Microsoft Bulletins 2007

	Microsoft_Security_Bulletin_Re-Releases_For December 2007
	Microsoft_Security_Bulletin_Re-Releases For November 2007
	Microsoft_Security_Bulletin_Summary_for_November_2007
	Microsoft_Security_Bulletin_Re-Release_For October 2007
	Microsoft_Security_Bulletin_Re-Release_for_September_2007
	Microsoft_Security_Bulletin_Summary_for_August_2007
	Microsoft_Security_Bulletin_Re-Releases for June 2007
	Microsoft_Security_Bulletin_Summary_for_June_2007
	Microsoft_Security_Bulletin_Summary_for_May_2007
	Microsoft_Security_Bulletin_Summary_for_April_2007
	Microsoft_Security_Bulletin_Summary_for_March_2007
	Microsoft_Security_Bulletin_Summary_for_February_2007
	Microsoft_Security_Bulletin_Re-Releases 1/18/07
	Microsoft_Security_Bulletin_Summary_for_January_2007

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: December 12, 2007
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS06-078

Bulletin Information:
=====================

* MS06-078

- http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx
- Reason for Revision: V4.0 (December 12, 2007): Bulletin updated
to add Microsoft Windows XP Professional x64 Edition Service
Pack 2 and Microsoft Windows Server 2003 x64 Edition Service
Pack 2 to the "Affected Software" section for Microsoft
Windows Media Player 6.4 (KB925398). No action is required on
systems where the security update has been successfully installed.
- Originally posted: December 12, 2006
- Updated: December 12, 2007
- Bulletin Severity Rating: Critical
- Version: 4.0

Other Information
=================

Recognize and avoid fraudulent e-mail to Microsoft customers:
=============================================================
If you receive an e-mail message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious Web sites. Microsoft does not distribute security updates via e-mail.

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, it is not required to read security notifications, security bulletins, security advisories, or install security updates. You can obtain the MSRC public PGP key at https://www.microsoft.com/technet/security/bulletin/pgp.mspx.

To receive automatic notifications whenever Microsoft Security Bulletins and Microsoft Security Advisories are issued or revised, subscribe to Microsoft Technical Security Notifications on http://www.microsoft.com/technet/security/bulletin/notify.mspx.

********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBR2CPq1KuubOIpnsTAQJSUg/+KMsIr50BpCV6jQ+puv/LQMUE3xEJepP+
eulsEs0mj+eDPQp+CvLyEXzhkK9Fqzb6xoVEJVx5AfIYXktXzvBPpAezKBNp/3F8
EK63trSnLs28TkKuDsUvzjOCB72iOzz5nAybZ0OAp6USWrpJo3dVO4EDwvkiGxQA
7ZyXgAMsS/+Vkl0JkyIR4Ugvk6XsJrHUm4Fp/1FN2mooYtI6dI99pAbzt8FFsV4G
Abo+4CoElupAbuaMwwI99VvtCnT4cr/yBqZh9gP7kiXksEavHlYt1Ngahfj1WtRy
pDJWH/RI5YRZhzlb/p7tgS1STP+ifyczlAtGrcBtIR+h7YoOYxw7JwRPVyb+tSNh
fVl5ZdyWMKRlzziubnRKTttXMDuh3bSfpyjGd8HsgZwNRxq0t9OgiG0sZ8jS4taZ
u8hn+pgWbydm3wwqcBQd5CK0ex6fRhglbKExFiJmtg+En6/i+vCICLMRNGVlf4q+
WvLGYpQ3Ppf7XklqQG9/NXXfE1q3CwpBdeeY4/l5a2wsd7vbLrVgrDHixSNaAlo0
vap8BtaPSbDoCjOVTdnZbowYsuyY0+q80wVySbd/eDh9L0jeV5ijWMlfkf/nMEVQ
RiptKiO7uMUfCAD+gj0lHudGOf1mAJfhmvtxmj+/sjsdNX2FxB8rY0O69UK4asQO
DWZlSdiBzCE=
=AMrR
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: November 13, 2007
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS07-049 - Important

Bulletin Information:
=====================

* MS07-049 - Important

- http://www.microsoft.com/technet/security/bulletin/ms07-049.mspx
- Reason for Revision: V2.0 (November 13, 2007): The security
update for Microsoft Virtual PC 2004, Microsoft Virtual PC
2004 Service Pack 1, Microsoft Virtual Server 2005 Standard
Edition, Microsoft Virtual Server 2005 Enterprise Edition,
Microsoft Virtual Server 2005 R2 Standard Edition, and
Microsoft Virtual Server 2005 R2 Enterprise Edition did not
correctly install in certain cases. Microsoft recommends that
customers apply the update at the earliest opportunity. No
action is required on systems where the security update has
been successfully installed. For details please read the
"Frequently Asked Questions (FAQ) Related to This Security
Update" section.
- Originally posted: August 14, 2007
- Updated: November 13, 2007
- Bulletin Severity Rating: Important
- Version: 2.0

Other Information
=================

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBRzntU4lDklrxMhdPAQJviA/+M1LhkWwQxXMbvp1PgtbaAFm7H/tev8y1
/B/5QrdtqrhJT/V4dgvfW5iUTqQ6cGy22ae7/pEOouV3wm9jJebSuwSvuPTu2+l9
fRDhH3NIjsYTPluwqDzzDtQ9hPqs5RKnTM1/Tad0IKmaYHzqt1OZ8Cy/awgB9rnk
51mgrV/n2IcA3vFKQspj5Td6l/SctSoyF0I2YJSVgIFG8/brED6CoTa1YFQD55V4
+yBZUNOibWoGubWXAZAHk/MhZjqWdPHGRN/SeayniXOpbJDpMz1VP/rIDI95vVr2
5S2yZqxBCnrF/EtXf+wyh1y9pWE6FHKHJT2pdFSU7kBLR7dkM3Hc4YlnAvgLIQuj
9gr0PWdSkYbiOFXTVz6uDNEPg/gESSv8KlRJP+pAxKXBb7uaVOQHc4Nwy/puSB9f
byqWHERic7kK2ltcW6UmheLrX/RHO4LROqUlnJ32bsIeQlByF5GW9TzrW2Vx6fMa
n/B+2rlJCLQeJdDBcvgbHnIgJT4grVhCVAvtJ4SHfql9M/W5JuIV85+jcsxDztEl
WjaTIibqTXQXTkyGrvtt4YtuMD0y7PS+KwEi7+XCESh3LNZClf3hMJL4lX4S1VRa
qdf8gejWKTzck+dV7hjHREpSJIioVn0dmyn2Z8sN8bCtkIv8s+VNClPzkzcnZLj9
bFUswMFqPis=
=d7At
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Microsoft Security Bulletin Summary for November 2007
Issued: November 13, 2007
********************************************************************

This bulletin summary lists security bulletins released for November 2007.

The full version of the Microsoft Security Bulletin Summary for November 2007 can be found at http://www.microsoft.com/technet/security/bulletin/ms07-nov.mspx.

With the release of the bulletins for November 2007, this bulletin summary replaces the bulletin advance notification originally issued on November 8, 2007. For more information about the bulletin advance notification service, see http://www.microsoft.com/technet/security/Bulletin/advance.mspx.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://www.microsoft.com/technet/security/bulletin/notify.mspx.

Microsoft is hosting a webcast to address customer questions on these bulletins on Wednesday, November 14, 2007, at 11:00 AM Pacific Time (US & Canada). Register for the November Security Bulletin Webcast at http://www.microsoft.com/technet/security/bulletin/summary.mspx.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

Critical Security Bulletins
===========================

Microsoft Security Bulletin MS07-061

- Affected Software:
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 with SP2 for Itanium-based Systems

- Impact: Remote Code Execution
- Version Number: 1.0

Important Security Bulletins
============================

Microsoft Security Bulletin MS07-062

- Affected Software:
- Microsoft Windows 2000 Server Service Pack 4
- Windows Server 2003 Service Pack 1
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 with SP2 for Itanium-based Systems

- Impact: Spoofing
- Version Number: 1.0

Other Information
=================

Microsoft Windows Malicious Software Removal Tool:
==================================================
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS:
============================================================
For this month:

* Microsoft is planning to release three non-security,
high-priority updates on Microsoft Update (MU) and
Windows Server Update Services (WSUS).

* Microsoft is planning to release zero non-security,
high-priority updates for Windows on Windows Update (WU).

Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services, and released on the same day as the Security Bulletin Summary. Information will not be provided about non-security updates released on other days.

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, it is not required to read security notifications, read security bulletins, or install security updates. You can obtain the MSRC public PGP key at https://www.microsoft.com/technet/security/bulletin/pgp.mspx.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBRznkEYlDklrxMhdPAQJ+oxAAsyU0N+tJzSTZtoA7wk/DiPgXRANxDd5I
7PtnBzHJhwRz6txeKoczSaywwi/WHB4Sa1iYzgIsYhJMDeoNfaygryUuNNKnBmPk
kxHCWlXahMJB+8HiQ03oPNRU5hIrOOUPcwRSCu88gTOTLBUxQ3aRs2Gm3u9WGsgR
bMin1cC693PKy4+LzRB3sZAUxzdf1JepUmF1soug+ftq1yUvX1f01PBihjRTV12T
zQwsivriHo7OqxiuL2LpRdKoE1gNuScFFSarJgsHLZ+KdVUSPbuEia3Ba7OeDZKH
v5L5XBmm9jXxLfGWfTihzhlV4/zjGBd0nGI8ysNfrrMaKn72v+M+XFuKIbz9i3SM
xSJmzOh8OwZN7PZfAWKu9uhCSoPy02sCEJo4YoBzL0QMUmI2/4nvv7p/QQ5dn4c3
k5irJmMj3NU6J8dpDc+Epi+YlaqwBPvn6+SKmd0pg9EjmaGBpZaJ+HPohp6swjOj
VoO6XF80lyutYasTo3U3sOdCV3ivvaDJA5ESGz5U/usoHSMG75VWQzUXoqR3ypgJ
FkkhrmxMAJV0nqApf/+VZGuLq26QSFkzagbLt+IEJ30oEKPLeWJAisPPCfTDiBrD
Y7M6manZauQgZIX2o5FlTwabI2K7JPPiRa2F8YCcP5OSo0xwGh0NC0nMTievZZPR
/sYCSreO4/g=
=XvnD
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Re-Release
Issued: October 10, 2007
********************************************************************

Summary
=======
The following bulletin has undergone a major revision increment.
Please see the bulletin for more detail.

* MS07-056 - Critical

Bulletin Information:
=====================

* MS07-056 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms07-056.mspx
- Reason for Revision: Revised to include Windows XP Professional
x64 Edition in the Affected Software section; Known Issues
set to none; Corrected missing file information to the
bulletin text for Outlook Express 6.0 Service Pack 1 on
Windows 2000 Service pack 4 and Outlook Express 5.5 Service
Pack 2 on Windows 2000 Service pack 4.
- Originally posted: October 9, 2007
- Updated: October 10, 2007
- Bulletin Severity Rating: Critical
- Version: 2.0

Other Information
=================

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBRw1rnolDklrxMhdPAQIRQRAArfla72YN7T6vbq5ywUJsjhlA3v7g6gMn
BbZNS0npqxXT1ypwpBqh5zYN2pkfhudF1upTDtyHvh2UcHME+yCTc+FEfPg53K7d
ljy6hZ0khTjH2Lx1gTZPUGd9YkkOOvOgan0Cm+P4aDMMS1t+aVxuveSEGl2m8OG6
UH4Dg8HRt2Ot+UxqGGksahV4+x8QSuQ7h9XpZwZuJ3kVCM2mFnmq/+TLIrZj4rV7
Z0WoO0NYrCi678piJeqVtKlqYyugSwFUps7j94yLCtz1DTb8GekFa/Eb7XwB+VVb
WlK3DWt9p/Zi63ljkQSN/oQlvyI9lmnRZjABH9jmB44NVL4YUajVDA2Wc3JoCirq
8zdkrp0rmoNGlrWrtygoZH8t8vaR1fEmWWTOSHQFm8VG2n6SvBqW3bYAe19uEZ1w
gukNy03HOJMe704nKI/UgmtHKg8Y3LsjyDv0fF0eRQ6U11D0McAcc+O0rkGGxNLS
ymWrugQZ6WyE0qCBuCdTyQZw3ysRKCSo/kbHRuPv2mjm2NNaQH4N47gq4TS/nHh6
XraVb1lK+cLBOwB/H+PF2sw+iZMDUeVIG7dZGgq+ryckgiK+sNf3zWuCgRsIvt3+
4evk4lYahfYl0vMUgQoH/rTUWlTGezSjs3kGEOOFVv5Ai/n5bVSd2Bkf2Fs7XfF1
f+Xu0UcRobs=
=GbiE
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Re-Release
Issued: September 27, 2007
********************************************************************

Summary
=======
The following bulletin has undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS07-042 - Critical

Bulletin Information:
=====================

* MS07-042 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx
- Reason for Revision: Bulletin Updated: Added Microsoft Office
Compatibility Pack for Word, Excel, and PowerPoint 2007 File
Formats and Microsoft Expression Web as affected products.
The Bulletin has also been updated to inform customers that a
potential reliability issue exists in applications that have
installed Microsoft XML Core Services 4.0 on Windows Vista,
which can be addressed by applying the download available in
Microsoft Knowledge Base Article 941833.
- Originally posted: August 14, 2007
- Updated: September 27, 2007
- Bulletin Severity Rating: Critical
- Version: 2.0

Other Information
=================

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBRvwlPIlDklrxMhdPAQKcTg/+LQ2V2lF02wcdzi3mKC/b5zCOfRTsjdvD
OBcDcYMitsRSwuRhgYPWzKVVXBn3g4fVCh0lnONGuWBVa+YeEsdm69IbQAS8ECZY
iYrkNIRx5zlTsAz+nhB02gcpCgbrbRUs1di9X/XbvG/jBQ7GO6kxDvOZ57KxOwLH
lZwr1uGKVRfh+35UFT7tFwQPLPJVmKVOMsAHV3v1ZAjJAWZTh7WL3aOhTk1DKb+o
SWn8/BnPrqY4yCM4SA7JA5lXCXWNxlUxpx9JOIU7dHe+2MHy+cVaHnVgskmRglA7
Bgh8+LyBZbncaSuYqpkgi/UvMmWMeU9jKS/JtDL9GKtJ/qUMbuu2AFqmlc58i5Li
Jv+PGgiCIwZkieCgAHOEuaHBZ4Bd9UquImPIMYNH075nzsNbEVt6H59Ib7gUyDbV
Ct68XiRbmLiM/wAqvSRf+BMy0aJUv7SwVynLZmi+kONKT9/VzVK4FloYOEDtaEIA
4kpgdr/fyZTT6ac6KLnhF0rPcKdQ/ouXIcOfYukYtrBgD2Dek390+LRdXRQ4OiaA
RnO8sGqmK4K//Ki0uxYAka4HDwDDZv1PnJdJ6P5gqn9cLEOP4xJhmQ5NoXSgkUs4
NMPwFqrhboB5EePQ0+1ysYAa6arPV7FxPKDSiujOMT/WxOaDc7R47OYiXx7Zc0Eb
svjWFoRlzX0=
=2aRP
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Microsoft Security Bulletin Summary for August 2007
Issued: August 14, 2007
********************************************************************

This bulletin summary lists security bulletins released for August 2007.

The full version of the Microsoft Security Bulletin Summary for August 2007 can be found at http://www.microsoft.com/technet/security/bulletin/ms07-aug.mspx.

With the release of the bulletins for August 2007, this bulletin summary replaces the bulletin advance notification originally issued on August 9, 2007. For more information about the bulletin advance notification service, see http://www.microsoft.com/technet/security/Bulletin/advance.mspx.

Microsoft is hosting a webcast to address customer questions on these bulletins on Wednesday, August 15, 2007, at 11:00 AM Pacific Time (US & Canada). Register for the August Security Bulletin Webcast at http://www.microsoft.com/technet/security/bulletin/summary.mspx.

Bulletin Information
====================

The security bulletins for this month are as follows, in order of
severity:

Critical Security Bulletins
===========================

MS07-042 - Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)

- Affected Software:
- Microsoft XML Core Services 3.0 (KB936021) on Microsoft
Windows 2000 Service Pack 4
- Microsoft XML Core Services 3.0 (KB936021) on Windows XP
Service Pack 2
- Microsoft XML Core Services 3.0 (KB936021) on Windows XP
Professional x64 Edition and Windows XP Professional x64
Edition Service Pack 2
- Microsoft XML Core Services 3.0 (KB936021) on Windows Server
2003 Service Pack 1 and Windows Server 2003 Service Pack 2
- Microsoft XML Core Services 3.0 (KB936021) on Windows Server
2003 x64 Edition and Windows Server 2003 x64 Edition Service
Pack 2
- Microsoft XML Core Services 3.0 (KB936021) on Windows Server
2003 with SP1 for Itanium-based Systems and Windows Server
2003 with SP2 for Itanium-based Systems
- Microsoft XML Core Services 3.0 (KB936021) on Windows Vista
- Microsoft XML Core Services 3.0 (KB936021) on Windows Vista
x64 Edition
- Microsoft XML Core Services 4.0 (KB936181) when installed on
Microsoft Windows 2000 Service Pack 4
- Microsoft XML Core Services 4.0 (KB936181) on Windows XP
Service Pack 2
- Microsoft XML Core Services 4.0 (KB936181) when installed on
Windows XP Professional x64 Edition and Windows XP
Professional x64 Edition Service Pack 2
- Microsoft XML Core Services 4.0 (KB936181) when installed on
Windows Server 2003 Service Pack 1 and Windows Server 2003
Service Pack 2
- Microsoft XML Core Services 4.0 (KB936181) when installed on
Windows Server 2003 x64 Edition and Windows Server 2003 x64
Edition Service Pack 2
- Microsoft XML Core Services 4.0 (KB936181) when installed on
Windows Server 2003 with SP1 for Itanium-based Systems and
Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft XML Core Services 4.0 (KB936181) when installed on
Windows Vista
- Microsoft XML Core Services 4.0 (KB936181) when installed on
Windows Vista x64 Edition
- Microsoft XML Core Services 6.0 (KB933579) when installed on
Microsoft Windows 2000 Service Pack 4
- Microsoft XML Core Services 6.0 (KB933579) when installed on
Windows XP Service Pack 2
- Microsoft XML Core Services 6.0 (KB933579) when installed on
Windows XP Professional x64 Edition and Windows XP
Professional x64 Edition Service Pack 2
- Microsoft XML Core Services 6.0 (KB933579) when installed on
Windows Server 2003 Service Pack 1 and Windows Server 2003
Service Pack 2
- Microsoft XML Core Services 6.0 (KB933579) when installed on
Windows Server 2003 x64 Edition and Windows Server 2003 x64
Edition Service Pack 2
- Microsoft XML Core Services 6.0 (KB933579) when installed on
Windows Server 2003 with SP1 for Itanium-based Systems and
Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft XML Core Services 6.0 (KB933579) on Windows Vista
- Microsoft XML Core Services 6.0 (KB933579) on Windows Vista
x64 Edition
- Microsoft Office 2003 Service Pack 2 with Microsoft XML Core
Services 5.0 (KB936048)
- 2007 Office System with Microsoft XML Core Services 5.0
(KB936960)
- Microsoft Office Groove Server 2007 with Microsoft XML Core
Services 5.0 (KB936056)
- Microsoft Office SharePoint Server with Microsoft XML Core
Services 5.0 (KB936056)

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-043 - Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)

- Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft Office 2004 for Mac
- Microsoft Visual Basic 6.0 Service Pack 6 (KB924053)

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-044 - Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)

- Affected Software:
- Microsoft Office 2000 Service Pack 3
- Microsoft Office XP Service Pack 3
- Microsoft Office 2003 Service Pack 2
- Microsoft Excel Viewer 2003
- Microsoft Office 2004 for Mac

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-045 - Cumulative Security Update for Internet Explorer (937143)

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-046 - Vulnerability in GDI Could Allow Remote Code Execution
(938829)

- Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003 Service Pack 1
- Windows Server 2003 x64 Edition
- Windows Server 2003 with SP1 for Itanium-based Systems

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-050 - Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)

- Impact: Remote Code Execution
- Version Number: 1.0

Important Security Bulletins
============================

MS07-047 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (936782)

- Affected Software:
- Windows Media Player 7.1 on Microsoft Windows 2000 Service
Pack 4
- Windows Media Player 9 when installed on Microsoft Windows
2000 Service Pack 4
- Windows Media Player 9 on Windows XP Service Pack 2
- Windows Media Player 10 when installed on Windows XP Service
Pack 2
- Windows Media Player 10 on Windows XP Professional x64 Edition
and Windows XP Professional x64 Edition Service Pack 2
- Windows Media Player 10 on Windows Server 2003 Service Pack 1
and Windows Server 2003 Service Pack 2
- Windows Media Player 10 on Windows Server 2003 x64 Edition
and Windows Server 2003 x64 Edition Service Pack 2
- Windows Media Player 11 when installed on Windows XP Service
Pack 2
- Windows Media Player 11 on Windows XP Professional x64 Edition
and Windows XP Professional x64 Edition Service Pack 2
- Windows Media Player 11 in Windows Vista
- Windows Media Player 11 in Windows Vista x64 Edition

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-048 - Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)

- Affected Software:
- Windows Vista
- Windows Vista x64 Edition

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-049 - Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)

- Affected Software:
- Microsoft Virtual PC 2004
- Microsoft Virtual PC 2004 Service Pack 1
- Microsoft Virtual Server 2005 Standard Edition
- Microsoft Virtual Server 2005 Enterprise Edition
- Microsoft Virtual Server 2005 R2 Standard Edition
- Microsoft Virtual Server 2005 R2 Enterprise Edition
- Microsoft Virtual PC for Mac Version 6.1
- Microsoft Virtual PC for Mac Version 7

- Impact: Elevation of Privilege
- Version Number: 1.0

Other Information
=================

Microsoft Windows Malicious Software Removal Tool:
==================================================
Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS:
========================================================
For this month:

* Microsoft has released four non-security,
high-priority updates on Microsoft Update (MU) and
Windows Server Update Services (WSUS).

* Microsoft has released two non-security,
high-priority updates for Windows on Windows Update (WU).

Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the Security Bulletin Summary. Information is not provided about non-security updates released on other days.

********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBRsH4lYlDklrxMhdPAQIYFxAAnyXeIJSoRP9PPHVomER/QI9ehkVJcqgN
CPptl5+E0bAeWTRLp2kGXygmzhJZrBsfUuAudOmRVstqPANlC3KRvRo767fL/gDY
3Ptl41yQu1D9n/2r51hxkbpamNsWsaYsFHIZf03q9aJEwygunicSatN+IlgnJSxd
JOlqcAaxv02za0XS9oXdxkYr8f9FnRTiJpcLC7OyiCsFtGIzwdVTnptA1DZsiDVt
6FB4PHHx4Fbmz0sEP5ZHly9OsjFJOrj8N8ZLv/VqJL1qSZ4AetuM5WmE7N1Z+tkr
mtmpiJSNDrTtUZt0zbGnkpaG28zl8qj7/eVC6WWNTKjQQzK3U+qD8Dp2sR/6eob7
4ttr8YoWmlZjJ0Z439bx5AGa1hYYsx5qbLlB6CSw5CbGNdtNjrh+FJEaWk7S/K0q
lEPGfPKKPP3gsOyBRD/JT+v9nII7eDA5P7oASgaHjBQI7QZmqHJmsYcQ0dU0TOe3
xCKRTAFwpCLvX3U4i19uP9xG5xZSWPGmLyx1HVFBo9AyCSG1iTKgpypONv8EJ5jz
zL+XCdDkrClLYV61otHovZQ6nQG+fi1sn3KjUqXGdGqkUO2NJaKzko3hdc475bWC
cmYKMEirl6am10/3hwkDX2TWYQ7sJ+Ow/QksOmDYYjXFRNCCxkilQl5g3TqY7uAh
14BC6P1VArI=
=AnEd
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: June 26, 2007
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS07-022

Bulletin Information:
=====================

* MS07-022

- http://www.microsoft.com/technet/security/bulletin/ms07-022.mspx
- Reason for Revision: Updated this bulletin to advise customers
that are running Windows 2000 Service Pack 4 on NEC 98
systems that a revised version of the security update is available.
- Originally posted: April 10, 2007
- Updated: June 26, 2007
- Bulletin Severity Rating: Important
- Version: 2.0

Other Information
=================

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBRoFSU4lDklrxMhdPAQLTmBAArCTWQ28sZ73Y45P8EzFaYSbzsoWJu04r
yfYNBCu6njvUm+fHzYy3t2HC1OKXimtKMOH06lVZpyy3PjoIvlqfef0KePvMU5R9
/+hYrBLk0uPeyx9dBqjg7PHKx3AQtH+CvwLSjAofynaVVst6ddbMJ1J/ykuD8AlH
flyqd9MwcjwPbnDxjmcZD5jeqqFvtPCjjwsm9+pnkG0LvH8JxKD9ywRzuhRMBL07
L1BaNLh+398PDD6xFLELY5StMCzgJp/9KohkyYOnMCrP0Qw2PY8O3GU4w7ibsY+m
0F1BJ/R6FZR8aW0ZjovMgC2zhT/V6+G5zjVZYy7sd1yufLYJczeUevuVIlDwIYvq
9FAOwZm7DXl/WVi6SXmCdUIACA7zutZPPpCWJVz3O7NMfjNo3XAN4UHFOqz3jEdL
7SiQm9KIDUCpb1z6BpIOfiU9Z4wIRioXIlVehQYoNZEHKKxvOjn22jCYdB0+GXD3
7Uuu3BTiuAOeODYL+p5tTjpMBX+/jjHkMZ3fAyhZF1FlSgACOojaJsO/FRRWkMYb
dX/13aTaaB9a0mqQkE0IumIMuYn5bjNorEoVk/cNNrxUtU8D56X60vC3uuvOsnTQ
5wllia9YsWffGvmt4EQZaEunTI95VKAwk2ptpyi5IpwKZte/U8w0S2j09L0sBeRd
QEPjBUjX+f4=
=cAph
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Summary for June 2007
Issued: June 12, 2007
Version Number: 1.0
********************************************************************

This bulletin summary lists security bulletins released for June 2007.

The full version of the Microsoft Security Bulletin Summary for June
2007 can be found at
http://www.microsoft.com/technet/security/bulletin/MS07-jun.mspx

With the release of the bulletins for June 2007, this bulletin summary replaces the bulletin advance notification originally issued June 7, 2007. For more information about the bulletin advance notification service, see http://www.microsoft.com/technet/security/Bulletin/advance.mspx.

Microsoft is hosting a webcast to address customer questions on these bulletins on Wednesday, June 13, 2007, at 11:00 AM Pacific Time (US & Canada). Register for the June Security Bulletin Webcast at http://www.microsoft.com/technet/security/bulletin/summary.mspx.
After this date, this webcast is available on-demand.

Bulletin Information
====================

The security bulletins for this month are as follows, in order of
severity:

Critical Security Bulletins
===========================

MS07-031 - Vulnerability in the Windows Schannel Security Package
Could Allow Remote Code Execution (935840)

- Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1
- Windows Server 2003 Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows Server 2003 x64 Edition Service Pack 2

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-033 - Cumulative Security Update for Internet Explorer (933566)

- Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1
- Windows Server 2003 Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Vista
- Windows Vista x64 Edition

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-034 - Cumulative Security Update for Outlook Express and
Windows Mail (929123)

- Affected Software:
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1
- Windows Server 2003 Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Vista
- Windows Vista x64 Edition

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-035 - Vulnerability in Win32 API Could Allow Remote Code
Execution (935839)

- Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1
- Windows Server 2003 Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows Server 2003 x64 Edition Service Pack 2

- Impact: Remote Code Execution
- Version Number: 1.0

Important Security Bulletins
============================

MS07-030 - Vulnerabilities in Microsoft Visio Could Allow Remote
Code Execution (927051)

- Affected Software:
- Microsoft Visio 2002 Service Pack 2
- Microsoft Visio 2003 Service Pack 2

- Impact: Remote Code Execution
- Version Number: 1.0

Moderate Security Bulletins
===========================

MS07-032 - Vulnerability in Windows Vista Could Allow Information
Disclosure (931213)

- Affected Software:
- Windows Vista
- Windows Vista x64 Edition

- Impact: Information Disclosure
- Version Number: 1.0

Other Information
=================

Note that this tool is not distributed using Software Update Services (SUS).

Non-Security, High-Priority Updates on MU, WU, WSUS and SUS:
============================================================
For this month:

* Microsoft has released seven non-security,
high-priority updates on Microsoft Update (MU) and
Windows Server Update Services (WSUS).

* Microsoft has not released any non-security,
high-priority updates for Windows on Windows Update (WU) and
Software Update Services (SUS).

Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, Windows Server Update Services, and Software Update Services released on the same day as the Security Bulletin Summary. Information is not provided about non-security updates released on other days.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBRm61dolDklrxMhdPAQJ2GBAAi0ldKJemA24scneu017Y5eAIHUpQlZ3S
957X4dqVxHVhkge+yPhGCWMgTvY9/yEMoxXu3y5OT0PF7LS/0bk3WWmv1diauYww
dWVVX1+/4ZYyRf6QaRYeeNF0fsvdjat9ETbJs1Hdjt47Tx/mDkxBpicekTyDI/5q
PJk6UT4mIoQYwZSVHGRqqPdRqdUzdENgMZaY2JjcDU3QRlViV03SDWOr+4DE/t6w
rzgjlR94Q7aFAJw27OZLBki03eqvbR2/pGj9cnl1J6yWun8VySnLLmhMJ2e7eDbH
kSdHhhHUHq0BD8jQ9SqN1N2thYRStLqBV9Gd7NNjI7jb8Tqij2RNCAqHn6PdhhZR
J45FjpKX0N5uyaLwd6TDtygFFu1LNmfyA6FpSmfrq33JpD0Id0plV8x8ot9UXOe4
FXpqzvs+/0XK1ixR0v5a4GkH6v2kyWA2vZuTOj20TSZxaPMHVAVFU73TmnStKUm4
eSQOl3N/v+DNvPNiQRh8KGlUQOK+VklWJpNmzvE94pO6clMw2lPEKPUAfdenFIrJ
YPtU5t9EeF+pO7rL9qt+bTzCDWJOKagX/lEriwwA3zOPeP4xabgf713dEk07ekG2
UV+3n9Q6cc9CqGg52d7dn0kMbnAr7mC2HdyZEtRWrB9dIrYlPiBSfknJtfM4vbr7
I8DI83vAIxo=
=27SK
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Summary for May 2007
Issued: May 8, 2007
Version Number: 1.0
Bulletin Summary: http://go.microsoft.com/fwlink/?LinkId=89795
********************************************************************

Summary:
========
This Bulletin Summary contains information about all security updates released this month. Their security bulletins, in order of severity, are as follows:

Critical Security Bulletins
===========================

MS07-023 - Vulnerabilities in Microsoft Excel Could
Allow Remote Code Execution (934233)

- Affected Software:
- Excel 2000 Service Pack 3
- Excel 2002 Service Pack 3
- Excel 2003 Service Pack 2
- Excel 2003 Viewer
- Office Excel 2007
- Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats
- Microsoft Office 2004 for Mac

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-024 - Vulnerabilities in Microsoft Word Could Allow Remote Code
Execution (934232)

- Affected Software:
- Word 2000 Service Pack 3
- Word 2002 Service Pack 3
- Word 2003 Service Pack 2
- Word Viewer 2003
- Microsoft Office 2004 for Mac
- Microsoft Works Suite 2004
- Microsoft Works Suite 2005
- Microsoft Works Suite 2006

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-025 - Vulnerability in Microsoft Office Could Allow Remote Code
Execution (934873)
- Affected Software:
- Office 2000 Service Pack 3
- Office XP Service Pack 3
- Office 2003 Service Pack 2
- 2007 Microsoft Office System
- Microsoft Office 2004 for Mac

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-026 - Vulnerabilities in Microsoft Exchange Could Allow Remote
Code Execution (931832)
- Affected Software:
- Exchange 2000 Server Service Pack 3 with the Exchange 2000
Post-Service Pack 3 Update Rollup
- Microsoft Exchange Server 2003 Service Pack 1
- Microsoft Exchange Server 2003 Service Pack 2
- Microsoft Exchange Server 2007

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-027 - Cumulative Security Update for Internet Explorer (931768)
- Affected Software:
- Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service
Pack 4
- Internet Explorer 6 Service Pack 1 when installed on Windows
2000 Service Pack 4
- Internet Explorer 6 for Windows XP Service Pack 2
- Internet Explorer 6 for Windows XP Professional x64 Edition
- Internet Explorer 6 for Windows XP Professional x64 Edition
Service Pack 2
- Internet Explorer 6 for Windows Server 2003 Service Pack 1 and
Windows Server 2003 Service Pack 2
- Internet Explorer 6 for Windows Server 2003 with SP1 for Itanium-based
Systems and Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 6 for Windows Server 2003 x64 Edition
Service Pack 1 and Windows Server 2003 x64 Edition Service
Pack 2
- Internet Explorer 7 for Windows XP Service Pack 2
- Internet Explorer 7 for Windows XP Professional x64 Edition
- Internet Explorer 7 for Windows XP Professional x64 Edition
Service Pack 2
- Windows Internet Explorer 7 for Windows Server 2003 Service
Pack 1 and Windows Server 2003 Service Pack 2
- Internet Explorer 7 for Windows Server 2003 with SP1 for
Itanium-based Systems and Windows Server 2003 with SP2 for
Itanium-based Systems
- Internet Explorer 7 for Windows Server 2003 x64 Edition
Service Pack 1 and Windows Server 2003 x64 Edition Service
Pack 2
- Windows Internet Explorer 7 in Windows Vista
- Windows Internet Explorer 7 in Windows Vista x64 Edition

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-028 - Vulnerability in CAPICOM Could Allow Remote Code
Execution (931906)
- Affected Software:
- CAPICOM
- Platform SDK Redistributable: CAPICOM
- BizTalk Server 2004 Service Pack 1
- BizTalk Server 2004 Service Pack 2

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-029 - Vulnerability in RPC on Windows DNS Server Could Allow
Remote Code Execution (935966)
- Affected Software:
- Windows 2000 Server Service Pack 4
- Windows Server 2003 Service Pack 1
- Windows Server 2003 Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2003 x64 Edition Service Pack 1
- Windows Server 2003 x64 Edition Service Pack 2

- Impact: Remote Code Execution
- Version Number: 1.0

Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=89795

Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates.
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

Microsoft Support Lifecycle for Business and Developer Software ===============================================================
The Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time that the product is released. Under this policy, Microsoft will offer a minimum of ten years of support. This includes five years of Mainstream Support and five years of Extended Support for Business and Developer products. Microsoft will continue to provide security update support, at a supported Service Pack level, for a minimum of ten years through the Extended support phase. For more information about the Microsoft Support Lifecycle, visit http://support.microsoft.com/lifecycle/ or contact your Technical Account Manager.

Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:

http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:

http://www.microsoft.com/technet/security/bulletin/notify.mspx

* Join Microsoft's webcast for a live discussion of the technical
details of these security bulletins and steps you can take
to protect your environment. Details about the live webcast
can be found at:

www.microsoft.com/technet/security/bulletin/summary.mspx

The on-demand version of the webcast will be available 24 hours
after the live webcast at:

www.microsoft.com/technet/security/bulletin/summary.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:

http://www.microsoft.com/technet/security/bulletin/info/swdist.mspx

Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:

- - Manuel Santamarina Suarez, working with TippingPoint
(http://www.tippingpoint.com/) and Zero Day Initiative
(http://www.zerodayinitiative.com/), for reporting an issue
described in MS07-023.

- - Greg MacManus of iDefense Labs (http://labs.idefense.com/) for
reporting an issue described in MS07-023.

- - Craig Schmugar of McAfee Avert Labs (http://www.avertlabs.com/)
for working with us on an issue described in MS07-024.

