dslreports logo
site
spacer

spacer
 
    All FAQs Site FAQ DSL FAQ Cable Tech About DSL Distance DSL Hurdles »»
spc

spacer




how-to block ads



This FAQ will be updated as bulletins are released throughout the year.

Notes:
Released 12/11/07

MS07-069 Cumulative Security Update for Internet Explorer (942615)

Maximum Severity Rating: Critical

Affected Software/Operating System:
  • Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1
    • Windows 2000 Service Pack 4

  • Internet Explorer 6
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
  • Internet Explorer 7
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista
    • Windows Vista x64 Edition

Released 12/11/07

MS07-068 Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)

Maximum Severity Rating: Critical

Affected Software/Operating System:
  • Windows Media Format Runtime 7.1
    • Microsoft Windows 2000 Service Pack 4
  • Windows Media Format Runtime 9
    • Windows 2000 Service Pack 4
    • Windows Media Format Runtime 9 (KB941569)
    • Windows XP Service Pack 2
  • Windows Media Format Runtime 9.5
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
  • Windows Media Format Runtime 9.5 x64 Edition
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
  • Windows Media Format Runtime 11
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Vista
    • Windows Vista x64 Edition
  • Windows Media Services 9.1
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Non-Affected Software
  • Windows Media Player 6.4 when installed on Microsoft Windows 2000
  • Windows Media Player 6.4 when installed on Windows XP
  • Windows Media Player 6.4 when installed on Windows Server 2003
  • Windows Media Services 4.1 when installed on Microsoft Windows 2000
  • Microsoft Windows 2003 For Itanium-Based Systems and Windows Server 2003 with SP1 for Itanium-based Systems
    Released 12/11/07

    MS07-067 Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)

    Maximum Severity Rating: Important

    Affected Software/Operating System:
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    Non-Affected Software
    • Microsoft Windows 2000 Service Pack 4
    • Windows Server 2003 for Itanium-based Systems
    • Windows Vista
    • Windows Vista x64 Edition

    Released 12/11/07

    MS07-066 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)

    Maximum Severity Rating: Important

    Affected Software/Operating System:
    • Windows Vista
    • Windows Vista x64 Edition
    Non-Affected Software
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based systems
    • Windows Server 2003 x64 Edition and Windows Server x64 Edition Service Pack 2

    Released 12/11/07

    MS07-065 Vulnerability in Message Queuing Could Allow Remote Code Execution (937894)

    Maximum Severity Rating: Important

    Affected Software/Operating System:
    • Microsoft Windows 2000 Server Service Pack 4 and Microsoft Windows 2000 Professional Service Pack 4
    • Windows XP Service Pack 2
    Non Affected Software
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista
    • Windows Vista x64 Edition

    Released 12/11/07

    MS07-064 Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)

    Maximum Severity Rating: Critical

    Affected Software/Operating System:
    • DirectX 7.0 and DirectX 8.1
      • Microsoft Windows 2000 Service Pack 4
    • DirectX 9.0c
      • Microsoft Windows 2000 Service Pack 4
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • DirectX 10.0
      • Windows Vista
      • Windows Vista x64 Edition

    Released 12/11/07

    MS07-063 Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)

    Maximum Severity Rating: Important

    Affected Software/Operating System:
    • Windows Vista
    • Windows Vista x64 Edition
    Non-Affected Software
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems

    Released 11/13/07

    MS07-062 Vulnerability in DNS Could Allow Spoofing (941672)

    Maximum Severity Rating: Important

    Affected Software/Operating System:
    • Microsoft Windows 2000 Server Service Pack 4
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems

    Non-Affected Software
    • Microsoft Windows 2000 Professional Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Vista
    • Windows Vista x64

    Released 11/13/07

    MS07-061 Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)

    Maximum Severity Rating: Critical

    Affected Software/Operating System:
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows 2003 Server x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems
    Non-Affected Software
  • Microsoft Windows 2000 Service Pack 4
  • Windows Vista
  • Windows Vista x64
    Released 10/9/07 Updated 10/17/07

    MS07-060 Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)

    Maximum Severity Rating: Critical

    Affected Software/Operating System:
    • Microsoft Word 2000 Service Pack 3
    • Microsoft Office XP Service Pack 3
    • Microsoft Office 2004 for Mac

    Non-Affected Software
    • Microsoft Office 2003 Service Pack 2
    • Microsoft Office 2003 Service Pack 3
    • 2007 Microsoft Office system

    Revisions
    • V1.0 (October 9, 2007): Bulletin published.
    • V1.1 (October 10, 2007): Bulletin updated: Hyperlink updated for the Microsoft Mactopia Web site to the correct download location of the 11.3.8 Update in the "Deployment Information" section.
    • V1.2 (October 17, 2007): Bulletin updated: Vulnerability FAQ updated to explain the nature of the update and plans for addressing similar stability issues.

    Released 10/9/07

    MS07-059 Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)

    Maximum Severity Rating: Important

    Affected Software/Operating System:
    • Microsoft Windows SharePoint Services 3.0
      • Windows Server 2003 Service Pack 1
      • Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition
      • Windows Server 2003 x64 Edition Service Pack 2
    • Microsoft Office SharePoint Server 2007
    • Microsoft Office SharePoint Server 2007 x64 Edition

    Released 10/9/07 Updated 10/10/07

    MS07-058 Vulnerability in RPC Could Allow Denial of Service (933729)

    Maximum Severity Rating: Important

    Affected Software/Operating System:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista
    • Windows Vista x64 Edition

    Revisions
    • V1.0 (October 9, 2007): Bulletin published.
    • V1.1 (October 10, 2007): Updating bulletin to show XP professional x64 Edition Service Pack 2 as affected software.

    Released 10/9/07 Updated 10/10.07

    MS07-057 Cumulative Security Update for Internet Explorer (939653)

    Maximum Severity Rating: Critical

    Affected Software/Operating System:
    • Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1
      • Microsoft Windows 2000 Service Pack 4
    • Internet Explorer 6
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Internet Explorer 7
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
      • Windows Vista
      • Windows Vista x64 Edition
    Revisions
    • V1.0 (October 9, 2007): Bulletin published.
    • V1.1 (October 10, 2007): Bulletin revised to correct the "What does the update do?" section for CVE-2007-3893.

