Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > May 2007 > Microsoft Security Bulletin Summary for May 2007

May 2007

Microsoft Security Bulletin Summary for May 2007

ID: 128
Ref: 070/2007
Date: 09 May 2007:10:40:12
Version: 1
Title: Microsoft Security Bulletin Summary for May 2007
Abstract: Microsoft monthly security bulletin release
Vendors affected: Microsoft
Operating systems affected: Microsoft

1.

Bulletin Identifier: Microsoft Security Bulletin MS07-023

Bulletin Title: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)

Executive Summary: This update resolves vulnerabilities in Microsoft Excel that could allow remote code execution.

Maximum Severity Rating: Critical

Impact of Vulnerability: Remote Code Execution

Detection: Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.

Affected Software:

- Microsoft Office 2000 Service Pack 3: Microsoft Excel 2000
- Microsoft Office XP Service Pack 3: Microsoft Excel 2002
- Microsoft Office 2003 Service Pack 2: Microsoft Excel 2003, Microsoft Excel 2003 Viewer
- 2007 Microsoft Office System: Microsoft Office Excel 2007, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
- Microsoft Office 2004 for Mac

Full Advisory: http://www.microsoft.com/technet/security/bulletin/ms07-023.mspx


2.

Bulletin Identifier: Microsoft Security Bulletin MS07-024

Bulletin Title: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)

Executive Summary: This update resolves vulnerabilities in Microsoft Word that could allow remote code execution.

Maximum Severity Rating: Critical

Impact of Vulnerability: Remote Code Execution

Detection: Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.

Affected Software:

- Microsoft Office 2000 Service Pack 3: Microsoft Word 2000
- Microsoft Office XP Service Pack 3: Microsoft Word 2002
- Microsoft Office 2003 Service Pack 2: Microsoft Word 2003, Microsoft Word Viewer 2003
- Microsoft Office 2004 for Mac
- Microsoft Works Suites: Microsoft Works Suite 2004, Microsoft Works Suite 2005, Microsoft Works Suite 2006

Full Advisory: http://www.microsoft.com/technet/security/bulletin/ms07-024.mspx


3.

Bulletin Identifier: Microsoft Security Bulletin MS07-025

Bulletin Title: Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)

Executive Summary: This update resolves a vulnerability in Microsoft Office that could allow remote code execution.

Maximum Severity Rating: Critical

Impact of Vulnerability: Remote Code Execution

Detection: Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.

Affected Software:

- Microsoft Office 2000 Service Pack 3: Microsoft Excel 2000, Microsoft FrontPage 2000, Microsoft Publisher 2000
- Microsoft Office XP Service Pack 3: Microsoft Excel 2002, Microsoft FrontPage 2002, Microsoft Publisher 2002
- Microsoft Office 2003 Service Pack 2: Microsoft Excel 2003, Microsoft FrontPage 2003, Microsoft Publisher 2003, Microsoft Excel 2003 Viewer
- 2007 Microsoft Office System:: Microsoft Office Excel 2007, Microsoft Office Publisher 2007, Microsoft Office SharePoint Designer 2007, Microsoft Expression Web
- Microsoft Office 2004 for Mac

Full Advisory: http://www.microsoft.com/technet/security/bulletin/ms07-025.mspx


4.

Bulletin Identifier: Microsoft Security Bulletin MS07-026

Bulletin Title: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)

Executive Summary: This update resolves vulnerabilities in Microsoft Exchange that could allow remote code execution.

Maximum Severity Rating: Critical

Impact of Vulnerability: Remote Code Execution

Detection: Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.

Affected Software:

- Microsoft Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004
- Microsoft Exchange Server 2003 Service Pack 1
- Microsoft Exchange Server 2003 Service Pack 2
- Microsoft Exchange Server 2007

Full Advisory: http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx


5.

Bulletin Identifier: Microsoft Security Bulletin MS07-027

Bulletin Title: Cumulative Security Update for Internet Explorer (931768)

Executive Summary: This update resolves vulnerabilities in Internet Explorer that could allow remote code execution.

Maximum Severity Rating: Critical

Impact of Vulnerability: Remote Code Execution

Detection: Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.

Affected Software:

- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
- Microsoft Windows Server 2003 Service Pack 1 and Microsoft Windows Server 2003 Service Pack 2
- Microsoft Windows Server 2003 with SP1 for Itanium-based Systems and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition Service Pack 1 and Microsoft Windows Server 2003 x64 Edition Service Pack 2
- Windows Vista
- Windows Vista x64 Edition

Affected Components:

- Microsoft Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4
- Microsoft Internet Explorer 6 Service Pack 1 when installed on Windows 2000 Service Pack 4
- Microsoft Internet Explorer 6 for Windows XP Service Pack 2
- Microsoft Internet Explorer 6 for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
- Microsoft Internet Explorer 6 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
- Microsoft Internet Explorer 6 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft Internet Explorer 6 for Windows Server 2003 x64 Edition Service Pack 1 and Windows Server 2003 x64 Edition Service Pack 2
- Windows Internet Explorer 7 for Windows XP Service Pack 2
- Windows Internet Explorer 7 for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
- Windows Internet Explorer 7 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
- Windows Internet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Internet Explorer 7 for Windows Server 2003 x64 Edition Service Pack 1 and Windows Server 2003 x64 Edition Service Pack 2
- Windows Internet Explorer 7 in Windows Vista
- Windows Internet Explorer 7 in Windows Vista x64 Edition

Full Advisory: http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx


6.

Bulletin Identifier: Microsoft Security Bulletin MS07-028

Bulletin Title: Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)

Executive Summary: This update resolves a vulnerability in the Cryptographic API Component Object Model (CAPICOM) that could allow remote code execution.
Maximum Severity Rating: Critical

Impact of Vulnerability: Remote Code Execution

Detection: Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.

Affected Software:

- CAPICOM
- Platform SDK Redistributable: CAPICOM
- BizTalk Server 2004 Service Pack 1
- BizTalk Server 2004 Service Pack 2

Full Advisory: http://www.microsoft.com/technet/security/bulletin/ms07-028.mspx


7.

Bulletin Identifier: Microsoft Security Bulletin MS07-029

Bulletin Title: Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution (935966)

Executive Summary: This update resolves a vulnerability in RPC on Windows DNS Server that could allow remote code execution.

Maximum Severity Rating: Critical

Impact of Vulnerability: Remote Code Execution

Detection: Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.

Affected Software:

- Microsoft Windows 2000 Server Service Pack 4
- Microsoft Windows Server 2003 Service Pack 1 and Microsoft Windows Server 2003 Service Pack 2
- Microsoft Windows Server 2003 with SP1 for Itanium-based Systems and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition Service Pack 1 and Microsoft Windows Server 2003 x64 Edition Service Pack 2

Full Advisory: http://www.microsoft.com/technet/security/bulletin/ms07-029.mspx


Further Information:

Microsoft TechNet Webcast: Information About Microsoft May Security Bulletins (Level 200)
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032327015&EventCategory=4&culture=en-US&CountryCode=US

SANS: http://isc.sans.org/diary.html?storyid=2769

Security Focus: http://www.securityfocus.com/brief/497
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |