Microsoft fixes nineteen flaws in seven patches; all are considered critical updates

Included are patches for several high profile zero day attacks and fixes for Office for Mac 2004 users.

Microsoft has released its May 2007 security bulletin, which includes seven updates: All are listed as Critical. Two of the patches affect Microsoft Windows, with one critical patch specific to Internet Explorer. Three of the patches affects Microsoft Office, and include Office for Mac 2004 uses. To keep your Windows XP SP1 system secure, update to Windows XP SP2 today. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-023: Critical

Entitled "Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)" this bulletin affects users of Microsoft Office 2000 through 2007, plus Office 2004 for Mac, and addresses the vulnerabilities detailed in CVE-2007-0215, CVE-2007-1203, and 2007-0214. Successful exploitation could lead to remote code execution.

MS07-024: Critical

Entitled "Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)" this bulletin affects users of Microsoft Office 2000 through 2003, plus Office 2004 for Mac, but does not affect Office 2007, and addresses the vulnerabilities detailed in CVE-2007-0035, CVE-2007-0870, and CVE-2007-1202 Successful exploitation could lead to remote code execution.

MS07-025: Critical

Entitled "Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)" this bulletin affects users of Microsoft Office 2000 through 2003, plus Office 2004 for Mac, but does not affect Office 2007, and addresses the vulnerability detailed in CVE-2007-1747. Successful exploitation could lead to remote code execution.

MS07-026: Critical

Entitled "Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)" this bulletin affects users of Windows Exchange 2000, Exchange Server 2003, and Exchange Server 2007, and addresses the vulnerabilities detailed in CVE-2007-0220, CVE-2007-0039, CVE-2007-1213, and CVE-2007-0221. Successful exploitation could lead to remote code execution.

MS07-027: Critical

Entitled "Cumulative Security Update for Internet Explorer (931768)" this bulletin affects users of Windows 2000 through Vista, Internet Explorer versions 5.01 through 7, and addresses the vulnerabilities detailed in CVE-2007-0942, CVE-2007-0944, CVE-2007-0945, CVE-2007-0946, CVE-2007-0947, and CVE-2007-2221. Successful exploitation could lead to remote code execution.

MS07-028: Critical

Entitled "Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)" this bulletin affects users of CAPICOM and BizTalk Server 2004, but not affect BizTalk Server 2000, 2002, and 2006, and addresses the vulnerability detailed in CVE-2007-0940. Successful exploitation could lead to remote code execution.

MS07-029: Critical

Entitled "Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966)" this bulletin affects users of Windows Server 2000 and 2003, but does not affect Windows 2000, Windows XP (SP2), and Windows Vista, and addresses the vulnerability detailed in CVE-2007-1748. Successful exploitation could lead to remote code execution.

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    Nissan gives new Murano bold style (pictures)
    Top great space moments in 2014 (pictures)
    This is it: The Audiophiliac's top in-ear headphones of 2014 (pictures)
    ZTE's wallet-friendly Grand X (pictures)
    Lenovo reprises clever design for the Yoga Tablet 2 (Pictures)
    Top-rated reviews of the week (pictures)