Microsoft Security Bulletin Summary for May 2007

Microsoft Security Bulletin(s) for 5/08/2007
http://www.microsoft.com/technet/security/bulletin/ms07-may.mspx

May 8 2007
Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:


Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966):
http://www.microsoft.com/technet/security/Bulletin/MS07-029.mspx

Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)
http://www.microsoft.com/technet/security/Bulletin/MS07-028.mspx

Cumulative Security Update for Internet Explorer 931768
http://www.microsoft.com/technet/security/Bulletin/MS07-027.mspx

Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)
http://www.microsoft.com/technet/security/Bulletin/MS07-026.mspx

Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)
http://www.microsoft.com/technet/security/Bulletin/MS07-025.mspx

Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)
http://www.microsoft.com/technet/security/Bulletin/MS07-024.mspx

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)
http://www.microsoft.com/technet/security/Bulletin/MS07-023.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

TechNet Webcast: Information About Microsoft May Security Bulletins (Level 200)
Language(s): English.
Product(s): Security.
Audience(s): IT Professional.

Duration: 60 Minutes
Start Date: Wednesday, May 09, 2007 11:00 AM Pacific Time (US & Canada)


Event Overview

On May 8, 2007, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the May security bulletins. The intent of this webcast is to address your concerns. Therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from our security experts.

Presenters: Christopher Budd, CCE, CISA, CISM, CISSP, ISSMP Security Program Manager, Microsoft Corporation and Mike Reavey, Lead Security Program Manager, Microsoft Corporation

Register now for the May security bulletin webcast.

 

Families Cleaned by the Malicious Software Removal Tool
Additions Are Made Each Month to Address the Latest Threats
Published: April 12, 2005 | Updated: May 8, 2007


Run the tool from the Microsoft.com Web site, or download the tool and run it locally on your computer.

The Microsoft Windows Malicious Software Removal Tool removes specific, prevalent malicious software families from computers running compatible versions of Windows. Microsoft releases a new version of the tool on the second Tuesday of every month, and as needed to respond to security incidents.

New Malicious Software
The following malicious software was added this release. Click the name to learn more in our Malicious Software Encyclopedia.

• Renos
http://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32/Renos

 

Microsoft Security Bulletin MS07-027
Cumulative Security Update for Internet Explorer 931768
Published: May 8, 2007 | Updated: May 16, 2007
Revisions:

• V1.0 (May 8, 2007): Bulletin published.

• V1.1 (May 8, 2007): Updated file version, size and time-stamp information for the Microsoft Internet Explorer 6 for Windows XP Service Pack 2.

• V1.2 (May 16, 2007): Bulletin revised due to an incorrect file name in Arbitrary File Rewrite Vulnerability - CVE-2007-2221 killbit table; A new issue discovered with the security update: 937409The “File Download – Security Warning” dialog box opens when you try to open Internet Explorer 7;Updated file names for Internet Explorer 7

http://www.microsoft.com/technet/security/Bulletin/MS07-027.mspx

 

Microsoft Security Bulletin MS07-025
Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)
Published: May 8, 2007 | Updated: May 16, 2007

Version: 1.1

Revisions:
• V1.0 (May 8, 2007): Bulletin published.

• V1.1 (May 16, 2007): Bulletin workarounds section updated, with the removal of the “Use Microsoft Word Viewer 2003 to open and view files” workaround. This workaround is not valid for the vulnerability discussed in this security bulletin.

http://www.microsoft.com/technet/security/bulletin/ms07-025.mspx

 

Microsoft Security Bulletin MS07-023
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)
Published: May 8, 2007 | Updated: May 16, 2007

Version: 1.1

Revisions:

• V1.0 (May 8, 2007): Bulletin published.

• V1.1 (May 16, 2007): Bulletin “Installation File Information” section updated with the correct file name for the Office 2007 Compatibility Pack.

http://www.microsoft.com/technet/security/bulletin/ms07-023.mspx

 

Microsoft Security Bulletin Minor Revisions
Issued: May 17, 2007
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS07-025
* MS07-023

Bulletin Information:
=====================

* MS07-025
http://www.microsoft.com/technet/security/bulletin/ms07-025.mspx

- Reason for Revision: This Bulletin has been revised due to new
issues discovered with the security update as reflected in
Microsoft Knowledge Base Article 934873
- Originally posted: May 8, 2007
- Updated: May 17, 2007
- Bulletin Severity Rating: Critical
- Version: 1.2

MS07-023
http://www.microsoft.com/technet/security/bulletin/ms07-023.mspx

- Reason for Revision: This Bulletin has been revised due to new
issues discovered with the security update as reflected in
Microsoft Knowledge Base Article 934233
- Originally posted: May 8, 2007
- Updated: May 17, 2007
- Bulletin Severity Rating: Critical
- Version: 1.2

Support:
========
Technical support resources can be found at
http://support.microsoft.com/

International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at:
http://support.microsoft.com/common/international.aspx

 

Microsoft Security Bulletin Advance Notification for June 2007

Microsoft Security Bulletin Advance Notification issued: June 7, 2007
Microsoft Security Bulletins to be issued: June 12, 2007

This is an advance notification of six security bulletins that Microsoft is intending to release on June 12, 2007.

http://www.microsoft.com/technet/security/bulletin/ms07-jun.mspx