Culture

Microsoft releases January patches

Robert Vamosi Former Editor

As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

See full bio

Robert Vamosi

Jan. 9, 2007 12:36 p.m. PT

2 min read

Microsoft has released its January 2007 security bulletin, which includes four updates. Three are listed as "critical," the company's highest risk rating, and one is listed as "important," the next step down.

Three of the updates this month are specific to Microsoft Office, and one includes Mac versions of Office. Microsoft no longer offers technical support for Windows 98 and Windows Me, nor does it continue to provide technical support for users of Windows XP SP1. (To keep your Windows 98 and Me systems secure, see CNET Reviews' roundup of compatible third-party security applications. To keep your Windows XP SP1 system secure, update to Windows XP SP2 today. )

All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-001: Important
Entitled "Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585)," this bulletin affects users of Microsoft Office 2003 Brazilian Portuguese Grammar Checker and addresses the vulnerabilities detailed in CVE-2006-5574. Successful exploitation could lead to remote code execution.

MS07-002: Critical
Entitled "Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198), " this bulletin affects users of Microsoft Excel 2000, Microsoft Excel 2002, Microsoft Excel 2003, Microsoft Office Excel Viewer 2003, Microsoft Works Suite 2004, Microsoft Works Suite 2005, Microsoft Office 2004 for Mac, and Microsoft Office v. X for Mac and addresses the vulnerabilities detailed in CVE-2007-0027, CVE-2007-0028, CVE-2007-0029, CVE-2007-0030, and CVE-2007-0031. Successful exploitation could lead to remote code execution.

MS07-003: Critical
Entitled "Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)," this bulletin affects users of Microsoft Outlook 2000, 2002, and 2003, and addresses the vulnerability detailed in CVE-2007-0033, CVE-2006-1305, CVE-2007-0034. Successful exploitation could lead to remote code execution.

MS07-004: Critical
Entitled "Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)" this bulletin affects users of Windows 2000 (SP4), Windows XP (SP2 and x64), and Windows Server 2003 (SP1 and x64), and addresses the vulnerabilities detailed in CVE-2007-0024. Successful exploitation could lead to remote code execution.