- - Andreas Marx of AV-Test (http://www.av-test.org/) for working with
us on an issue described in MS07-024.

- - Jun Mao, working with iDefense Labs (http://labs.idefense.com/),
for reporting an issue described in MS07-024.

- - Martijn Brinkers of Izecom (http://www.izecom.com/) for reporting
an issue described in MS07-026.

- - Alexander Sotirov of Determina Security Research
(http://www.determina.com/security.research) for reporting an
issue described in MS07-026.

- - Joxean Koret, working with the iDefense (http://labs.idefense.com/)
Vulnerability Contributor Program, for reporting an issue
described in MS07-026.

- - TippingPoint (http://www.tippingpoint.com/) and Zero Day
Initiative (http://www.zerodayinitiative.com/) for reporting an
issue described in MS07-027.

- - JJ Reyes of Secunia Research (http://secunia.com/) for reporting
an issue described in MS07-027.

- - cocoruder of Fortinet Security Research (http://www.fortinet.com/)
for reporting an issue described in MS07-027.

- - Chris Ries of VigilantMinds Inc. (http://www.vigilantminds.com/)
for reporting the issue described in MS07-028.

- - Mark Hofman of SANS ISC Handlers (http://isc.sans.org/) for
working with us on the issue described in MS07-029.

- - Bill O'Malley with the Information Security Office at Carnegie
Mellon University (http://www.cmu.edu/iso/) for working with us
on the issue described in MS07-029.

********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIUAwUBRkCq64lDklrxMhdPAQJnPA/47IeMM3z5gdsn6WA5RArTENPSKrcD5vLO
cOD0MzfWx6DHduMNPDygMp8wH0e2vMoTrvnAH1i5xpf0wPZgBsfC8mRnY4+aqKpb
hb5KZt7qOOowcOlFKHMMgsCK6rkp8D9/SKdRm/1oi+INRs25gNTV19x9R7nLac10
YBvo9dyzfJcpwi8JZbhg5nZpNiJ2wUOX7/RFoTOBxIGJe534UiaiOdfzjW9vX1cw
tgoSpntnYgnBGhZck8hkBm2rxF8o9SnoBj6dXdjhq4qjfyKYbEL684EwpE225HN1
6Rj72VZ9oNjRmTOag6RZDrO+L6o4U9Dc5FIqA04m3o5H4iPYLOgGvDL0vle/6Wt6
yNmHNfnqD8eFQyQUWeH9KMDlsEbZ2+pRt3BgFVcovQh1PO4nmeXpvr1fR+49dwww
+vquEtnfMO3oeAfUFXNCOl1GupCPZJdOyjRS1C6kBJryJq9nNfs8BQEUzEQ2Q0LO
poOHdph540yRcsi29bL7WN8vd+RtOUAee4TuJBsF/IsodMd0IvD+PD3bJeVQSx8r
mMIFA82j1CSaAgN0HdUP0XGFXzuRWQoOglJziwsZ4vAHuTqzlDZTNYE3I6XoPRNl
MSzaXlnBEr9LFkLbve2MsKOS+ws6J+to4iXAohc09m4Q2xwFYfElHa4GIAjUDVNI
wLW24y/oFg==
=s+BK
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Summary for April 2007
Issued: April 03, 2007
Version Number: 1.0
Bulletin Summary: http://go.microsoft.com/fwlink/?LinkId=87050
********************************************************************

Summary:
========
This Bulletin Summary contains information about Microsoft Security Bulletin MS07-017, released today. Microsoft will update this bulletin summary with any other security bulletins that release on April 10 or on any other day of the month, as deemed appropriate.

Critical Security Bulletin
===========================

MS07-017 - Vulnerability in GDI Could Allow Remote Code
Execution (925902)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 Service Pack 2
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Vista
- Windows Vista x64 Edition

- Review the FAQ section of bulletin MS07-O17 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)

- Impact: Remote Code Execution
- Version Number: 1.0

Update Availability:
===================
An update is available to address these issues.
For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=87050

http://www.microsoft.com/technet/security/secnews/default.mspx

http://www.microsoft.com/technet/security/bulletin/notify.mspx

www.microsoft.com/technet/security/bulletin/summary.mspx

The on-demand version of the webcast will be available 24 hours
after the live webcast at:

www.microsoft.com/technet/security/bulletin/summary.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

http://www.microsoft.com/technet/security/bulletin/info/swdist.mspx

Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:

- - Alexander Sotirov of Determina Security Research
(http://www.determina.com/)
for reporting the issue described in MS07-017.

- - McAfee (http://www.mcafee.com/)
for working with us on the issue described in MS07-017.

- - iDefense (http://labs.idefense.com/)
for reporting the issue described in MS07-017.

- - Shaun Colley of NGS Software
(http://www.ngssoftware.com/)
for reporting the issue described in MS07-017.

- - Thomas Phinney of Adobe Systems
(http://www.adobe.com/)
for reporting the issue described in MS07-017.

- - Sergey Svinolobov
for reporting the issue described in MS07-017.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBRhKdy4lDklrxMhdPAQJR+RAAmaFw0StuHBDcJGl5U0IYZ9Dqqf9+ukLX
j4I6wwGPEG8LLTFofiMyVaFR4jCRkzHbVtKn+gn/YpDpFe41k2bftzdJ3s4ZcDgj
+QImoghgoNYmtW8L7yPbxv3P3hu4qAfmCKzhAZ/JteEEKO8U6KNuQibjD5jWAtMT
MW8Qw93kyOE6Urdp93IDvUlXAUKHv9ZEpleWwkWm7hvUm0Ksht+qfQ+9ykUxeT4l
8eGtWtzveEGLK+X6fwSC249VGMducnjP+a1q6J3M8qQiBDqfTNIkAT6+xKlgtLhZ
nSz02Gh4vWTBRnTn6rkLIJJR/OcAjB1kJOOcSHBEjQK/+yOlj7GKtp6Q4iT3uOaC
uWrkOsl9E7Tt0kuRwrfVpBZlWZU4k3JwLG3nKgvd3siiENAfpu1MgntYDNkBxS2W
90M3TS3Z55WbjmixDg3etKjDyq1OQgLawtFpcCarrF9j+Pw64XAB1ZMbVNh+q9QZ
WOXxAQs98zbtQ/6Td6/wajW0QG6i2Bl83JVjO6veVUrY5vVMag6krKpC6NpeUiPE
e3h+CE3hVcwPkB1KwxXKDmNp4rv8TQ9tVquCPqmdk3uA7ZLkWn/K/ZIIPBXLKzPv
D6GOmyeY51mZ7YlK3A8iRiraqsJo9CBI0VNcJqOHNHyRsIPmlFdHvzvwRuvA8QIu
MBqSTSyurnY=
=Ho9u
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Summary for March 2007
Issued: March 13, 2007
Version Number: 1.0
Bulletin Summary: http://go.microsoft.com/fwlink/?LinkId=85543
********************************************************************

Summary:
========

Microsoft has not released any security bulletins on March 13, 2007.

http://www.microsoft.com/technet/security/secnews/default.mspx

http://www.microsoft.com/technet/security/bulletin/notify.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBRfbTeIlDklrxMhdPAQIa/w//VX2xraz8/rSrnWDa4JRHeV3+K+P8jJP4
MaUM1qfjo+LQe1pBx7QHqSsM38OGxoQR9jgawG1nzEmbT89fodZqEUzRx/6aK4a4
VnkwYkud0on+MfCAU2snIEKZHQSAFhZxnEPjGYd/W8BjArhgewb0QovtBw38n4nK
71RufPQM46947fG0B3cjzllT/VPE8tiHw0Y9fNNHk+5FBHbSjXrldYHYooRNd3Nh
PgjyIGmxg3WZk7mhF7hgcoTaIY3IUxWxFOt8tn7S0+N/xbZSTR3J54NAOc70FVuj
h1jhOrDQ9ze2O3KB5FW4CMJY9SGvUxhSxYRYpeuAhAWrATYhRAp5Vr+0XdvBXWSa
DLbTGrOhS4TpvqTvUOwSKJNQHIxqU0kKk70CaeRUGyRKOgto/oc3dNeGsT/UnQTu
v0q+utmgktBmuXQBHVJlBwil6iQAY05hl0wRHnAMhmCTOTTFL65+FXq+NhE4flKs
/YniZsFO79LNT2A2zyydpS+YOs77aGIrkqQbrUeo3mEfRV4kcj/pmNCvloRzy01k
UgegEmAHtmCc4MjeT05xQN+lcNVFDIOcciKDYQ7l5SxN3k2gwrm9oUMRFz3icj/s
sBLFmJ2dGiey0FAjYbgAzk8mVhpnrS/jXJ4KZO812dvKiL+OKgvuzVi5rN06RhWJ
ovLiRmWgBbY=
=4bQM
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Summary for February 2007
Issued: February 13, 2007
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=82739
********************************************************************

Summary:
========
This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS07-008 - Vulnerability in HTML Help ActiveX Control Could Allow
Remote Code Execution (928843)

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-009 - Vulnerability in Microsoft Data Access Components (MDAC)
Function Could Allow Remote Code Execution (927779)

- Affected Software:

- Windows 2000 SP4
- Windows XP SP2
- Windows Server 2003
- Windows Server 2003 on Itanium-based Systems

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-010 - Vulnerability in Microsoft Malware Protection Engine
Could Allow Remote Code Execution (932135)

- Affected Software:
- Windows Live OneCare
- Microsoft Antigen for Exchange 9.x
- Microsoft Antigen for SMTP Gateways 9.x
- Microsoft Windows Defender
- Microsoft Windows Defender x64 Edition
- Microsoft Windows Defender in Windows Vista
- Microsoft Forefront Security for Exchange Server
- Microsoft Forefront Security for SharePoint

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-014 - Vulnerability in Microsoft Word Could Allow Remote Code
Execution (929434)

- Affected Software:
- Office 2000 Service Pack 3
- Office XP Service Pack 3
- Office System 2003
- Microsoft Office 2004 for Mac
- Microsoft Office v.X for Mac
- Microsoft Works Suites 2004, 2005, and 2006

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-015 - Vulnerabilities is Microsoft Office Could Allow Remote Code Execution (932554)

- Affected Software:
- Office 2000 Service Pack 3
- Office XP Service Pack 3
- Office 2003 Service Pack 2
- Microsoft Office 2004 for Mac

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-016 - Cumulative Security Update for Internet (928090)

- Impact: Remote Code Execution
- Version Number: 1.0

Important Security Bulletins
============================

MS07-005 - Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)

- Affected Software:
- Windows 2000 SP4
- Windows XP SP2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 SP1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-006 - Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)

- Affected Software:
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Impact: Elevation or Privilege
- Version Number: 1.0

MS07-007 - Vulnerability in Windows Image Acquisition Service Could Allow Remote Code Execution (927802)

- Affected Software:
- Windows XP Service Pack 2

- Impact: Elevation or Privilege
- Version Number: 1.0

MS07-011 - Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436)

- Affected Software:

- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-012 - Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667)

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-013 - Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Office 2000 Service Pack 3
- Office 2000 Multilanguage Packs
- Office XP Service Pack 3 (all versions and products included in the
Office XP suite)
- Office 2003 Service Pack 2
- Learning Essentials 1.0
- Learning Essentials 1.1
- Learning Essentials 1.5
- Global Input Method Editor for Office 2000 (Japanese)
- Office 2004 for Mac
- Office v.X for Mac

- Impact: Remote Code Execution
- Version Number: 1.0

http://www.microsoft.com/technet/security/secnews/default.mspx

http://www.microsoft.com/technet/security/bulletin/notify.mspx

www.microsoft.com/technet/security/bulletin/summary.mspx

The on-demand version of the webcast will be available 24 hours
after the live webcast at:

www.microsoft.com/technet/security/bulletin/summary.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:
- Brett Moore of Security-Assessment.com (http://www.security-assessment.com)
for reporting an issue described in MS07-005.
- Fabrice Desclaux of EADS Common Research Center
(http://www.eads.net) for reporting an issue described in MS07-012.
- Kostya Kortchinsky of Immunity, Inc
(http://www.immunityinc.com) for reporting an issue described in MS07-012.
- Kostya Kortchinsky of Immunity, Inc
(http://www.immunityinc.com)for reporting an issue described in MS07-011.
- Kostya Kortchinsky of Immunity, Inc
(http://www.immunityinc.com)for reporting an issue described in MS07-013.
- HD Moore of the BreakingPoint Systems
(http://www.bpointsys.com)for reporting an issue described in MS07-008.
- Shih-hao Weng of Information and Communication Security Technology Center
(http://www.icst.org.tw)for reporting an issue described in MS07-014.
- USAA (https://www.usaa.com)for reporting an issue described in MS07-014.
- Neel Mehta and Alex Wheeler of ISS X-Force
(http://xforce.iss.net) for reporting an issue described in MS07-010.
- H D Moore of BreakingPoint Systems
(http://www.bpointsys.com) for reporting an issue described in MS07-016.
- iDefense (http://idefense.com/) for reporting an issue described in MS07-016.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBRdIxvolDklrxMhdPAQIY/xAAqaVpEY1Gf77pSk6rfKWFYziuMggOoo4w
Soa8ScfRrl5lAqLpp08FyPmoG9Xo8n8+Wi4f5kZ82IR4mDCW+KhZ4U++8BDT7o0v
2RdJv/BWlf15iESzCZbBOwl6cPI8fN+4WsiTkWRtAnKMISuekyJT6DyC8MOuVJ/9
JU80dybUxtwMg/5IHg3jUVm9tm2a0q1CpVg66dox+b+sT3Ko5Nj0KN3UpkqzXI16
kp6tPz/cVQYfjpQ8c2E6OFxwscd6alxZg+le43IqeVX+KW+1v0idPECFbWQCw0Dl
oUFgonkpoLrO1cGKFqAYLKGNGsD5v6DlhE2qzo5tNmA0W6VjkTuHuJwgKXz7lkx8
FAE5YwBHo8XatwY0Uo1El7HhkfvEyFig/XJJUSw6Q6x0lVUmqOiTOlI2E8VyTe6D
wWoMqkjEP0oTpWQqvaIadfY0QHzrPzhnGpbyAFpwMvNE5RkdjE5zzvjZKJETuZ6E
f3PenjD9DCNc90Phz/3IMwN2LpH4ATfOV+vUJLkw3FoyH4jpnCr3YFWExyuAqYdC
gmp7z55SM/IunN9HzkSOvHTWizTqCnn0miFmErOuiaGQZLNeKX3Y2Me0tZZB+AFH
W6cU71Qwa8IwmDk5AqR/8PipbX1vS9nino/c9Du5P6K8NpVitqyfcWU9RwG/RyyU
SpNQNK/k418=
=35pN
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: January 18, 2007
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS07-002

