July 10, 2007 11:42 AM PDT

Microsoft fixes 11 flaws in six patches; three are critical

Microsoft has released its July 2007 security bulletin, which includes six updates: three are designated "critical" by the software giant; two are deemed "important," and one is ranked "moderate." Two affect Microsoft Office, and one affects the Windows Vista Firewall. This patch cycles also addresses one flaw first reported in 2005. To keep your Windows XP SP1 system secure, update to Windows XP SP2 today. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-036: Critical
Titled "Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542)," this bulletin affects users of Microsoft Office Excel 2000, 2002, 2003 and 2007, as well as the Microsoft Office compatibility pack for Office 2007, and addresses the vulnerabilities detailed in CVE-2007-1756, CVE-2007-3029 and CVE-2007-3030. Successful exploitation could lead to remote code execution.

MS07-037: Important
Titled "Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548)," this bulletin affects users of Microsoft Office Publisher 2007, and does not affect Microsoft Office Publisher 2000, 2002 or 2003, and addresses the vulnerabilities detailed in CVE-2007-1754. Successful exploitation could lead to remote code execution.

MS07-038: Moderate
Titled "Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)," this bulletin affects users of Windows Vista (32-bit and 64-bit), but does not affect Windows 2000, XP, and Windows Server 2003, and addresses the vulnerability detailed in CVE-2007-3038. Successful exploitation could allow an attacker to gather information about the affected host.

MS07-039: Critical
Titled "Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122)," this bulletin affects users of Windows 2000 Server and Windows Server 2003, and does not include Windows 2000, Windows XP and Windows Vista. It addresses the vulnerabilities detailed in CVE-2007-0040 and CVE-2007-3028. Successful exploitation could allow an attacker to take complete control of an affected system, install programs; view, change or delete data; or create new accounts.

MS07-040: Critical
Titled "Vulnerabilities in .Net Framework Could Allow Remote Code Execution (931212)," this bulletin affects users of .Net Framework 1.0, .Net Framework 1.1 and .Net Framework 2.0 on all Windows platforms, and does not affect users of .Net Framework 3.0 on all Windows platforms, and addresses the vulnerabilities detailed in CVE-2007-0041, CVE-2007-0042 and CVE-2007-0043. Successful exploitation could allow remote code to execute as well as information disclosure.

MS07-041: Important
Titled "Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373)," this bulletin affects users of Microsoft Internet Information Services (IIS) 5.1 running on Windows XP Professional SP 2, and does not affect Windows 2000, Windows XP Home SP 2, Windows Server 2003 and Windows Vista. It addresses the vulnerability detailed in CVE-2005-4360. Successful exploitation could allow an attacker to take complete control of the affected system.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.

Topics:: Security

Tags:: security,; Patch Tuesday,; Microsoft,; Windows,; Microsoft Office

Share:: Digg; Del.icio.us; Reddit; Facebook

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

Inside CNET News

Scroll Left Scroll Right

Technically Incorrect
Man loses job after searching too hard for aliens
An employee of an Arizona school district is asked to resign after school officials allege he had downloaded alien-seeking software to all the district's computers.
Gallery
App Store collector's items: 10 rarities (images)
The Open Road
Open source: No vow of poverty (or get-rich-quick scheme)
Open source is not a sure-fire way to get developers, income, or much of anything, but used right it can help to grow a proprietary software business. Go figure.
Beyond Binary
Microsoft investigating 'black screen of death'
The software maker is looking into reports that some users' systems aren't working right after installing the latest Windows security updates.
Video
Google Chrome OS demonstration
Digital Media
The browser battles go on and on
roundup From Firefox to IE and from Chrome to Opera and Safari, there's no sitting still for browser makers looking to keep their products fresh and competitive.
Video
Google Chrome OS unveiling
Geek Gestalt
Nintendo primed for holiday console dominance
Based on Thanksgiving week numbers provided by Nintendo, an analyst has concludes that the Wii appears likely to have far outsold the Xbox and PS3 in November.
Cutting Edge
Inside CERN with a collider scientist
Crave UK chats with a particle physicist directly involved in the Large Hadron Collider experiments to get a sense of what it's like to work in a geek heaven.
Gallery
Noisebridge hacker collective (photos)
Crave
iFotoGuide nature photography guides for the iPhone
iFotoGuide launches interactive nature photography guides for the Apple iPhone.
Relevant Results
Google hosts energy experts amid climate talks
Next week, the international community plans to discuss climate change and green energy, and U.S. energy experts kicked things off at Google's offices Monday