Microsoft Security Bulletin Summary for June 2007

If you haven’t hit the Windows Update button yet today, you should. Microsoft today released four critical patches to plug security holes in several versions of its Windows operating system, Internet Explorer Web browser and other programs. Three of the patches aim to protect Windows users who unwittingly expose their computers to attack by visiting Web pages infected with malicious code, or look at similarly tainted e-mails with Outlook Express or Windows Mail. A fourth patch prevents hackers from gaining remote access to PCs by installing a specially crafted program. Two of these critical updates fix holes in the company’s newest operating system, Windows Vista, which Microsoft has touted as the most secure ever.

MS07-031 - Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)
MS07-033 - Cumulative Security Update for Internet Explorer (933566)
MS07-034 - Cumulative Security Update for Outlook Express and Windows Mail (929123)
MS07-035 - Vulnerability in Win 32 API Could Allow Remote Code Execution (935839)

MS07-030 - Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)
MS07-032 - Vulnerability in Windows Vista Could Allow Information Disclosure (931213)

Additionally MS is re-releasing two bulletins:
MS07-012 - Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) (Updated to v2.0 to reflect applicability to Windows Server 2003 Service Pack 2, and explicitly noting that Platform SDK is not affected)
MS07-018 - Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939) Updated to fix an issue whereby custom CMS2002 install paths could be reset in the registry to the default paths, as noted in KB article 924429 “known issues” section)

View: Microsoft Security Bulletin Summary for June 2007
View: Microsoft Windows Update
Source: TechAmok