• On TechRepublic: Why VISTA HATERS will love Windows 7
July 10, 2007 11:42 AM PDT

Microsoft fixes 11 flaws in six patches; three are critical

by Robert Vamosi

Microsoft has released its July 2007 security bulletin, which includes six updates: three are designated "critical" by the software giant; two are deemed "important," and one is ranked "moderate." Two affect Microsoft Office, and one affects the Windows Vista Firewall. This patch cycles also addresses one flaw first reported in 2005. To keep your Windows XP SP1 system secure, update to Windows XP SP2 today. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-036: Critical
Titled "Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542)," this bulletin affects users of Microsoft Office Excel 2000, 2002, 2003 and 2007, as well as the Microsoft Office compatibility pack for Office 2007, and addresses the vulnerabilities detailed in CVE-2007-1756, CVE-2007-3029 and CVE-2007-3030. Successful exploitation could lead to remote code execution.

MS07-037: Important
Titled "Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548)," this bulletin affects users of Microsoft Office Publisher 2007, and does not affect Microsoft Office Publisher 2000, 2002 or 2003, and addresses the vulnerabilities detailed in CVE-2007-1754. Successful exploitation could lead to remote code execution.

MS07-038: Moderate
Titled "Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)," this bulletin affects users of Windows Vista (32-bit and 64-bit), but does not affect Windows 2000, XP, and Windows Server 2003, and addresses the vulnerability detailed in CVE-2007-3038. Successful exploitation could allow an attacker to gather information about the affected host.

MS07-039: Critical
Titled "Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122)," this bulletin affects users of Windows 2000 Server and Windows Server 2003, and does not include Windows 2000, Windows XP and Windows Vista. It addresses the vulnerabilities detailed in CVE-2007-0040 and CVE-2007-3028. Successful exploitation could allow an attacker to take complete control of an affected system, install programs; view, change or delete data; or create new accounts.

MS07-040: Critical
Titled "Vulnerabilities in .Net Framework Could Allow Remote Code Execution (931212)," this bulletin affects users of .Net Framework 1.0, .Net Framework 1.1 and .Net Framework 2.0 on all Windows platforms, and does not affect users of .Net Framework 3.0 on all Windows platforms, and addresses the vulnerabilities detailed in CVE-2007-0041, CVE-2007-0042 and CVE-2007-0043. Successful exploitation could allow remote code to execute as well as information disclosure.

MS07-041: Important
Titled "Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373)," this bulletin affects users of Microsoft Internet Information Services (IIS) 5.1 running on Windows XP Professional SP 2, and does not affect Windows 2000, Windows XP Home SP 2, Windows Server 2003 and Windows Vista. It addresses the vulnerability detailed in CVE-2005-4360. Successful exploitation could allow an attacker to take complete control of the affected system.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Security

Tags:

security,

Patch Tuesday,

Microsoft,

Windows,

Microsoft Office

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Was InfoWorld's CTO of the Year award a year late?
VMWare VI4 renamed to vSphere
Related
Add a Comment (Log in or register) (10 Comments)
  • prev
  • 1
  • next
Patch Fails, Windows Is Such a Piece Of Sh*t
by Stating July 10, 2007 11:11 PM PDT
Microsfoft says, "Hurry hurry, apply these patches." So you jump out of your skin and apply teh patches and the patches fail. What a POS.

Security update fir Microsoft.net version 2.0. KB928365. And why the hell is Net 2.0 STILL being patched. It has been out for ages now.
Reply to this comment
Relax, man. It is just going to be fine.
by benjiernmd July 11, 2007 4:59 AM PDT
No OS is perfect. Even the Mac OS X, which has been out for so
long, is being patched every now and then.
View all 3 replies
Because
by suyts July 11, 2007 9:17 PM PDT
there are new as*holes born every day. I atually like windows because it allows so much functionality without having to be a engineer. You don't like it? Don't use it. It's not tricky, buy Mac or download some other OS. It really is that easy. One day, children will understand that the lack of functionality of other OS's stem from their own lack of ability.
View reply
microsoft patches
by vvgman July 11, 2007 12:59 AM PDT
I guess I need a warning that I would have to upgrade my video card drivers when I restart the computer. I have never seen the resolution go to 4 bit 600x400 before. Why is it that thenever the come out with a patch, there is an emergency fix.

I am not blaming microsoft here, they arent the only ones, blizzard, sony, and many more I have be a computer programmer for over 30 years, Since when do people release this crap?

My personal hope is for all of the so-called geniuses get to go to a special hell where they only get to smell how great their dinner is and it never gets completely cooked!
Reply to this comment
(10 Comments)
  • prev
  • 1
  • next

Making sense of Windows 7 upgrades

faq The basics and the fine print on Microsoft's options for those eyeing the next operating system from Redmond.
• Full Windows 7 coverage

Road Trip 2009: Big Sky Country

CNET News reporter Daniel Terdiman takes his car full of gadgets to the Rockies and the Great Plains in search of tech, science, nature, and more.
• America's Fortress: Cheyenne Mountain

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET