Microsoft fixes 15 flaws with six patches; four considered critical

Microsoft has released its June 2007 security bulletin, which includes six updates: four are designated Critical by the software giant. Two of the patches affect Windows Vista, with one Critical patch specific to Internet Explorer. One of the Important patches affects Microsoft Office. To keep your Windows XP SP1 system secure, update to Windows XP SP2 today. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-030: Important
Entitled "Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)," this bulletin affects users of Microsoft Visio 2002 and Microsoft Visio 2003 but does not affect Microsoft Office Visio 2007, and it addresses the vulnerabilities detailed in CVE-2007-0934 and CVE-2007-0936. Successful exploitation could lead to remote code execution.

MS07-031: Critical
Entitled "Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)," this bulletin affects users of Microsoft Windows 2000, XP SP2, XP Professional x64, and Windows Server 2003 (SP 1 and 2, x64, and Itanium-based systems) but does not affect Windows Vista, and it addresses the vulnerabilities detailed in CVE-2007-2218. Successful exploitation could lead to remote code execution.

MS07-032: Moderate
Entitled "Vulnerability in Windows Vista Could Allow Information Disclosure (931213)," this bulletin affects users of Windows Vista (32-bit and 64-bit) but does not affect Windows 2000, XP, and Windows Server 2003 and addresses the vulnerability detailed in CVE-2007-2229. Successful exploitation could nonprivileged users to access local user information.

MS07-033: Critical
Entitled "Cumulative Security Update for Internet Explorer (933566)," this bulletin affects users of Windows 2000, Windows XP, Windows Server 2003, and Windows Vista, running Internet Explorer 5.01, 6.0, and 7.0 and addresses the vulnerabilities detailed in CVE-2007-0218, CVE-2007-1750, CVE-2007-1751, CVE-2007-1752, CVE-2007-3027, and CVE-2007-0222. Successful exploitation could lead to remote code execution.

MS07-034: Critical
Entitled "Cumulative Security Update for Outlook Express and Windows Mail (929123)," this bulletin affects users of Windows 2000, Windows XP, Windows Server 2003, and Windows Vista, running Outlook Express 6 and/or Windows Mail but does not affect Windows 2000 systems running Outlook Express 5.5 or 6 and addresses the vulnerabilities detailed in CVE-2007-2111, CVE-2007-1658, CVE-2007-2225, CVE-2007-2227. Successful exploitation could allow information disclosure.

MS07-035: Critical
Entitled "Vulnerability in Win 32 API Could Allow Remote Code Execution (935839)," this bulletin affects users of Windows 2000, Windows XP (all editions), and Windows Server 2003 (all editions) but does not affect Windows Vista and addresses the vulnerability detailed in CVE-2007-2219. Successful exploitation could allow remote code execution or elevation of privilege.