Microsoft to fix six holes on July Patchday
In its advance notification of the upcoming Patch Tuesday, Microsoft has listed six security bulletins, including three that describe "critical" vulnerabilities and two that explain weaknesses which can also be exploited for remote code injection and execution, but with a severity rated as "important" rather than "critical".
One of the critical vulnerabilities affects all Windows server variants, another is related to versions 1.0, 1.1 and 2.0 of the .Net framework under all operating system versions, and the third critical flaw affects Excel 2000, 2003 and 2007 and also the Office Compatibility Pack for Word, Excel and PowerPoint 2007 file formats. Excel Viewer is also vulnerable.
One security bulletin is related to a hole in Publisher 2007, with a severity rating of "important". Another important vulnerability exists in Windows XP with Service Pack 2. The 6th update to be released on upcoming Patch Tuesday will fix bugs in Windows Vista, which may be exploited to gain access to protected information.
As in previous months, Microsoft has also released an update for its Malicious Software Removal Tool, which is designed to check systems for known and widespread infections and help remove them.
Although Microsoft's advance notifications now provide more detailed information on the announced patches, it is difficult to find out precisely which vulnerabilities the updates refer to. For instance, it is not possible to determine whether the security vulnerability within an Office 2003 ActiveX module disclosed shortly after June patchday will be fixed by one of these patches.
- Microsoft Security Bulletin Advance Notification for July 2007, advance notification of Microsoft's upcoming Patch Tuesday