• On GameSpot: Handheld Xbox coming...eventually.
June 12, 2007 10:58 AM PDT

Microsoft fixes 15 flaws with six patches; four considered critical

by Robert Vamosi

Microsoft has released its June 2007 security bulletin, which includes six updates: four are designated Critical by the software giant. Two of the patches affect Windows Vista, with one Critical patch specific to Internet Explorer. One of the Important patches affects Microsoft Office. To keep your Windows XP SP1 system secure, update to Windows XP SP2 today. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-030: Important
Entitled "Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)," this bulletin affects users of Microsoft Visio 2002 and Microsoft Visio 2003 but does not affect Microsoft Office Visio 2007, and it addresses the vulnerabilities detailed in CVE-2007-0934 and CVE-2007-0936. Successful exploitation could lead to remote code execution.

MS07-031: Critical
Entitled "Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)," this bulletin affects users of Microsoft Windows 2000, XP SP2, XP Professional x64, and Windows Server 2003 (SP 1 and 2, x64, and Itanium-based systems) but does not affect Windows Vista, and it addresses the vulnerabilities detailed in CVE-2007-2218. Successful exploitation could lead to remote code execution.

MS07-032: Moderate
Entitled "Vulnerability in Windows Vista Could Allow Information Disclosure (931213)," this bulletin affects users of Windows Vista (32-bit and 64-bit) but does not affect Windows 2000, XP, and Windows Server 2003 and addresses the vulnerability detailed in CVE-2007-2229. Successful exploitation could nonprivileged users to access local user information.

MS07-033: Critical
Entitled "Cumulative Security Update for Internet Explorer (933566)," this bulletin affects users of Windows 2000, Windows XP, Windows Server 2003, and Windows Vista, running Internet Explorer 5.01, 6.0, and 7.0 and addresses the vulnerabilities detailed in CVE-2007-0218, CVE-2007-1750, CVE-2007-1751, CVE-2007-1752, CVE-2007-3027, and CVE-2007-0222. Successful exploitation could lead to remote code execution.

MS07-034: Critical
Entitled "Cumulative Security Update for Outlook Express and Windows Mail (929123)," this bulletin affects users of Windows 2000, Windows XP, Windows Server 2003, and Windows Vista, running Outlook Express 6 and/or Windows Mail but does not affect Windows 2000 systems running Outlook Express 5.5 or 6 and addresses the vulnerabilities detailed in CVE-2007-2111, CVE-2007-1658, CVE-2007-2225, CVE-2007-2227. Successful exploitation could allow information disclosure.

MS07-035: Critical
Entitled "Vulnerability in Win 32 API Could Allow Remote Code Execution (935839)," this bulletin affects users of Windows 2000, Windows XP (all editions), and Windows Server 2003 (all editions) but does not affect Windows Vista and addresses the vulnerability detailed in CVE-2007-2219. Successful exploitation could allow remote code execution or elevation of privilege.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Security,

Windows,

Microsoft

Tags:

security,

Microsoft,

Windows,

Patch Tuesday

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Related
Critical Windows 7 holes fixed in record Patch Tuesday
Podcast: Symantec researcher on biggest Patch Tuesday ever
Microsoft to fix holes in Windows, Office
Week in review: Data loss disasters
Firefox 3.5.4 closes security holes
Chrome and others nibble away IE usage
IOBit 360 refreshed for Windows 7
IBM and Canonical team up against Windows 7
Add a Comment (Log in or register) (7 Comments)
  • prev
  • 1
  • next
Who cares?! just use auto update
by bobby_brady June 12, 2007 12:44 PM PDT
and this is all really a non-issue.
Reply to this comment
admins care...
by cnetanon June 12, 2007 2:44 PM PDT
sys admins care... we of course know it's patch tuesday but it's nice to have an easy to read synopsis of each... auto update on production servers?? anyone remember nt4 sp2? would have been great with auto update back then...
spam
by n3td3v June 12, 2007 1:06 PM PDT
I don't know if its "proper" to spam the Microsoft patch descriptions down the blog post, its not something any representative of Cnet has done before.
Reply to this comment
can't update
by prberg June 12, 2007 2:25 PM PDT
Anyone know why I can't download these patches? Normally my windows update works fine, but now the yellow shield is down in the corner and stuck at 0% downloading. I did check through IE and it wants me to download the 'genuine validation tool'. is that required? It didn't seem like a necessary update but I have to download it??

thanks.
Reply to this comment
Wait until after Black Tuesday
by danxy June 12, 2007 3:13 PM PDT
Black Tuesday is always overloaded. Wait until the day after Black Tuesday.

Better yet, use automatic updates and schedule them for Wednesdays, for example.
Not bad!
by giuliocesare June 12, 2007 3:42 PM PDT
Microsoft Windows Vista: 15 security holes, fixed with 6 patches...not bad, considering that Vista is not even 6 months old.
Reply to this comment
More for the Mac
by Lindy01 June 13, 2007 4:03 AM PDT
in the same period of time. http://www.apple.com/support/downloads/

In either case, it only really matters if you have a sucssesful exploit/hack....as in are there any credible reports of a an actuall attack in the wild? That did anything? That was not some kind of test?

I read all the time about fixes....rarely do you see the massive attacks like we saw back in the days of slammer.
(7 Comments)
  • prev
  • 1
  • next
advertisement
Click Here

After 5 years, Firefox faces new challenges

Mozilla helped reshape the Web since releasing Firefox 1.0 five years ago. Now it's got a reawakened Microsoft and Google Chrome to reckon with.

There's a map for that: GPS or smartphone?

Almost every handset comes with mapping software these days, but standalone GPS devices are becoming more affordable than ever.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET