Microsoft Security Bulletin MS07-036
Bulletin Title
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542)
Executive Summary
This critical update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in addition to other security issues identified during the course of the investigation. These vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating
Critical
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. This update does not require a restart.
Affected Software
Office, Excel.

Microsoft Security Bulletin MS07-039
Bulletin Title
Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122)
Executive Summary
This critical security update resolves a privately reported vulnerability in implementations of Active Directory on Windows 2000 Server and Windows Server 2003 that could allow remote code execution or a denial of service condition. Attacks attempting to exploit this vulnerability would most likely result in a denial of service condition. However remote code execution could be possible. On Windows Server 2003 an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
Maximum Severity Rating
Critical
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will require a restart.
Affected Software
Windows

Microsoft Security Bulletin MS07-040
Bulletin Title
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212)
Executive Summary
This update resolves three privately reported vulnerabilities. Two of these vulnerabilities could allow remote code execution on client systems with .NET Framework installed, and one could allow information disclosure on Web servers running ASP.NET. In all remote code execution cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating
Critical
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will require a restart.
Affected Software
.NET Framework

Microsoft Security Bulletin MS07-037
Bulletin Title
Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (936548)
Executive Summary
This important security update resolves one publicly disclosed vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Microsoft Office Publisher file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required to exploit this vulnerability.
Maximum Severity Rating
Important
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update does not require a restart.
Affected Software
Office, Publisher

Microsoft Security Bulletin MS07-041
Bulletin Title
Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373)
Executive Summary
This important security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if an attacker sent specially crafted URL requests to a Web page hosted by Internet Information Services (IIS) 5.1 on Windows XP Professional Service Pack 2. IIS 5.1 is not part of a default install of Windows XP Professional Service Pack 2. An attacker who successfully exploited this vulnerability could take complete control of the affected system.
Maximum Severity Rating
Important
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will require a restart.
Affected Software
Windows XP Professional.

Microsoft Security Bulletin MS07-031
Bulletin Title:
Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)
Executive Summary:
This critical security update resolves a privately reported vulnerability in the Secure Channel (Schannel) security package in Windows. The Schannel security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using an Internet Web browser or used an application that makes use of SSL/TLS. However, attempts to exploit this vulnerability would most likely result in the Internet Web browser or application exiting. The system would not be able to connect to Web sites or resources using SSL or TLS until a restart of the system.
Maximum Severity Rating:
Critical
Impact of Vulnerability:
Remote Code Execution
Detection:
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software:
Windows.

Microsoft Security Bulletin MS07-033
Cumulative Security Update for Internet Explorer (933566)
Executive Summary:
This critical security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. All but one of these vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. One vulnerability could allow spoofing, and also involves a specially crafted Web page. In all remote code execution cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. For the spoofing case, exploitation requires user interaction.
Maximum Severity Rating:
Critical
Impact of Vulnerability:
Remote Code Execution
Detection:
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software:
Windows, Internet Explorer.

Microsoft Security Bulletin MS07-034
Bulletin Title:
Cumulative Security Update for Outlook Express and Windows Mail (929123)
Executive Summary:
This critical security update resolves two privately reported and two publicly disclosed vulnerabilities. One of these vulnerabilities could allow remote code execution if a user viewed a specially crafted e-mail using Windows Mail in Windows Vista. The other vulnerabilities could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer and cannot be exploited directly in Outlook Express. For the information disclosure vulnerabilities, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating:
Critical
Impact of Vulnerability:
Remote Code Execution
Detection:
Microsoft Baseline Security Analyzer and the Enterprise Scan Tool can detect whether your computer system requires this update. The update may require a restart.
Affected Software:
Windows, Outlook Express, Windows Mail.

Microsoft Security Bulletin MS07-035
Bulletin Title:
Vulnerability in Win32 API Could Allow Remote Code Execution (935839)
Executive Summary:
This critical security update resolves a privately reported vulnerability in a Win32 API. This vulnerability could allow remote code execution or elevation of privilege if the affected API is used locally by a specially crafted application. Therefore, applications that use this component of the Win32 API could be used as a vector for this vulnerability. For example, Internet Explorer uses this Win32 API function when parsing specially crafted Web pages.
Maximum Severity Rating:
Critical
Impact of Vulnerability:
Remote Code Execution
Detection:
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software:
Windows.

Microsoft Security Bulletin MS07-030
Bulletin Title:
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)
Executive Summary:
This important security update resolves two privately discovered and responsibly reported vulnerabilities in addition to other security issues identified during the course of the investigation. The privately reported vulnerabilities could allow remote code execution if a user opened a specially crafted Visio file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required to exploit these vulnerabilities.
Maximum Severity Rating:
Important
Impact of Vulnerability:
Remote Code Execution
Detection:
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software:
Office, Visio.

Microsoft Security Bulletin MS07-023
Bulletin Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)
Executive Summary:
This update resolves vulnerabilities in Microsoft Excel that could allow remote code execution.
Maximum Severity Rating:
Critical
Impact of Vulnerability:
Remote Code Execution
Detection:
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software:
Office

——————————————————————–

Microsoft Security Bulletin MS07-024
Bulletin Title:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)
Executive Summary:
This update resolves vulnerabilities in Microsoft Word that could allow remote code execution.
Maximum Severity Rating:
Critical
Impact of Vulnerability:
Remote Code Execution
Detection:
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software:
Office

——————————————————————–

Microsoft Security Bulletin MS07-025
Bulletin Title:
Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)
Executive Summary:
This update resolves a vulnerability in Microsoft Office that could allow remote code execution.
Maximum Severity Rating:
Critical
Impact of Vulnerability:
Remote Code Execution
Detection:
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software:
Office

——————————————————————–

Microsoft Security Bulletin MS07-026
Bulletin Title:
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)
Executive Summary:
This update resolves vulnerabilities in Microsoft Exchange that could allow remote code execution.
Maximum Severity Rating:
Critical
Impact of Vulnerability:
Remote Code Execution
Detection:
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software:
Exchange

——————————————————————–

Microsoft Security Bulletin MS07-027
Bulletin Title:
Cumulative Security Update for Internet Explorer (931768)
Executive Summary:
This update resolves vulnerabilities in Internet Explorer that could allow remote code execution.
Maximum Severity Rating:
Critical
Impact of Vulnerability:
Remote Code Execution
Detection:
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software:
Internet Explorer

——————————————————————–

Microsoft Security Bulletin MS07-028
Bulletin Title:
Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)
Executive Summary:
This update resolves a vulnerability in the Cryptographic API Component Object Model (CAPICOM) that could allow remote code execution.
Maximum Severity Rating:
Critical
Impact of Vulnerability:
Remote Code Execution
Detection:
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software:
CAPICOM, BizTalk

——————————————————————–

Microsoft Security Bulletin MS07-029
Bulletin Title:
Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution (935966)
Executive Summary:
This update resolves a vulnerability in RPC on Windows DNS Server that could allow remote code execution.
Maximum Severity Rating:
Critical
Impact of Vulnerability:
Remote Code Execution
Detection:
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.
Affected Software:
Windows