    Released 10/9/07 Updated 10/10.07

    MS07-056 Security Update for Outlook Express and Windows Mail (941202)

    Maximum Severity Rating: Critical

    Affected Component/Operating System:
    • Outlook Express 5.5 Service Pack 2
      • Microsoft Windows 2000 Service Pack 4
    • Outlook Express 6 Service Pack 1
      • Microsoft Windows 2000 Service Pack 4
    • Microsoft Outlook Express 6
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1
      • Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition
      • Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems
      • Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Mail
      • Windows Vista
      • Windows Vista x64 Edition
    Revisions
    • V1.0 (October 09, 2007): Bulletin published.
    • V2.0 (October 10, 2007): Bulletin revised to include Windows XP Professional x64 Edition in the "Affected Software" section; Known Issues set to none; Corrected missing file information to the bulletin text for Outlook Express 6.0 Service Pack 1 on Windows 2000 Service pack 4 and Outlook Express 5.5 Service Pack 2 on Windows 2000 Service pack 4.

    Released 10/9/07

    MS07-055 Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)

    Maximum Severity Rating: Critical

    Affected Operating System:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    Non-Affected Operating System
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista
    • Windows Vista x64 Edition

    Released 09/11/07 Updated 9/12/07

    MS07-054 Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution (942099)

    Maximum Severity Rating: Important

    Affected Operating System/Software:
    • Microsoft Windows 2000 Service Pack 4
      • MSN Messenger 6.2
      • MSN Messenger 7.0
    • Windows XP Service Pack 2
      • MSN Messenger 6.2
      • MSN Messenger 7.0
      • MSN Messenger 7.5
      • Windows Live Messenger 8.0
    • Windows XP Professional x64 Edition
      • MSN Messenger 6.2
      • MSN Messenger 7.0
      • MSN Messenger 7.5
      • Windows Live Messenger 8.0
    • Windows XP Professional x64 Edition Service Pack 2
      • MSN Messenger 6.2
      • MSN Messenger 7.0
      • MSN Messenger 7.5
      • Windows Live Messenger 8.0
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • MSN Messenger 6.2
    • MSN Messenger 7.0
    • MSN Messenger 7.5W
    • Windows Live Messenger 8.0
  • Windows Server 2003 x64 Edition
    • MSN Messenger 6.2
    • MSN Messenger 7.0
    • MSN Messenger 7.5
    • Windows Live Messenger 8.0
  • Windows Server 2003 x64 Edition Service Pack 2
    • MSN M
      Messenger 6.2
    • MSN Messenger 7.0
    • MSN Messenger 7.5
    • Windows Live Messenger 8.0
  • Windows Vista
    • MSN Messenger 6.2
    • MSN Messenger 7.0
    • MSN Messenger 7.5
    • Windows Live Messenger 8.0
  • Windows Vista x64 Edition
    • MSN Messenger 6.2
    • MSN Messenger 7.0
    • MSN Messenger 7.5
    • Windows Live Messenger 8.0
    Non-Affected Software/Operating System:
    • MSN Messenger 7.0.0820
      • Microsoft Windows 2000 Service Pack 4
    • Windows Live Messenger 8.1
      • Windows XP Service Pack 2
      • Windows Live Messenger 8.1
      • Windows XP Professional x64 Edition
      • Windows Live Messenger 8.1
      • Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition
      • Windows Server 2003 x64 Edition Service Pack 2
      • Windows Vista
      • Windows Vista x64 Edition
    Revisions
    • V1.0 (September 11, 2007): Bulletin published
    • V1.1 (September 12, 2007): Download center links added to Affected Software table for upgrading to Windows Live Messenger 8.1.

    Released 09/11/07 Updated 9/19/07

    MS07-053 Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)

    Maximum Severity Rating: Important

    Affected Component/Operating System:
    • Windows Services for UNIX 3.0
      • Windows 2000 Service Pack 4
      • Windows XP Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Services for UNIX 3.5
      • Windows 2000 Service Pack 4
      • Windows XP Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Subsystem for UNIX-based Applications
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Window Vista
      • Windows Vista x64 Edition
      Non-affected Software
      • Windows Services for UNIX 1.0
      • Windows Services for UNIX 2.0
      • Windows Services for UNIX 2.1
      • Windows Services for UNIX 2.2
      Revisions
      • V1.0 (September 11, 2007): Bulletin published.
      • V1.1 (September 19, 2007): Bulletin revised to correct table information for the SMS detection and deployment summary for this security update. SMS 2003 Software Update Services (SUS) can detect this security update with EST. If a previous version of the Extended Security Update Inventory Tool has been installed on SMS, it will need to be upgraded with the current version of the tool to enable detection of this security update.

      Released 09/11/07 Updated 9/19/07

      MS07-052 Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)

      Maximum Severity Rating: Critical

      Affected Software/Edition:
      • Visual Studio .NET 2002 Service Pack 1
        • Microsoft Visual Studio .NET Enterprise Architect
        • Microsoft Visual Studio .NET Enterprise Developer
        • Microsoft Visual Studio .NET Professional
      • Visual Studio .NET 2003
        • Microsoft Visual Studio .NET Enterprise Architect 2003
        • Microsoft Visual Studio .NET Enterprise Developer 2003
        • Microsoft Visual Studio .NET Professional 2003
      • Visual Studio .NET 2003 Service Pack 1
        • Microsoft Visual Studio .NET Enterprise Architect 2003
        • Microsoft Visual Studio .NET Enterprise Developer 2003
        • Microsoft Visual Studio .NET Professional 2003
      • Visual Studio 2005
        • Microsoft Visual Studio 2005 Professional Edition
        • Microsoft Visual Studio 2005 Team Edition for Software Architects
        • Microsoft Visual Studio 2005 Team Edition for Software Developers
        • Microsoft Visual Studio 2005 Team Suite
        • Microsoft Visual Studio 2005 Team Edition for Software Testers
      • Visual Studio 2005 Service Pack 1
        • Microsoft Visual Studio 2005 Professional Edition
        • Microsoft Visual Studio 2005 Team Edition for Software Architects
        • Microsoft Visual Studio 2005 Team Edition for Software Developers
        • Microsoft Visual Studio 2005 Team Suite
        • Microsoft Visual Studio 2005 Team Edition for Software Testers
      Non-Affected Software
      • Microsoft Office Outlook 2003 with Business Contact Manager
      • Microsoft Office Outlook 2007 with Business Contact Manager
      Revisions
      • V1.0 (September 11, 2007): Bulletin published.
      • V1.1 (September 19, 2007): Bulletin updated: The executable filename for Visual Studio 2003 Service Pack 1 has been correctly updated to VS7.1sp1-KB937059-x86-INTL in the corresponding Reference Table under Security Update Deployment.

