Microsoft fixes 11 flaws in six patches; three are critical

One patched flaw dates back to 2005.

Microsoft has released its July 2007 security bulletin, which includes six updates: three are designated "critical" by the software giant; two are deemed "important," and one is ranked "moderate." Two affect Microsoft Office, and one affects the Windows Vista Firewall. This patch cycles also addresses one flaw first reported in 2005. To keep your Windows XP SP1 system secure, update to Windows XP SP2 today. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-036: Critical
Titled "Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542)," this bulletin affects users of Microsoft Office Excel 2000, 2002, 2003 and 2007, as well as the Microsoft Office compatibility pack for Office 2007, and addresses the vulnerabilities detailed in CVE-2007-1756, CVE-2007-3029 and CVE-2007-3030. Successful exploitation could lead to remote code execution.

MS07-037: Important
Titled "Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548)," this bulletin affects users of Microsoft Office Publisher 2007, and does not affect Microsoft Office Publisher 2000, 2002 or 2003, and addresses the vulnerabilities detailed in CVE-2007-1754. Successful exploitation could lead to remote code execution.

MS07-038: Moderate
Titled "Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)," this bulletin affects users of Windows Vista (32-bit and 64-bit), but does not affect Windows 2000, XP, and Windows Server 2003, and addresses the vulnerability detailed in CVE-2007-3038. Successful exploitation could allow an attacker to gather information about the affected host.

MS07-039: Critical
Titled "Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122)," this bulletin affects users of Windows 2000 Server and Windows Server 2003, and does not include Windows 2000, Windows XP and Windows Vista. It addresses the vulnerabilities detailed in CVE-2007-0040 and CVE-2007-3028. Successful exploitation could allow an attacker to take complete control of an affected system, install programs; view, change or delete data; or create new accounts.

MS07-040: Critical
Titled "Vulnerabilities in .Net Framework Could Allow Remote Code Execution (931212)," this bulletin affects users of .Net Framework 1.0, .Net Framework 1.1 and .Net Framework 2.0 on all Windows platforms, and does not affect users of .Net Framework 3.0 on all Windows platforms, and addresses the vulnerabilities detailed in CVE-2007-0041, CVE-2007-0042 and CVE-2007-0043. Successful exploitation could allow remote code to execute as well as information disclosure.

MS07-041: Important
Titled "Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373)," this bulletin affects users of Microsoft Internet Information Services (IIS) 5.1 running on Windows XP Professional SP 2, and does not affect Windows 2000, Windows XP Home SP 2, Windows Server 2003 and Windows Vista. It addresses the vulnerability detailed in CVE-2005-4360. Successful exploitation could allow an attacker to take complete control of the affected system.

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    The best tech products of 2014
    Does this Wi-Fi-enabled doorbell Ring true? (pictures)
    Seven tips for securing your Facebook account
    The best 3D-printing projects of 2014 (pictures)
    15 crazy old phones from a Korean museum (pictures)
    10 gloriously geeky highlights from 2014 (pictures)