• On MovieTome: See the villain of IRON MAN 2!
August 14, 2007 10:39 AM PDT

Microsoft fixes 14 flaws in 9 patches; 6 are critical

by Robert Vamosi
  • Font size
  • Print
  • 17 comments

Microsoft today released its August 2007 security bulletin, which includes nine updates: Six are designated as "critical" by the software giant and three are deemed "important." Two patches affect Microsoft products on the Mac, and one affects Windows Vista. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-042: Critical
Titled "Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)" this bulletin affects users of Microsoft XML Core Services in Windows 2000, Windows Server 2003, and Windows Vista; it also affects Microsoft Office 2003, Office 2007 and Microsoft Office SharePoint Server; and it addresses the vulnerability detailed in CVE-2007-2223. Successful exploitation could lead to remote code execution.

MS07-043: Critical
Titled "Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)" this bulletin affects users of Windows 2000, Windows XP, Windows Server 2003 (all editions), Microsoft Office 2004 for Mac, and Microsoft Visual Basic 6.0 Service Pack 6 , and does not affect Windows Vista (32- and 64-bit editions). It addresses the vulnerability detailed in CVE-2007-2224. Successful exploitation could lead to remote code execution.

MS07-044: Critical
Titled "Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)" this bulletin affects users of Microsoft Office 2000 Service Pack 3, Microsoft Office XP, Microsoft Office 2003 Service Pack 2, Microsoft Excel Viewer 2003 and Microsoft Office 2004 for Mac. It addresses the vulnerability detailed in CVE-2007-3890. Successful exploitation could lead to remote code execution.

MS07-045: Critical
Titled "Cumulative Security Update for Internet Explorer (937143)" this bulletin affects users of Windows 2000, Windows Server 2003, Windows XP and Windows Vista, running Internet Explorer versions 5.01, 6.0 and 7.0. It addresses the vulnerabilities detailed in CVE-2007-0943, CVE-2007-2216 and CVE-2007-3041. Successful exploitation could allow remote exploitation if a user viewed a specially crafted Web page using Internet Explorer.

MS07-046: Critical
Titled "Vulnerability in GDI Could Allow Remote Code Execution (938829)" this bulletin affects users of Microsoft Windows 2000, Windows XP and Windows Server 2003 SP1, and does not affect Windows XP Professional, Windows Server 2003 SP2 and Windows Vista. It addresses the vulnerability detailed in CVE-2007-3034. Successful exploitation could allow a vulnerable user to open an e-mail with a specially crafted image that could potentially allow remote code execution.

MS07-047: Important
Titled "Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)" this bulletin affects users of Windows 2000, Windows Server 2003, Windows XP and Windows Vista, running Windows Media Player 7.1, 9, 10 and 11. It addresses the vulnerabilities detailed in CVE-2007-3037 and CVE-2007-3035. Successful exploitation could allow code exploitation if a user viewed a specially crafted file in Windows Media Player.

MS07-048: Important
Titled "Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)" this bulletin affects users of Windows Vista only, and addresses the vulnerabilities detailed in CVE-2007-3033, CVE-2007-3032 and CVE-2007-3891. Successful exploitation could allow an anonymous remote attacker to run code with the privileges of the logged-on user.

MS07-049: Important
Titled "Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)" this bulletin affects users of Microsoft Virtual PC 2004, Microsoft Virtual Server 2005 Standard Edition, Microsoft Virtual Server 2005 Enterprise Edition, Microsoft Virtual Server 2005 R2 Standard Edition, Microsoft Virtual Server 2005 R2 Enterprise Edition, Microsoft Virtual PC for Mac Version 6.1 and Microsoft Virtual PC for Mac Version 7. It addresses the vulnerability detailed in CVE-2007-0948. Successful exploitation could allow an attacker to take advantages of an elevation of privileges.

MS07-050: Critical
Titled "Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)" this bulletin affects users of Windows 2000, Windows Server 2003, Windows XP and Windows Vista, running Internet Explorer versions 5.01, 6.0 and 7.0. It addresses the vulnerability detailed in CVE-2007-1749. Successful exploitation could lead to remote code execution.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Security

Tags:

security,

Microsoft,

Patch Tuesday

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Related
Microsoft to fix holes in Windows, Office
Microsoft patches critical hole in Windows kernel
Microsoft probing Windows 7 zero-day hole
Microsoft warns of IE exploit code in the wild
Microsoft patching zero-day Windows 7 SMB hole
Firefox 3.5.4 closes security holes
Browser security features compared
After 5 years, Firefox faces new challenges
Add a Comment (Log in or register) (17 Comments)
  • prev
  • 1
  • next
You Can Polish A Turd...
by jaygilb August 14, 2007 12:03 PM PDT
But it will always be a turd.