      Released 09/11/07 Updated 9/12/07

      MS07-051 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827)

      Maximum Severity Rating: Critical

      Affected Operating System:
      • Microsoft Windows 2000 Service Pack 4
      Non-Affected Software
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
      • Windows Vista
      • Windows Vista x64 Edition
      Revisions
      • V1.0 (September 11, 2007): Bulletin published.
      • V1.1 (September 12, 2007): Bulletin updated to include FAQ as to why up-level platforms are not affected by the vulnerability addressed by this bulletin.

      Released 08/14/07 Updated 8/22/07

      MS07-050 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)

      Maximum Severity Rating: Critical

      Affected Software/Operating System:
      • Microsoft Internet Explorer 5.01 Service Pack 4
        • Microsoft Windows 2000 Service Pack 4
      • Microsoft Internet Explorer 6 Service Pack 1
        • Microsoft Windows 2000 Service Pack 4
      • Microsoft Internet Explorer 6
        • Windows XP Service Pack 2
        • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
        • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
      • Internet Explorer 7
        • Windows XP Service Pack 2
        • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
        • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
        • Windows Vista
        • Windows Vista x64 Edition
      Revisions
      • V1.0 (August 14, 2007): Bulletin published.
      • V1.1 (August 15, 2007): Bulletin revised to correct file information for Microsoft Internet Explorer 7 for Windows 2003.
      • V1.2 (August 22, 2007): Bulletin revised to correct Registry Key Verification for Internet Explorer 7 for all supported 32-bit editions, 64-bit editions, and Itanium-based editions of Windows Server 2003.

      Released 08/14/07

      MS07-049 Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Virtual PC 2004
      • Microsoft Virtual PC 2004 Service Pack 1
      • Microsoft Virtual Server 2005 Standard Edition
      • Microsoft Virtual Server 2005 Enterprise Edition
      • Microsoft Virtual Server 2005 R2 Standard Edition
      • Microsoft Virtual Server 2005 R2 Enterprise Edition
      • Microsoft Virtual PC for Mac Version 6.1
      • Microsoft Virtual PC for Mac Version 7
      Non-Affected Software:
      • Microsoft Virtual PC 2007
      • Microsoft Virtual Server 2005 R2 Service Pack 1

      Released 08/14/07

      MS07-048 Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)

      Maximum Severity Rating: Important

      Affected Operating Systems:
      • Windows Vista
      • Windows Vista x64 Edition

      Released 08/14/07 Updated 9/19/07

      MS07-047 Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)

      Maximum Severity Rating: Important

      Affected Component/Operating Systems:
      • Windows Media Player 7.1
        • Windows 2000 Service Pack 4
      • Windows Media Player 9
        • Windows 2000 Service Pack 4
        • Windows XP Service Pack 2
      • Windows Media Player 10
        • Windows XP Service Pack 2<
        • Windows XP Professional X64 Edition
        • Windows XP Professional X64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1
        • Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition
        • Windows Server 2003 x64 Edition Service Pack 2
      • Windows Media Player 11
        • Windows XP Service Pack 2
        • Windows XP Professional X64 Edition
        • Windows XP Professional X64 Edition Service Pack 2
        • Windows Vista
        • Windows Vista x64 Edition
      Revisions
      • V1.0 (August 14, 2007): Bulletin published.
      • V1.1 (August 29, 2007): Bulletin revised to correct Registry Key Verification for Windows Media Player 7.1, 9, 10, and 11 on supported editions of Windows 2000 Service Pack 4, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows XP Service Pack 2 and x64 Editions.
      • V1.2 (September 19, 2007): Bulletin revised to correct file information when installing without user intervention, installing without restarting, and removal Information for Windows Media Player 7.1, 9, 10, and 11 on supported editions of Windows 2000 Service Pack 4, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows XP Service Pack 2 and x64 Editions.

      Released 08/14/07 Updated 8/29/07

      MS07-046 Vulnerability in GDI Could Allow Remote Code Execution (938829)

      Maximum Severity Rating: Critical

      Affected Software/Operating Systems:
      • Microsoft Windows 2000 Service Pack 4
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition
      • Windows Server 2003 Service Pack 1
      • Windows Server 2003 x64 Edition
      • Windows Server 2003 with SP1 for Itanium-based Systems
      Non-Affected Software
      • Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP2 for Itanium-based Systems
      • Windows Vista
      • Windows Vista x64 Edition
      Revisions
      • V1.0 (August 14, 2007): Bulletin published.
      • V1.1 (August 29, 2007): Bulletin Updated: Additional information has been added to include workarounds for this vulnerability.

      Released 08/14/07 Updated 10/10/07

      MS07-045 Cumulative Security Update for Internet Explorer (937143)

      Maximum Severity Rating: Critical

      Affected Software/Operating Systems:
      • Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1
        • Microsoft Windows 2000 Service Pack 4
      • Internet Explorer 6
        • Windows XP Service Pack 2
        • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
        • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
      • Internet Explorer 7
        • Windows XP Service Pack 2
        • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
        • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
        • Windows Vista
        • Windows Vista x64 Edition
      Revisions:
      • V1.0 (August 14, 2007): Bulletin published.
      • V1.1 (August 22, 2007): Bulletin revised to correct Registry Key Verification for Internet Explorer 7 for all supported 32-bit editions, 64-bit editions, and Itanium-based editions of Windows Server 2003.
      • V1.2 (August 29, 2007): Bulletin revised to document the functionality change of increasing the limit on cookies from 20 to 50.
      • V1.3 (October 10, 2007): Bulletin revised to correct the name of an affected file in the bulletin text only.

      Released 08/14/07 Updated 8/29/07

      MS07-044 Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)

      Maximum Severity Rating: Critical

      Office Suite and other Affected Software:
      • Microsoft Office 2000 Service Pack 3
      • Microsoft Office XP Service Pack 3
      • Microsoft Office 2003 Service Pack 2
      • Microsoft Office 2004 for Mac
      Revisions:
      • V1.0 (August 14, 2007): Bulletin published.
      • V1.1 (August 29, 2007): Bulletin updated to change the download link display text for Office components in the Affected Software table.

      Released 08/14/07

      MS07-043 Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)

      Maximum Severity Rating: Critical

      Affected Software/Component:
      • Windows 2000 Service Pack 4
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
      • Microsoft Office 2004 for Mac
      • Microsoft Visual Basic 6.0 Service Pack 6 (KB924053)
      Non-Affected Software
    • Windows Vista
    • Windows Vista x64 Edition
      Released 08/14/07 Updated 9/27/07

      MS07-042 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)

      Maximum Severity Rating: Critical

      Affected Software/Component:
      • Microsoft XML Core Services 3.0
        • Windows 2000 Service Pack 4
        • Windows XP Service Pack 2
        • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1
        • Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition
        • Windows Server 2003 x64 Edition Service Pack 2
        • Windows Server 2003 with SP1 for Itanium-based Systems
        • Windows Server 2003 with SP2 for Itanium-based Systems
        • Windows Vista
        • Windows Vista x64 Edition
      • Microsoft XML Core Services 4.0
        • Windows 2000 Service Pack 4
        • Windows XP Service Pack 2
        • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
        • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
        • Windows Vista
        • Windows Vista x64 Edition
      • Microsoft XML Core Services 5.0
        • Microsoft Office 2003 Service Pack 2
        • 2007 Microsoft Office System
        • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
        • Microsoft Expression Web
        • Microsoft Office SharePoint Server
        • Microsoft Office Groove Server 2007
      • Microsoft XML Core Services 6.0
        • Windows 2000 Service Pack 4
        • Windows XP Service Pack 2
        • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
        • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
        • Windows Vista
        • Windows Vista x64 Edition
      • Microsoft XML Core Services 5.0
          <
          Revisions:
          • V1.0 (August 14, 2007): Bulletin published.
          • V1.1 (August 15, 2007): Bulletin updated: Corrected file manifest information for Microsoft XML Core Services 4.0.
          • V2.0 (September 27, 2007): Bulletin updated: Added Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats and Microsoft Expression Web as affected products. The Bulletin has also been updated to inform customers that a potential reliability issue exists in applications that have installed Microsoft XML Core Services 4.0 on Windows Vista, which can be addressed by applying the download available in Microsoft Knowledge Base Article 941833.

          Released 07/10/07

          MS07-041 Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373)

          Maximum Severity Rating: Important

          Affected Software/Component:
          • Windows XP Professional Service Pack 2/Microsoft Internet Information Services (IIS) 5.1

          Non-Affected Software:
          • Windows 2000 Service Pack 4
          • Windows XP Home Service Pack 2
          • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
          • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
          • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
          • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
          • Windows Vista
          • Windows Vista x64 Edition

          Released 07/10/07

          MS07-040 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212)

          Maximum Severity Rating: Critical

          Affected Software/Component:
          • Microsoft .NET Framework 1.0
            • Windows 2000 Service Pack 4
            • Windows XP Service Pack 2
            • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
            • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
            • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
            • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
            • Windows Vista
          • Microsoft .NET Framework 1.1
            • Windows XP Service Pack 2
            • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
            • Windows XP Tablet PC Edition 2005 and Windows XP Media Center Edition 2005
            • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
            • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
            • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
            • Windows Vista
            • Windows Vista x64 Edition
          • Microsoft .NET Framework 2.0
            • Windows XP Service Pack 2
            • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
            • Windows XP Tablet PC Edition 2005 and Windows XP Media Center Edition 2005
            • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
            • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
            • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
            • Windows Vista
            • Windows Vista x64 Edition

          Non-Affected Software/Component:
          • Microsoft .NET Framework 3.0
            • Windows XP Service Pack 2
            • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
            • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
            • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2,li>Windows Vista
            • Windows Vista x64 Edition

          Released 07/10/07

          MS07-039 Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122)

          Maximum Severity Rating: Critical

          Affected Software:
          • Microsoft Windows 2000 Server Service Pack 4
          • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
          • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
          • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems

          Non-Affected Software
          • Windows 2000 Professional Service Pack 4
          • Windows XP Service Pack 2,li>Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
          • Windows Vista
          • Windows Vista x64 Edition

          Released 07/10/07

          MS07-038 Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)

          Maximum Severity Rating: Moderate

          Affected Software:
          • Windows Vista
          • Windows Vista x64 Edition

          Released 07/10/07

          MS07-037 Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548)

          Maximum Severity Rating: Important

          Office Suite and Other Affected Software:
          • 2007 Microsoft Office System/Microsoft Office Publisher 2007

          Non-Affected Office Suite Application
          • Microsoft Office 2000 Service Pack 3/Microsoft Publisher 2000
          • Microsoft Office XP Service Pack 3/Microsoft Publisher 2002,li>Microsoft Office 2003 Service Pack 2/Microsoft Publisher 2003

          Released 07/10/07

          MS07-036 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542)

          Maximum Severity Rating: Critical

          Office Suite and Other Affected Software:
          • Microsoft Office 2000 Service Pack 3/Microsoft Excel 2000 Service Pack 3
          • Microsoft Office XP Service Pack 3/Microsoft Excel 2002 Service Pack 3
          • Microsoft Office 2003 Service Pack 2/Microsoft Excel 2003 Service Pack 2, Microsoft Excel 2003 Viewer
          • 2007 Microsoft Office System/Microsoft Office Excel 2007
          • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

          Released 06/12/07

          MS07-035 Vulnerability in Win 32 API Could Allow Remote Code Execution (935839)

          Maximum Severity Rating: Critical

          Affected Software:
          • Windows 2000 Service Pack 4
          • Windows XP Service Pack 2
          • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
          • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
          • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
          • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
          Non-Affected Software
          • Windows Vista
          • Windows Vista x64 Edition

          Released 06/12/07 Updated 7/6/07

          MS07-034 Cumulative Security Update for Outlook Express and Windows Mail (929123)

          Maximum Severity Rating: Critical

          Affected Software/Component:
          • Windows XP Service Pack 2/ Microsoft Outlook Express 6
          • Windows XP Professional x64 Edition/Microsoft Outlook Express 6
          • Windows XP Professional x64 Edition Service Pack 2/Microsoft Outlook Express 6
          • Windows Server 2003 Service Pack 1/Microsoft Outlook Express 6
          • Windows Server 2003 Service Pack 2/Microsoft Outlook Express 6
          • Windows Server 2003 x64 Edition/Microsoft Outlook Express 6
          • Windows Server 2003 x64 Edition Service Pack 2/Microsoft Outlook Express 6
          • Windows Server 2003 with SP1 for Itanium-based Systems/Microsoft Outlook Express 6
          • Windows Server 2003 with SP2 for Itanium-based Systems/Microsoft Outlook Express 6
          • Windows Vista/Windows Mail
          • Windows Vista x64 Edition/Windows Mail

          Non-Affected Software
          • Windows 2000 Service Pack 4/Outlook Express 5.5 Service Pack 2
          • Windows 2000 Service Pack 4/Outlook Express 6 Service Pack 1
          Revisions
          • V1.0 (June 12, 2007): Bulletin published.
          • V1.1 (June 12, 2007): Updated Affected Software section to remove Bulletins Replaced by This Update on Windows XP Professional x64 Edition Service Pack 2.
          • V1.2 (June 12, 2007): Updated registry key verification information for Outlook Express 6 in the Security Update Deployment section.
          • V1.3 (June 13, 2007): Updated the Microsoft Knowledge Base Article to reference KB Article 929123 in the Known Issues section.

          Released 06/12/07 Updated 6/13/07

          MS07-033 Cumulative Security Update for Internet Explorer (933566)

          Maximum Severity Rating: Critical

          Affected Software/Component:
          • Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1/Microsoft Windows 2000 Service Pack 4
          • Internet Explorer 6/Windows XP Service Pack 2, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
          • Internet Explorer 7/Windows XP Service Pack 2, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista, Windows Vista x64 Edition
          Revisions
          • V1.0 (June 12, 2007): Bulletin published.
          • V1.1 (June 12, 2007): Bulletin Revised: CVE number corrected for Navigation Cancel Page Spoofing Vulnerability - CVE-2007-1499.
          • V1.2 (June 13, 2007): Bulletin Revised: Registry Key Verification corrected for Internet Explorer 6 Service Pack 1 on all supported editions of Microsoft Windows 2000 Service Pack 4; Removed duplicate text in Workarounds for COM Object Instantiation Memory Corruption Vulnerability - CVE-2007-0218 and Workarounds for Uninitialized Memory Corruption Vulnerability - CVE-2007-1751

          Released 06/12/07

          MS07-032 Vulnerability in Windows Vista Could Allow Information Disclosure (931213)

          Maximum Severity Rating: Moderate

          Affected Software:
          • Windows Vista
          • Windows Vista x64 Edition

          Non-Affected Software
          • Windows 2000 Service Pack 4
          • Windows XP Service Pack 2
          • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
          • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
          • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
          • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems

          Released 06/12/07

          MS07-031 Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)

          Maximum Severity Rating: Critical

          Affected Software:
          • Windows 2000 Service Pack 4
          • Windows XP Service Pack 2
          • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
          • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
          • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
          • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems

          Non-Affected Software
          • Windows Vista
          • Windows Vista x64 Edition

          Released 06/12/07

          MS07-030 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)

          Maximum Severity Rating: Important

          Affected Software:
          • Microsoft Visio 2002 Service Pack 2
          • Microsoft Office 2003
            • Microsoft Visio 2003 Service Pack 2

          Non-Affected Software:
          • 2007 Microsoft Office System
            • Microsoft Office Visio 2007

          Released 05/08/07 Updated 6/6/07

          MS07-029 Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966)

          Maximum Severity Rating: Critical

          Affected Software:
          • Microsoft Windows 2000 Server Service Pack 4
          • Microsoft Windows Server 2003 Service Pack 1 and Microsoft Windows Server 2003 Service Pack 2
          • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
          • Microsoft Windows Server 2003 x64 Edition Service Pack 1 and Microsoft Windows Server 2003 x64 Edition Service Pack 2

          Non-Affected Software:
          • Microsoft Windows 2000 Professional Service Pack 4
          • Microsoft Windows XP Service Pack 2
          • Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
          • Windows Vista
          • Windows Vista x64 Edition
          Revisions:
          • V1.0 (May 8, 2007): Bulletin published.
          • V1.1 (May 31, 2007): Bulletin revised. File Information updated for Windows Server 2003. Clarification added throughout the bulletin for server configurations that may require the installation of DNS functionality as a prerequisite for the security update installation.
          • V1.2 (June 6, 2007): Bulletin revised. Removed the literal Service Pack 1 from all instances of Windows Server 2003 x64 Edition Service Pack 1 throughout the bulletin.

          Released 05/08/07

          MS07-028 Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)

          Maximum Severity Rating: Critical

          Affected Software:
          • CAPICOM
          • Platform SDK Redistributable: CAPICOM
          • BizTalk Server 2004 Service Pack 1
          • BizTalk Server 2004 Service Pack 2

          Non-Affected Software:
          • BizTalk Server 2000
          • BizTalk Server 2002
          • BizTalk Server 2006

          Released 05/08/07

          MS07-027 Cumulative Security Update for Internet Explorer (931768)

          Maximum Severity Rating: Critical

          Affected Software:
          • Microsoft Windows 2000 Service Pack 4
          • Microsoft Windows XP Service Pack 2
          • Microsoft Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
          • Microsoft Windows Server 2003 Service Pack 1 and Microsoft Windows Server 2003 Service Pack 2
          • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
          • Microsoft Windows Server 2003 x64 Edition Service Pack 1 and Microsoft Windows Server 2003 x64 Edition Service Pack 2
          • Windows Vista
          • Windows Vista x64 Edition

          Affected Components:
          • Microsoft Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4
          • Microsoft Internet Explorer 6 Service Pack 1 when installed on Windows 2000 Service Pack 4
          • Microsoft Internet Explorer 6 for Windows XP Service Pack 2
          • Microsoft Internet Explorer 6 for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
          • Microsoft Internet Explorer 6 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
          • Microsoft Internet Explorer 6 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
          • Microsoft Internet Explorer 6 for Windows Server 2003 x64 Edition Service Pack 1 and Windows Server 2003 x64 Edition Service Pack 2
          • Windows Internet Explorer 7 for Windows XP Service Pack 2
          • Windows Internet Explorer 7 for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
          • Windows Internet Explorer 7 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
          • Windows Internet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
          • Windows Internet Explorer 7 for Windows Server 2003 x64 Edition Service Pack 1 and Windows Server 2003 x64 Edition Service Pack 2
          • Windows Internet Explorer 7 in Windows Vista
          • Windows Internet Explorer 7 in Windows Vista x64 Edition

          Released 05/08/07

          MS07-026 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)

          Maximum Severity Rating: Critical

          Affected Software:
          • Microsoft Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004
          • Microsoft Exchange Server 2003 Service Pack 1
          • Microsoft Exchange Server 2003 Service Pack 2
          • Microsoft Exchange Server 2007

          Released 05/08/07 Updated 5/17/07

          MS07-025 Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)