Bulletin Information:
=====================

* MS07-002

- http://www.microsoft.com/technet/security/bulletin/ms07-002.mspx
- Reason for Revision: Bulletin has been revised and re-released
for Microsoft Excel 2000 to address the issues identified in
Microsoft Knowledge Base Article 931183.
- Originally posted: January 9, 2007
- Updated: January 18, 2007
- Bulletin Severity Rating: Critical
- Version: 2.0

********************************************************************

Support:
========
Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131

International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

http://www.microsoft.com/technet/security/secnews/default.mspx

http://www.microsoft.com/technet/security/bulletin/notify.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

********************************************************************
THE INFORMATION PROVIDED IN THE THIS EMAIL IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBRa/V8YlDklrxMhdPAQKSJA//SpEKXA4+JeV5/UyATriDaQHXvAHLePUC
4DpIPDZs8LPknq1Nu/JiRXGnmNkSAw3/48S1yaLtounCNGOsx5hJpNbnRDW1/ocB
mgnt2kNBJ8CSePTzNhRPjETT7XVzPTm8M8++KU/z8+FjunF2VnjVaLnZYvxq0+aw
MTixNqMidNoEsG28sQF9Y5Ge52we8vIrMciart/jv+fdwX/tzSltNfZbytECZHpy
3r7TfACVbFZawD0zNuthxNa6pvt3zvyVMRU+7LZmAH1eMDSARI1PUoZiEIxLaegN
/KWJgBnl5S8D06PwOOKJwaWlU1jlhTF2BKzt+lKF29dXDLsUC2tBn8DfwLOhS5MF
+LmRLzZmqb81FueGXI2RrI5FBvEi5ZNA4cBX7YPuQ1rahH+2n8BC49IIwRxGfvLz
JBVsHPKoX2TJrlDuyols96YrlX8mqu4vJ1dNxNhgyLL7xI5yMQNXcwZcPIXCsG5N
dxz3qIlfoM/uDINybUurkszN/3tNCMHPwR1Xl45e/ONFHGo0l9+3XeMW8Zpcbasj
NZe9Cuw4dzBnEMgOS21zxixB/ZsN6/QaKYh4HjbuyoXuS1fl3u33nduUvXNRJ/Kv
MorjMTgdC/otWU7ZYN1IwjdVgb0J1UGqA+fSUHCZPwKSIifysjfyYbyaNGW3Tj0H
MynnCOAr0Hk=
=EIdI
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Summary for January 2007
Issued: January 09, 2007
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=80465
********************************************************************

Summary:
========
This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS07-002 - Vulnerabilities in Microsoft Excel Could Allow Remote
Code Execution (927198)

- Affected Software:
- Excel 2000
- Excel 2002
- Excel 2003
- Excel Viewer 2003
- Microsoft Works Suites 2004 and 2005
- Microsoft Office 2004 for Mac
- Microsoft Office v.X for Mac

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-003 - Vulnerabilities in Microsoft Outlook Could Allow Remote
Code Execution (925938)

- Affected Software:
- Outlook 2000
- Outlook 2002
- Outlook 2003

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-004 - Vulnerability in Vector Markup Language Could Allow
Remote Code Execution (929969)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service
Pack 4
- Internet Explorer 6 Service Pack 1 on Windows 2000 Service
Pack 4
- Internet Explorer 7 on Windows XP Service Pack 2
- Internet Explorer 7 on Windows Server 2003 and Windows Server
2003 Service Pack 1
- Internet Explorer 7 on Windows XP Professional x64 Edition
- Internet Explorer 7 on Windows Server 2003 for Itanium-based
Systems
- Internet Explorer 7 on Windows Server 2003 x64 Edition

- Impact: Remote Code Execution
- Version Number: 1.0

Important Security Bulletins
============================

MS07-001 - Vulnerability in Microsoft Office 2003 Brazilian
Portuguese Grammar Checker That Could Allow Remote Code
Execution (921585)

- Affected Software:
- Office 2003 Service Pack 2 (Brazilian Portuguese Version)
- Microsoft Office Multilingual User Interface 2003 Service Pack
2
- Microsoft Project Multilingual User Interface 2003 Service Pack
2
- Microsoft Visio Multilingual User Interface 2003 Service Pack 2
- Microsoft Office Proofing Tools 2003 Service Pack 2

- Impact: Remote Code Execution
- Version Number: 1.0

http://www.microsoft.com/technet/security/secnews/default.mspx

http://www.microsoft.com/technet/security/bulletin/notify.mspx

www.microsoft.com/technet/security/bulletin/summary.mspx

The on-demand version of the webcast will be available 24 hours
after the live webcast at:

www.microsoft.com/technet/security/bulletin/summary.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:

- - Jeff Gennari of CERT
(https://www.securecoding.cert.org), and
Jie Ma of Fortinet Security Research Team
(http://www.fortinet.com/), and
NSFocus Security Team
(http://www.nsfocus.com/), and
Greg MacManus of IDefense Labs
(http://labs.idefense.com/)
for reporting an issue described in MS07-002.

- - Lurene Grenier of Sourcefire
(http://www.sourcefire.com/) and
Stuart Pearson of Computer Terrorism
(http://www.computerterrorism.com/)
for reporting an issue described in MS07-003.

- - iDefense
(http://labs.idefense.com/)
for reporting an issue described in MS07-004.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBRaPckIlDklrxMhdPAQJ1lg//XCZUrB1TBas2e0+GjJ8yCfq2KAewC2XK
zkKQ6kx0Yxkkd1Bnp7vm2iXoGXjaT3UvwxY4xOrt0tXZIvkcaPZKJSLk3EWk4slG
U6N3IytCRUJjU/Dtp1tqq4oVdST6oIH/X/s8AZgTBo31UHTrpLw+KGuqdmNvjLKm
yJLua3yOqf8HnqJz1KI/CfTPCNjB5s4qjoq58E+mbgqSw7omm9Xw0DqAeocVaLxA
mdP1hYD7YtH0pHnO+XZewqKJx85eco4BM5wS3tzNlEUNumZNC3A/DC+M7hXT/Jbn
lugUmT6/1Ss4CHnnIR82RAXzkqC/whijjtiKZRJUQHMwM+u9LGMZDxqq37TnKgFj
XlANFToQQSOPsCjxn16oR6rWHIWnIn3yIayOWF+YPecGn+m14Rvah2mi9Ukc1E23
hyzQrmbtq2W7+e/0nSAK6rjemMT/F8hZt5RMKC2c+pelRgKAzhZ+pqbFxC4vmbhM
WqNL9If/fQ5GR+JkYn5OQ8qMAIHLqmvoQEjH2QTnczDrOm0r5pd1X9MzMDI9X6AG
sya/uBUakHuCbai5NLQREgL+silMM1icaVC5179Jtm01pJY4M8AVDSBzjb21AK5W
d7ZL9pduK+b2prXCh0snL9z2VfMLogZOMUVaimtcxOj0R+d4c2lx47u/WNhwcw+O
/OV78nuDXLM=
=9dmu
-----END PGP SIGNATURE-----