Microsoft fixes 14 flaws in 9 patches; 6 are critical

In addition to Windows, patches also affect Office, Windows Media Player and, for the Mac, Office and Microsoft Virtual PC.

Microsoft today released its August 2007 security bulletin, which includes nine updates: Six are designated as "critical" by the software giant and three are deemed "important." Two patches affect Microsoft products on the Mac, and one affects Windows Vista. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-042: Critical
Titled "Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)" this bulletin affects users of Microsoft XML Core Services in Windows 2000, Windows Server 2003, and Windows Vista; it also affects Microsoft Office 2003, Office 2007 and Microsoft Office SharePoint Server; and it addresses the vulnerability detailed in CVE-2007-2223. Successful exploitation could lead to remote code execution.

MS07-043: Critical
Titled "Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)" this bulletin affects users of Windows 2000, Windows XP, Windows Server 2003 (all editions), Microsoft Office 2004 for Mac, and Microsoft Visual Basic 6.0 Service Pack 6 , and does not affect Windows Vista (32- and 64-bit editions). It addresses the vulnerability detailed in CVE-2007-2224. Successful exploitation could lead to remote code execution.

MS07-044: Critical
Titled "Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)" this bulletin affects users of Microsoft Office 2000 Service Pack 3, Microsoft Office XP, Microsoft Office 2003 Service Pack 2, Microsoft Excel Viewer 2003 and Microsoft Office 2004 for Mac. It addresses the vulnerability detailed in CVE-2007-3890. Successful exploitation could lead to remote code execution.

MS07-045: Critical
Titled "Cumulative Security Update for Internet Explorer (937143)" this bulletin affects users of Windows 2000, Windows Server 2003, Windows XP and Windows Vista, running Internet Explorer versions 5.01, 6.0 and 7.0. It addresses the vulnerabilities detailed in CVE-2007-0943, CVE-2007-2216 and CVE-2007-3041. Successful exploitation could allow remote exploitation if a user viewed a specially crafted Web page using Internet Explorer.

MS07-046: Critical
Titled "Vulnerability in GDI Could Allow Remote Code Execution (938829)" this bulletin affects users of Microsoft Windows 2000, Windows XP and Windows Server 2003 SP1, and does not affect Windows XP Professional, Windows Server 2003 SP2 and Windows Vista. It addresses the vulnerability detailed in CVE-2007-3034. Successful exploitation could allow a vulnerable user to open an e-mail with a specially crafted image that could potentially allow remote code execution.

MS07-047: Important
Titled "Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)" this bulletin affects users of Windows 2000, Windows Server 2003, Windows XP and Windows Vista, running Windows Media Player 7.1, 9, 10 and 11. It addresses the vulnerabilities detailed in CVE-2007-3037 and CVE-2007-3035. Successful exploitation could allow code exploitation if a user viewed a specially crafted file in Windows Media Player.

MS07-048: Important
Titled "Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)" this bulletin affects users of Windows Vista only, and addresses the vulnerabilities detailed in CVE-2007-3033, CVE-2007-3032 and CVE-2007-3891. Successful exploitation could allow an anonymous remote attacker to run code with the privileges of the logged-on user.

MS07-049: Important
Titled "Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)" this bulletin affects users of Microsoft Virtual PC 2004, Microsoft Virtual Server 2005 Standard Edition, Microsoft Virtual Server 2005 Enterprise Edition, Microsoft Virtual Server 2005 R2 Standard Edition, Microsoft Virtual Server 2005 R2 Enterprise Edition, Microsoft Virtual PC for Mac Version 6.1 and Microsoft Virtual PC for Mac Version 7. It addresses the vulnerability detailed in CVE-2007-0948. Successful exploitation could allow an attacker to take advantages of an elevation of privileges.

MS07-050: Critical
Titled "Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)" this bulletin affects users of Windows 2000, Windows Server 2003, Windows XP and Windows Vista, running Internet Explorer versions 5.01, 6.0 and 7.0. It addresses the vulnerability detailed in CVE-2007-1749. Successful exploitation could lead to remote code execution.

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Looking for an affordable tablet?

    CNET rounds up high-quality tablets that won't break your wallet.