          Maximum Severity Rating: Critical

          Affected Software:
          • Microsoft Office 2000 Service Pack 3
            • Microsoft Excel 2000
            • Microsoft FrontPage 2000
            • Microsoft Publisher 2000
          • Microsoft Office XP Service Pack 3
            • Microsoft Excel 2002
            • Microsoft FrontPage 2002
            • Microsoft Publisher 2002
          • Microsoft Office 2003 Service Pack 2
          • Microsoft Excel 2003
          • Microsoft FrontPage 2003
          • Microsoft Publisher 2003
          • Microsoft Excel 2003 Viewer
        • 2007 Microsoft Office System
          • Microsoft Office Excel 2007
          • Microsoft Office Publisher 2007
          • Microsoft Office SharePoint Designer 2007Microsoft Expression Web
        • Microsoft Office 2004 for Mac
        Non-Affected Software:
        • Microsoft Works Suites:
          • Microsoft Works Suite 2004
          • Microsoft Works Suite 2005
          • Microsoft Works Suite 2006
        • Microsoft Office 2000 Service Pack 3
          • Microsoft Access 2000
          • Microsoft Outlook 2000
          • Microsoft PowerPoint 2000
          • Microsoft Project 2000 Service Release 1
          • Microsoft Word 2000
        • Microsoft Office XP Service Pack 3
          • Microsoft Access 2002
          • Microsoft Outlook 2002
          • Microsoft PowerPoint 2002
          • Microsoft Project 2002 Service Pack 1
          • Microsoft Visio 2002
          • Microsoft Word 2002
        • Microsoft Office 2003 Service Pack 2:
          • Microsoft Access 2003
          • Microsoft InfoPath 2003
          • Microsoft OneNote 2003
          • Microsoft Outlook 2003
          • Microsoft Project 2003
          • Microsoft PowerPoint 2003
          • Microsoft PowerPoint 2003 Viewer
          • Microsoft Visio 2003
          • Microsoft Word 2003
          • Microsoft Word 2003 Viewer
        • 2007 Microsoft Office System
          • Microsoft Office Access 2007
          • Microsoft Office PowerPoint 2007
          • Microsoft Office Project 2007
          • Microsoft Office Visio 2007
          • Microsoft Office Word 2007
        Revisions:
        • V1.0 (May 8, 2007): Bulletin published.
        • V1.1 (May 16, 2007): Bulletin workarounds section updated, with the removal of the Use Microsoft Word Viewer 2003 to open and view files workaround. This workaround is not valid for the vulnerability discussed in this security bulletin.
        • V1.2 (May 17, 2007): This Bulletin has been revised due to new issues discovered with the security update as reflected in Microsoft Knowledge Base Article 934873.

        Released 05/08/07

        MS07-024 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Office 2000 Service Pack 3
          • Microsoft Word 2000
        • Microsoft Office XP Service Pack 3
          • Microsoft Word 2002
        • Microsoft Office 2003 Service Pack 2
          • Microsoft Word 2003
          • Microsoft Word Viewer 2003
        • Microsoft Office 2004 for Mac
        • Microsoft Works Suites:
          • Microsoft Works Suite 2004
          • Microsoft Works Suite 2005
          • Microsoft Works Suite 2006

        Non-Affected Software:
        • 2007 Microsoft Office System
          • Microsoft Word 2007

        Released 05/08/07 Updated 5/17/07

        MS07-023 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Office 2000 Service Pack 3
          • Microsoft Excel 2000
        • Microsoft Office XP Service Pack 3
          • Microsoft Excel 2002
        • Microsoft Office 2003 Service Pack 2
          • Microsoft Excel 2003
          • Microsoft Excel 2003 Viewer
        • 2007 Microsoft Office System
          • Microsoft Office Excel 2007
          • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
        • Microsoft Office 2004 for Mac

      Non-Affected Software:
      • Microsoft Works Suites:
        • Microsoft Works Suite 2004
        • Microsoft Works Suite 2005
        • Microsoft Works Suite 2006
      Revisions:
      • V1.0 (May 8, 2007): Bulletin published.
      • V1.1 (May 16, 2007): Bulletin Installation File Information section updated with the correct file name for the Office 2007 Compatibility Pack.
      • V1.2 (May 17, 2007): This Bulletin has been revised due to new issues discovered with the security update as reflected in Microsoft Knowledge Base Article 934233.

      Released 04/10/07

      MS07-022 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft 2003 Service Pack 2
      Non-Affected Software:
      • Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
      • Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 and SP2 for Itanium-based Systems
      • Windows Vista
      • Windows Vista x64 Edition

      Released 04/10/07

      MS07-021 Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
      • Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 Service Pack 2
      • Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2
      • Windows Vista
      • Windows Vista x64 Edition

      Released 04/10/07

      MS07-020 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 and Microsoft Server 2003 Service Pack 2
      • Microsoft Windows Server 2003 x64 Edition with Service Pack 1 and Microsoft Windows Server 2003 x64 Edition with Service Pack 2
      • Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
      Non-Affected Software:
      • Windows Vista
      • Windows Vista x64 Edition

      Released 04/10/07

      MS07-019 Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
      Non-Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 Service Pack 2
      • Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2
      • Windows Vista
      • Windows Vista x64 Edition

      Released 04/10/07

      MS07-018 Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Content Management Server 2001 Service Pack 1
      • Microsoft Content Management Server 2002 Service Pack 2

      Released 04/03/07

      MS07-017 Vulnerabilities in GDI Could Allow Remote Code Execution (925902)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
      • Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 Service Pack 2
      • Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2
      • Windows Vista
      • Windows Vista x64 Edition

      Released 02/13/07 Updated 2/21/07

      MS07-016 Cumulative Security Update for Internet Explorer (928090)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      Non-Affected Software:
      • Windows Vista
      Affected Components:
      • Microsoft Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4
      • Microsoft Internet Explorer 6 Service Pack 1 when installed on Windows 2000 Service Pack 4
      • Microsoft Internet Explorer 6 for Windows XP Service Pack 2
      • Microsoft Internet Explorer 6 for Windows XP Professional x64 Edition
      • Microsoft Internet Explorer 6 for Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems and Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Internet Explorer 6 for Windows Server 2003 x64 Edition
      • Windows Internet Explorer 7 for Windows XP Service Pack 2
      • Windows Internet Explorer 7 for Windows XP Professional x64 Edition
      • Windows Internet Explorer 7 for Windows Server 2003 Service Pack 1
      • Windows Internet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based Systems
      • Windows Internet Explorer 7 for Windows Server 2003 x64 Edition
      Non-Affected Components:
      • Windows Internet Explorer 7 in Windows Vista
      Revisions:
      • V1.0 (February 13, 2007): Bulletin published.
      • V1.1 (February 21, 2007): Bulletin revised to correct installation verification keys for Windows Internet Explorer 7. Removal information for Windows Server 2003 updated with correct folder.

      Released 02/13/07 Updated 2/28/07

      MS07-015 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft Access 2000
        • Microsoft Excel 2000
        • Microsoft FrontPage 2000
        • Microsoft Outlook 2000
        • Microsoft PowerPoint 2000
        • Microsoft Publisher 2000
        • Microsoft Word 2000
      • Microsoft Office XP Service Pack 3
        • Microsoft Access 2002
        • Microsoft Excel 2002
        • Microsoft FrontPage 2002
        • Microsoft Outlook 2002
        • Microsoft PowerPoint 2002
        • Microsoft Publisher 2002
        • Microsoft Visio 2002
        • Microsoft Word 2002
      • Microsoft Office 2003 Service Pack 2
        • Microsoft Access 2003
        • Microsoft Excel 2003
        • Microsoft Excel 2003 Viewer
        • Microsoft FrontPage 2003
        • Microsoft InfoPath 2003
        • Microsoft OneNote 2003
        • Microsoft Outlook 2003
        • Microsoft PowerPoint 2003
        • Microsoft Project 2003
        • Microsoft Publisher 2003
        • Microsoft Visio 2003
        • Microsoft Word 2003
        • Microsoft Excel 2003 Viewer
        • Microsoft Word 2003 Viewer
      • Microsoft Project 2000 Service Release 1
      • Microsoft Project 2002 Service Pack 1
      • Microsoft Visio 2002 Service Pack 2
      • Microsoft Office 2004 for Mac
      Non-Affected Software:
      • 2007 Microsoft Office System
      • Microsoft Office 2003 Service Pack 2
        • Microsoft PowerPoint 2003 Viewer
      • Microsoft Works Suites:
        • Microsoft Works Suite 2004
        • Microsoft Works Suite 2005
        • Microsoft Works Suite 2006
      Revisions:
      • V1.0 (February 13, 2007): Bulletin published.
      • V1.1 (February 28, 2007) Bulletin updated: Prerequisites and Additional Update for Office 2003 in the Security Update Information section.

      Released 02/13/07

      MS07-014 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft Word 2000
      • Microsoft Office XP Service Pack 3
        • Microsoft Word 2002
        Microsoft Office 2003 Service Pack 2
        • Microsoft Word 2003
        • Microsoft Word Viewer 2003
      • Microsoft Works Suites:
        • Microsoft Works Suite 2004
        • Microsoft Works Suite 2005
        • Microsoft Works Suite 2006
      • Microsoft Office 2004 for Mac
      Non-Affected Software:
      • 2007 Microsoft Office System
        • Microsoft Office Word 2007

      Released 02/13/07 Updated 2/28/07

      MS07-013 Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118)

      Maximum Severity Rating: Important

      Affected Software:

      Windows Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      Office Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft Access 2000
        • Microsoft Excel 2000
        • Microsoft FrontPage 2000
        • Microsoft Outlook 2000
        • Microsoft PowerPoint 2000
        • Microsoft Publisher 2000
        • Microsoft Word 2000
      • Microsoft Office XP Service Pack 3
        • Microsoft Access 2002
        • Microsoft Excel 2002
        • Microsoft FrontPage 2002
        • Microsoft Outlook 2002
        • Microsoft PowerPoint 2002
        • Microsoft Publisher 2002
        • Microsoft Word 2002
      • Microsoft Office 2003 Service Pack 2
        • Microsoft Access 2003
        • Microsoft Excel 2003
        • Microsoft FrontPage 2003
        • Microsoft InfoPath 2003
        • Microsoft OneNote 2003
        • Microsoft Outlook 2003
        • Microsoft PowerPoint 2003
        • Microsoft Project 2003
        • Microsoft Publisher 2003
        • Microsoft Visio 2003
        • Microsoft Word 2003
        • Microsoft Word 2003 Viewer
      • Microsoft Project 2000 Service Release 1
      • Microsoft Office 2000 Multilanguage Packs
      • Microsoft Project 2002 Service Pack 1
      • Microsoft Visio 2002 Service Pack 2
      • Microsoft Learning Essentials 1.0, 1.1, and 1.5 for Microsoft Office
      • Microsoft Global Input Method Editor for Office 2000 (Japanese)
      • Microsoft Office 2004 for Mac
      Non-Affected Software:
      • Windows Vista
      • 2007 Microsoft Office System
      • Microsoft Office 2003 Service Pack 2
        • Microsoft Excel 2003 Viewer
        • Microsoft PowerPoint 2003 Viewer
      Revisions:
      • V1.0 (February 13, 2007): Bulletin published.
      • V1.1 (February 21, 2007) Bulletin updated: additional clarification has been added to the e-mail attack vector. An attacker could also attempt to exploit this vulnerability when a user interacts with a malformed embedded OLE object within a Rich Text e-mail message.
      • V1.2 (February 28, 2007) Bulletin updated: Prerequisites and Additional Update for Office 2003 in the Security Update Information section.

      Released 02/13/07 Update 2/21/07

      MS07-012 Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      • Microsoft Visual Studio .NET 2002
      • Microsoft Visual Studio .NET 2002 Service Pack 1
      • Microsoft Visual Studio .NET 2003
      • Microsoft Visual Studio .NET 2003 Service Pack 1
      Non-Affected Software:
      • Windows Vista
      • Microsoft Visual Studio 2005
      Revisions:

      V1.0 (February 13, 2007): Bulletin published.

      V1.1 (February 21, 2007) Bulletin updated: additional clarification has been added to the e-mail attack vector. An attacker could also attempt to exploit this vulnerability when a user interacts with a malformed embedded OLE object within a Rich Text e-mail message. This Bulletin has also been revised due to new issues discovered with the security update as reflected in Microsoft Knowledge Base Article 924667.

      Released 02/13/07 Updated 2/21/07

      MS07-011 Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      Non-Affected Software:
      • Windows Vista
      Revisions:
      • V1.0 (February 13, 2007) Bulletin published.
      • V1.1 (February 21, 2007) Bulletin updated: additional clarification has been added to the e-mail attack vector. An attacker could also attempt to exploit this vulnerability when a user interacts with a malformed embedded OLE object within a Rich Text e-mail message.

      Released 02/13/07 Updated 2/22/07

      MS07-010 Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135)

      Maximum Severity Rating: Critical

      Affected Software:
      • Windows Live OneCare
      • Microsoft Antigen for Exchange 9.x
      • Microsoft Antigen for SMTP Gateway 9.x
      • Microsoft Windows Defender
      • Microsoft Windows Defender x64 Edition
      • Microsoft Windows Defender in Windows Vista
      • Microsoft Forefront Security for Exchange Server
      • Microsoft Forefront Security for SharePoint
      Affected Components:
      • Microsoft Malware Protection Engine
      Revisions:
      • V1.0 (February 13, 2007): Bulletin published.
      • V1.1 (February 22, 2007): Bulletin updated: "Frequently Asked Questions (FAQ) Related to This Security Update" section in "Executive Summary" for WSUS Windows Defender update process.

