So it is that time of the month again for patching those Windows boxes. This month we have six patches from Microsoft, three are rated critical, two important and one moderate. 

So on to the Critical fixes, first up is MS07-036, this fix addresses three problems within Microsoft Excel that could allow code execution should a user open a specially crafted Excel document. The update addresses the following issues:

• Calculation Error Vulnerability - CVE-2007-1756
• Worksheet Memory Corruption Vulnerability - CVE-2007-3029
• Workbook Memory Corruption Vulnerability - CVE-2007-3030

The issue affects Microsoft Excel that is part of Office 2000, Office XP, Office 2003 and Office 2007. However it is only rated as Critical for Office 2000, and Important for all other releases of Office.

Next up is MS07-039, this patch fixes a vulnerability within the implementations of Active Directory in Windows 2000 Server and Windows Server 2003 that could allow remote code execution or a denial of service condition. The issue is only rated as Critical on Windows 2000 and as important for other versions of the Windows Server platform.

Then we have the lsat of our critical patches, MS07-040 is a patch for the .NET Framework. This patch addresses three privately reported vulnerabilities within the .NET Framework, two of which could result in remote code execution and the third is an information disclosure issue. These issues affect .NET Framework versions 1.0, 1.1 and 2.0, .NET Framework version 3.0 is not affected by these issues. The issues addressed by this patch include:

• .NET PE Loader Vulnerability - CVE-2007-0041
• ASP.NET Null Byte Termination Vulnerability - CVE-2007-0042
• .NET JIT Compiler Vulnerability - CVE-2007-0043

Then on to the Important rated patches, MS07-037 addresses a vulnerability within Microsoft Office Publisher 2007. Not other versions of Publisher are vulnerable. The issues is a  remote code execution vulnerability in the way Publisher does not adequately clear out memory resources when writing application data from disk to memory.  It is possible for an attacker to exploit the vulnerability by constructing a specially crafted Publisher (.pub) page.

Then we have MS07-041, this important rated vulnerability relates to a problem with Internet Information Server 5.1 installed on Windows XP SP2. The vulnerability could allow remote code execution if an attacker sends a specially crafted URL request to a Web page hosted by Internet Information Services (IIS) 5.1.

Finally we have MS07-038, this is a moderate rated vulnerability in the Windows Vista Firewall that can allow information disclosure.

So as usual for this time of the month, buy your IT Guys some beer for all the good work they do cleaning up the mess that Microsoft made for you installing all this patches.

Add this page to your favorite Social Bookmarking websites