Microsoft released six security updates for June, rating four of them as critical. Here's a brief description of each update; for more information, go to http://www.microsoft.com/technet/security/bulletin/ms07-jun.mspx
MS07-030: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution
This bulletin addresses several privately reported and responsibly disclosed vulnerabilities in Microsoft Visio. These vulnerabilities could lead to remote code execution if a specifically crafted Visio file is opened on an unpatched computer.
Applies to: Visio 2002 and Visio 2003.
Recommendation: Microsoft rates this bulletin as important. If your organization uses Visio, you should test and deploy the patch as part of your normal patch management cycle.
MS07-031: Vulnerability in the Windows Secure Channel Security Package Could Allow Remote Code Execution
This vulnerability relates to the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) implementations on several Windows OS versions. Exploitation of this vulnerability could allow remote code execution through a specifically created Web page. This bulletin does not replace any previous security bulletins.
Applies to: Windows 2000, Windows XP, and Windows Server 2003.
Recommendation: Although Microsoft rates this update as critical, the vulnerability has not been publicly disclosed. Microsoft also reports that when it has tested this vulnerability, the Web browser is more likely to exit than to allow remote code execution. You should promptly perform testing and deployment of this update on vulnerable systems.
MS07-032: Vulnerability in Windows Vista Could Allow Information Disclosure
This bulletin relates to a privately disclosed vulnerability that could allow a locally logged-on user to access local user information stores on a Windows Vista computer. This includes local administrator passwords contained within the registry and local file system.
Applies to: Windows Vista.
Recommendation: Microsoft rates this bulletin as moderate. You should test and deploy the patch as part of your normal patch management routine.
MS07-033: Cumulative Security Update for Internet Explorer
This bulletin addresses both privately and publicly reported vulnerabilities in multiple versions of Microsoft Internet Explorer (IE). The vulnerabilities involve remote code execution and could be exploited through a specifically created Web page. This bulletin does not replace any previously released bulletins.
Applies to: Windows 2000, Windows XP, Windows Server 2003, and Windows Vista.
Recommendation: Microsoft rates this update as critical because the details of this vulnerability have been publicly reported. You should perform accelerated testing and deployment of this update on vulnerable systems.
MS07-034: Cumulative Security Update for Outlook Express and Windows Mail
This bulletin deals with several publicly and privately disclosed vulnerabilities in Microsoft Outlook Express and Windows Mail. These vulnerabilities could be exploited by a specially created email that leverages remote code execution.
Applies to: Windows XP, Windows Server 2003, and Windows Vista.
Recommendation: Microsoft rates this update as critical because the details of this vulnerability have been publicly reported. You should perform accelerated testing and deployment of this update on vulnerable systems.
MS07-035: Vulnerability in Win32 API Could Allow Remote Code Execution
This bulletin addresses a privately reported vulnerability in a Win32 API which could allow remote code execution and privilege escalation. This vulnerability can be exploited through specifically written Web pages.
Applies to: Windows 2000, Windows XP, and Windows Server 2003.
Recommendation: Although Microsoft rates this update as critical, the vulnerability has not been publicly disclosed. You should promptly perform testing and deployment of this update on vulnerable systems.
End of Article
Register
