October 9, 2007 10:50 AM PDT

Microsoft fixes 9 flaws in 6 patches; 4 are critical

Microsoft today released its October 2007 security bulletin, which includes six updates: four are designated as Critical by the software giant; two are deemed Important, and one previously announced patch was dropped. On the Windows side there is a cumulative update for Internet Explorer, a patch for Outlook/Windows Mail, and one for an RPC vulnerability. On the Microsoft Office side, there is a patch for SharePoint Server and one critical patch for Microsoft Office Word, including Microsoft Office 2004 for Mac. And one patch for the Kodak Image Viewer. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-055: Critical

Entitled "Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)," this bulletin affects users of Microsoft Windows 2000, Windows XP SP2, and Windows Server 2003 x64 and Itanium-based users, or Windows Vista, and addresses the vulnerability detailed in CVE-2007-2217. A vulnerability exists in the way that the Kodak Image Viewer, formerly known as Wang Image Viewer, handles specially crafted images files. Successful exploitation could allow remote code execution.

MS07-056: Critical

Entitled "Security Update for Outlook Express and Windows Mail (941202)," this bulletin affects users of Outlook Express 5.5, 6, and Windows Mail running on Windows 2000, Windows XP, and Windows Server 2003, and Windows Vista, and addresses the vulnerability detailed in CVE-2007-3897. Successful exploitation due to an incorrectly handled malformed NNTP response could allow remote code execution.

MS07-057: Critical

Entitled "Cumulative Security Update for Internet Explorer (939653)," this bulletin affects users of Internet Explorer 5.01, 6, and 7 running on Windows 2000, Windows XP, and Windows Server 2003, and Windows Vista, and addresses the four vulnerabilities detailed in CVE-2007-3892, CVE-2007-3893, CVE-2007-1091 and CVE-2007-3826. Successful exploitation due could allow remote code execution.

MS07-058: Important

Entitled "Vulnerability in RPC Could Allow Denial of Service (933729)," this bulletin affects users of Windows 2000, Windows Server 2003, Windows XP, and Windows Vista, and addresses the vulnerability detailed in CVE-2007-2228. Successful exploitation could lead to a denial-of-service vulnerability.

MS07-059: Important

Entitled "Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)," this bulletin affects users of Microsoft Windows Server 2003 SP1 running SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007, and addresses the vulnerability detailed in CVE-2007-2581. Successful exploitation could allow an attacker to run arbitrary script to modify a user's cache, resulting in information disclosure at the workstation.

MS07-060: Critical

Entitled "Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)," this bulletin affects users of Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, and Microsoft Office 2004 for Mac, and does not affect Microsoft Office 2003 Service Pack 2 and 3 and 2007 Microsoft Office system, and addresses the vulnerability detailed in CVE-2007-3899. Successful exploitation if a user opens a specially crafted Word file with a malformed string could allow remote code execution.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.

Topics:: Security,; Microsoft

Tags:: security,; Microsoft,; Patch Tuesday

Share:: Digg; Del.icio.us; Reddit; Facebook

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

Inside CNET News

Scroll Left Scroll Right

Business Tech
Nokia sues Samsung, LG over LCD prices
It charges the LCD makers with collusion, citing an investigation of display panel price-fixing by the U.S. Justice Department.
Gallery
Peeking into Microsoft's retail store (photos)
The Open Road
Open source: No vow of poverty (or get-rich-quick scheme)
Open source is not a sure-fire way to get developers, income, or much of anything, but used right it can help to grow a proprietary software business. Go figure.
Beyond Binary
Inside the Apple, er, Microsoft Store
Although Redmond's foray into retail bears a big resemblance to Apple's approach, Microsoft has added some distinctive features to draw casual PC buyers and techies alike.
Video
A window into the Microsoft Store
Digital Media
The browser battles go on and on
roundup From Firefox to IE and from Chrome to Opera and Safari, there's no sitting still for browser makers looking to keep their products fresh and competitive.
Video
Google Chrome OS demonstration
Geek Gestalt
Nintendo primed for holiday console dominance
Based on Thanksgiving week numbers provided by Nintendo, an analyst has concludes that the Wii appears likely to have far outsold the Xbox and PS3 in November.
Technically Incorrect
Man loses job after searching too hard for aliens
An employee of an Arizona school district is asked to resign after school officials allege he had downloaded alien-seeking software to all the district's computers.
Gallery
App Store collector's items: 10 rarities (images)
Crave
Crave giveaway of the day: Panasonic Lumix DMC-ZR1 digital camera
Today's Crave Giveaway is a Panasonic Lumix DMC-ZR1 digital camera.
Relevant Results
Google hosts energy experts amid climate talks
Next week, the international community plans to discuss climate change and green energy, and U.S. energy experts kicked things off at Google's offices Monday