      Released 02/13/07

      MS07-009 Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Data Access Components 2.5 Service Pack 3 on Microsoft Windows 2000 Service Pack 4
      • Microsoft Data Access Components 2.8 Service Pack 1 on Microsoft Windows XP Service Pack 2
      • Microsoft Data Access Components 2.8 on Microsoft Windows Server 2003
      • Microsoft Data Access Components 2.8 on Microsoft Windows Server 2003 for Itanium-based Systems
      Non-Affected Software:
      • Microsoft Data Access Components 2.8 Service Pack 2 on Microsoft Windows XP Professional x64 Edition
      • Microsoft Data Access Components 2.8 Service Pack 2 on Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Data Access Components 2.8 Service Pack 2 on Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Data Access Components 2.8 Service Pack 2 on Microsoft Windows Server 2003 x64 Edition
      • Windows Data Access Components 6.0 on Windows Vista
      Affected Components:
      • Microsoft Data Access Components 2.7 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4
      • Microsoft Data Access Components 2.8 when installed on Microsoft Windows 2000 Service Pack 4
      • Microsoft Data Access Components 2.8 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4

      Released 02/13/07

      MS07-008 Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      Non-Affected Software:
      • Windows Vista

      Released 02/13/07

      MS07-007 Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows XP Service Pack 2
      Non-Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      • Windows Vista

      Released 02/13/07 Updated 2/15/07

      MS07-006 Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      Non-Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows Vista
      Revisions:
      • V1.0 (February, 13 2007): Bulletin published.
      • V1.1 (February, 15 2007): Bulletin updated to reflect the appropriate registry key to use on Windows Server 2003 (all versions) to verify the files that this security update has installed. Also clarified the recommendation in the impact of the Disable the Shell Hardware Detection service workaround.

      Released 02/13/07

      MS07-005 Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)

      Maximum Severity Rating: Important

      Affected Software:
      • Step-by-Step Interactive Training when installed on Microsoft Windows 2000 Service Pack 4
      • Step-by-Step Interactive Training when installed on Microsoft Windows XP Service Pack 2
      • Step-by-Step Interactive Training when installed on Microsoft Windows XP Professional x64 Edition
      • Step-by-Step Interactive Training when installed on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Step-by-Step Interactive Training when installed on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Step-by-Step Interactive Training when installed on Microsoft Windows Server 2003 x64 Edition

      Released 01/09/07 Updated 1/10/07

      MS07-004 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      Non-Affected Software:
      • Windows Vista
      Affected Components:
      • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
      • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
      • Internet Explorer 7 on Microsoft Windows XP Service Pack 2
      • Internet Explorer 7 on Microsoft Windows XP Professional x64 Edition
      • Internet Explorer 7 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Internet Explorer 7 on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Internet Explorer 7 on Microsoft Windows Server 2003 x64 Edition
      Revisions:
      • V1.0 (January 9, 2007): Bulletin published.
      • V1.1 (January 10, 2007): Bulletin updated: Restart Requirement updated for each update to properly reflect that restarts are not required if the affected file, vgx.dll, is not in use.

      Released 01/09/07 Updated 1/24/07

      MS07-003 Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft Outlook 2000
      • Microsoft Office XP Service Pack 3
        • Microsoft Outlook 2002
      • Microsoft Office 2003 Service Pack 2
        • Microsoft Outlook 2003
      Non-Affected Software:
      • Microsoft Office 2007
      • Microsoft Office Outlook 2007
      Revisions:
      • V1.0 (January 9, 2007): Bulletin published.
      • V1.1 (January 24, 2007): Bulletin updated to add You receive an error message "Microsoft Office Outlook has encountered a problem and needs to close. We are sorry for the inconvenience." when you use Microsoft CRM client for Microsoft Outlook (931270) under What are the known issues that customers may experience when they install this security update? in the Frequently Asked Questions (FAQ) Related to This Security Update section.

      Released 01/09/07 Updated 1/18/07

      MS07-002 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft Excel 2000
      • Microsoft Office XP Service Pack 3
        • Microsoft Excel 2002
      • Microsoft Office 2003 Service Pack 2
        • Microsoft Excel 2003
        • Microsoft Office Excel Viewer 2003
      • Microsoft Works Suites:
        • Microsoft Works Suite 2004
        • Microsoft Works Suite 2005
      • Microsoft Office 2004 for Mac
      • Microsoft Office v. X for Mac
      Non-Affected Software:
      • 2007 Microsoft Office system
        • Microsoft Office Excel 2007
      • Microsoft Works Suites:
        • Microsoft Works Suite 2006
      Revisions:
      • V1.0 (January 9, 2007): Bulletin published.
      • V1.1 (January 12, 2007): Bulletin updated Caveats and What are the known issues that customers may experience when they install this security update? under the Frequently Asked Questions (FAQ) Related to This Security Update section.
      • V2.0 (January 18, 2007): Bulletin updated: This bulletin has been re-released to re-offer the security update to customers with Microsoft Excel 2000. The security update previously did not correctly process the phonetic information that is embedded in files that are created by using Excel in the Korean, Chinese, or Japanese executable mode. For additional information see Microsoft Knowledge Base Article 931183.

      Released 01/09/07

      MS07-001 Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Office 2003 Service Pack 2 (Brazilian Portuguese Version)
        • Microsoft Word 2003
        • Microsoft Excel 2003
        • Microsoft Outlook 2003
        • Microsoft Access 2003
        • Microsoft OneNote 2003
        • Microsoft PowerPoint 2003
        • Microsoft Publisher 2003
        • Microsoft Access 2003
        • Microsoft InfoPath 2003
        • Microsoft FrontPage 2003
        • Microsoft Visio 2003
        • Microsoft Visio Enterprise Architects 2003
      • Microsoft Office Multilingual User Interface 2003 Service Pack 2 - Download the update (KB921585)
      • Microsoft Project Multilingual User Interface 2003 Service Pack 2
      • Microsoft Visio Multilingual User Interface 2003 Service Pack 2
      • Microsoft Office Proofing Tools 2003 Service Pack 2
      Non-Affected Software:
      • Microsoft Office 2000
      • Microsoft Office XP
      • Microsoft Office 2007
      • Microsoft Office v.X for Mac
      • Microsoft Office 2004 for Mac



      Expand got feedback?

      by MSeng See Profile
      last modified: 2007-12-11 20:37:11