vulnerability in Microsoft Corp.'s Windows DNS server could allow an attacker to gain information about DNS transaction IDs, which could result in spoofing attacks.