Could Allow Remote Code Execution...
Reply to this comment
Vista And IE 7 Vulnerabilities Are Troubling
by Stating August 14, 2007 12:39 PM PDT
It seems from the latest (and past) bugs that Vista and IE7 are about as vulnerable as their predecessors. How is this possible? How is it that a few programmers in Russia, China, Estonia, etc., can outsmart Microsoft's entire Engineering and QA teams? If I were Steve Balmer I would want to know the answer to this.
Reply to this comment
It impossible to tell who discovered the flaws
by aka_tripleB August 14, 2007 2:09 PM PDT
Just because someone finds flaws doesn't mean someone beside Microsoft found them and started exploiting them. It just means that Microsoft has been notified, either by internal staff or third party analysts, and want to protect its customers. At least Microsoft patches their flaws, from what I understand Linux most distributers don't protect their customers at all. And let's not forget that Microsoft along with every other company in the world is ultimately ran by people. People aren't perfect, so there will always be flaws.
View reply
Flaws Flaws eveywhere Flaws
by jesmac418 August 14, 2007 1:29 PM PDT
You know ever month Mirosoft releases patches and the critics
come out and bash Microsoft. I pretty much think Microsoft knows
they have problems. I think most user's know Windows is a security
risk and that you need firewall's and Anti virus to be safe.
Even Apple has patches, so does Firefox and Linux. So what!
Tell you what folks, if we did'nt have freakin hackers who seem to
have nothing better to do in life then try and break into computers
we could all enjoy computing a lot better. Finding a hole in code
seems to be the only fun they have. For them I say GET A LIFE!
Reply to this comment
like having your head in the sand?
by Dalkorian August 14, 2007 2:15 PM PDT
Jesmac418 posted this thought:

"Tell you what folks, if we did'nt have freakin hackers who seem
to
have nothing better to do in life then try and break into
computers
we could all enjoy computing a lot better."

You think so? Do you mean you prefer true malicious types to be
the only ones who know about these flaws, or that these flaws
should only be exposed by other faulty programs?

Personally I'm happy that some people enjoy breaking systems.
In the end we get better, stronger and more secure systems
because of it. Even winblows, unarguably the least secure and
most bloated trashware OS ever devised, has improved greatly
because of hackers with nothing better to do. Remember 95/98?
View reply
Does Apple PC's Have These Issues??
by drumstorm August 14, 2007 2:21 PM PDT
After five years, with all of these security updates, viruses, and spyware to worry about for my Windows XP Home & IE7, my wife says if we would pruchase a Mac, I wouldn't feel so stressed out. Maybe it's time to switch.
Reply to this comment
Yes, they do.
by Vegaman_Dan August 14, 2007 2:53 PM PDT
The applications were Microsoft based, but the flaws carried over to both Macintosh and Windows on several of the issues. And no, Apple hasn't done anything about it, nor should they. It's Microsoft's software so I would expect Microsoft to fix it.

And they did.
apple just as bad
by superdave132 August 14, 2007 4:01 PM PDT
apple has just as many faults, it just hasn't been as exploited as windows because its a smaller company,but after microsoft finishes pushing everybody over to the mac it will be just as bad.

P.S. now linux is a different story, built from the ground up with security in mind.
View all 2 replies
AAAHHH YES WINDOZE X-treme P-atching INVOLVED, DON'T U JUST LOVE IT !
by RichardHalzel August 14, 2007 8:20 PM PDT
Here We go again, I just went through and counted every Update that is on My Computer, and Guess what there are 99 Updates Installed On it and if U coun't
XP-Service Pack 2 which was an Update also that make's 100, that's Ridiculous, and there are already 4 Major Update's Installed for IE7 alone. When Will It ever End ???????????
Reply to this comment
.Net Framework 3.0 refuses to install?,etc.
by binzel August 14, 2007 10:03 PM PDT
1. What's the deal? I've tried to uninstall it, from Add/Remove, & it tries to re-install. Downloaded the dotnetfx3..., but that doesn't go all the way thru either. What gives? Any ideas or clues.

2. I just downloaded the CCleaner, but am afraid to just let it do its thing, as it came up with 400+ errors! What if it takes out stuff & then my computer is really screwed up? Is there a danger of this? Some of the comments on the Ccleaner page indicated you needed to be careful, so what should I NOT let it clean?
Reply to this comment
The Perfect Solution
by internetworld7 September 9, 2007 10:22 PM PDT
Put your PC in the trash and get a Mac. www.apple.com
Bad links
by UKposter August 15, 2007 3:09 AM PDT
The last 4 links, MS07-047-50 in this post all link to the same page, the WMP update, or at least they are doing so currently on FF and Win XP Pro.
Reply to this comment
Not fixed yet
by UKposter August 16, 2007 9:12 AM PDT
Over a day later and the links are still not fixed.
(17 Comments)
  • prev
  • 1
  • next
advertisement

The browser battles go on and on

roundup From Firefox to IE and from Chrome to Opera and Safari, there's no sitting still for browser makers looking to keep their products fresh and competitive.

3G wireless still holds promise

The next generation of 4G wireless may get all the headlines, but advanced 3G technology will likely dominate services for the next few years.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement
Click Here

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET