Microsoft Security Bulletins for May 2007

05-08-2007

Microsoft has released the following security bulletins today:

MS07-023 - Vulnerabilities in Microsoft Excel Could Allow Remote Code
Execution (934233)
http://www.microsoft.com/technet/sec.../MS07-023.mspx
-- Affected Software: Office 2000, Excel 2000, Office XP, Excel 2002,
Office 2003, Excel 2003, Excel Viewer 2003, Office System 2007, Excel 2007,
Office 2004 for Macintosh

MS07-024 - Vulnerabilities in Microsoft Word Could Allow Remote Code
Execution (934232)
http://www.microsoft.com/technet/sec.../MS07-024.mspx
-- Affected Software: Office 2000, Word 2000, Office XP, Word 2002, Office
2003, Word 2003, Word Viewer 2003, Office 2004 for Macintosh, Works 2004,
Works 2005, Works 2006

MS07-025 - Vulnerability in Microsoft Office Could Allow Remote Code
Execution (934873)
http://www.microsoft.com/technet/sec.../MS07-025.mspx
-- Affected Software: Office 2000, Excel 2000, FrontPage 2000, Publisher
2000, Office XP, Excel 2002, FrontPage 2002, Publisher 2002, Office 2003,
Excel 2003, FrontPage 2003, Publisher 2003, Excel Viewer 2003, Office System
2007, Excel 2007, Publisher2007, SharePoint Designer 2007, Expression Web,
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats , Office 2004 for Macintosh

MS07-026 - Vulnerabilities in Microsoft Exchange Could Allow Remote Code
Execution (931832)
http://www.microsoft.com/technet/sec.../MS07-026.mspx
-- Affected Software: Exchange 2000 Server, Exchange Server 2003, Exchange
Server 2007

MS07-027 - Cumulative Security Update for Internet Explorer (931768)
http://www.microsoft.com/technet/sec.../MS07-027.mspx
-- Affected Software: Windows 2000 Server, Windows 2000 Professional,
Windows 2000 Datacenter Server, Windows 2000 Advanced Server, Windows XP
Home Edition, Windows XP Professional, Windows XP Professional 64-Bit
Edition, Windows Server 2003 for Small Business Server, Windows Server 2003,
Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server
2003, Standard Edition, Windows Server 2003, Web Edition, Windows Server
2003 Datacenter Edition for Itanium-based Systems, Windows Server 2003
Enterprise Edition for Itanium-based Systems, Internet Explorer 5.01,
Windows Server 2003 Datacenter x64 Edition, Windows Server 2003 Enterprise
x64 Edition, Windows Server 2003 Standard x64 Edition, Windows Vista,
Windows Vista x64, Internet Explorer 6.0, Internet Explorer 6.0 for Windows
XP Service Pack 2, Internet Explorer 6 for Microsoft Windows XP Professional
x64 Edition, Internet Explorer 6.0 for Windows Server 2003, Internet
Explorer 6 for Microsoft Windows Server 2003 x64 Edition, Internet Explorer
6 for Microsoft Windows Server 2003 for Itanium-based Systems, Internet
Explorer 7.0 for Windows XP Service Pack 2 , Internet Explorer 7.0 For
Windows 2003, Internet Explorer 7 for Windows 2003 for Itanium, Internet
Explorer 7 for Windows 2003 x64 Edition, Internet Explorer 7.0 for Windows
Vista, Internet Explorer 7.0 for Windows Vista x64

MS07-028 - Vulnerability in CAPICOM Could Allow Remote Code Execution
(931906)
http://www.microsoft.com/technet/sec.../MS07-028.mspx
-- Affected Software: CAPICOM, Platform SDK Redistrubutable: CAPICOM,
BizTalk Server 2004

MS07-029 - Vulnerability in Windows DNS RPC Interface Could Allow Remote
Code Execution (935966)
http://www.microsoft.com/technet/sec.../MS07-029.mspx
-- Affected Software: Windows 2000 Server, Windows 2000 Professional,
Windows 2000 Datacenter Server, Windows 2000 Advanced Server, Windows Server
2003 for Small Business Server, Windows Server 2003, Datacenter Edition,
Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard
Edition, Windows Server 2003, Web Edition, Windows Server 2003 Datacenter
Edition for Itanium-based Systems, Windows Server 2003 Enterprise Edition
for Itanium-based Systems, Windows Server 2003 Datacenter x64 Edition,
Windows Server 2003 Enterprise x64 Edition, Windows Server 2003 Standard x64
Edition

Don't forget to read the CAVEATS in each security bulletins (if any).

References:
MS Security Bulletins for end-users:
http://www.microsoft.com/athome/secu...ns/200705.mspx
MS Security Bulletins for IT Pro:
http://www.microsoft.com/technet/sec.../ms07-may.mspx
MS Response Center Blog: http://blogs.technet.com/msrc/default.aspx

Please note, Microsoft NEVER send security updates via e-mail. Download the
updates only from the vendors website - visit Windows Update and Office
Update or Microsoft Update websites. You may also get the updates thru
Automatic Updates functionality in Windows system.

Webcast:
Microsoft will host a webcast tomorrow. The webcast focuses on addressing
your questions and concerns about the security bulletins. Therefore, most of
the live webcast is aimed at giving you the opportunity to ask questions and
get answers from their security experts.
Start Date: Wednesday, May 09, 2007 11:00 AM Pacific Time (US & Canada)
Presenters: Christopher Budd, CCE, CISA, CISM, CISSP, ISSMP Security Program
Manager, Microsoft Corporation and Mike Reavey, Lead Security Program
Manager, Microsoft Corporation
http://msevents.microsoft.com/CUI/We...CountryCode=US

Tool:
Check your system for missing or misconfigured patches using Microsoft
Baseline Security Analyzer (MBSA)
http://www.microsoft.com/technet/sec.../mbsahome.mspx

Support:
Call Microsoft at 1-866-PCSAFETY for issues on security patches if you are
in the US and Canada. For other location, go here:
http://support.microsoft.com/common/international.aspx

--
Regards,
Donna Buenaventura
Windows Security MVP
w: http://cou.dozleng.com
b: http://msmvps.com/donna

05-08-2007

Maybe in a few hours they will do that, but right now many of the links in
your post get me nothing.

05-08-2007

Also:
Non-Security, High-Priority Updates on MU, WU, WSUS and SUS

* Microsoft has released six non-security, high-priority updates on
Microsoft Update (MU) and Windows Server Update Services (WSUS).
* Microsoft has released one non-security, high-priority update for Windows
on Windows Update (WU) and Software Update Services (SUS).

Note that this information pertains only to non-security, high-priority
updates on Microsoft Update, Windows Update, Windows Server Update Services,
and Software Update Services released on the same day as the security
bulletin summary. Information will not be provided about non-security
updates released on other days.

"Donna Buenaventura" <dbuenaventura@mvps.org> wrote in message
news:7B848EAA-F796-450C-AF93-59D9ED3B4336@microsoft.com...
> Microsoft has released the following security bulletins today:
>
> MS07-023 - Vulnerabilities in Microsoft Excel Could Allow Remote Code
> Execution (934233)
> http://www.microsoft.com/technet/sec.../MS07-023.mspx
> -- Affected Software: Office 2000, Excel 2000, Office XP, Excel 2002,
> Office 2003, Excel 2003, Excel Viewer 2003, Office System 2007, Excel
> 2007, Office 2004 for Macintosh
>
> MS07-024 - Vulnerabilities in Microsoft Word Could Allow Remote Code
> Execution (934232)
> http://www.microsoft.com/technet/sec.../MS07-024.mspx
> -- Affected Software: Office 2000, Word 2000, Office XP, Word 2002, Office
> 2003, Word 2003, Word Viewer 2003, Office 2004 for Macintosh, Works 2004,
> Works 2005, Works 2006
>
> MS07-025 - Vulnerability in Microsoft Office Could Allow Remote Code
> Execution (934873)
> http://www.microsoft.com/technet/sec.../MS07-025.mspx
> -- Affected Software: Office 2000, Excel 2000, FrontPage 2000, Publisher
> 2000, Office XP, Excel 2002, FrontPage 2002, Publisher 2002, Office 2003,
> Excel 2003, FrontPage 2003, Publisher 2003, Excel Viewer 2003, Office
> System 2007, Excel 2007, Publisher2007, SharePoint Designer 2007,
> Expression Web, Microsoft Office Compatibility Pack for Word, Excel, and
> PowerPoint 2007 File Formats , Office 2004 for Macintosh
>
> MS07-026 - Vulnerabilities in Microsoft Exchange Could Allow Remote Code
> Execution (931832)
> http://www.microsoft.com/technet/sec.../MS07-026.mspx
> -- Affected Software: Exchange 2000 Server, Exchange Server 2003, Exchange
> Server 2007
>
> MS07-027 - Cumulative Security Update for Internet Explorer (931768)
> http://www.microsoft.com/technet/sec.../MS07-027.mspx
> -- Affected Software: Windows 2000 Server, Windows 2000 Professional,
> Windows 2000 Datacenter Server, Windows 2000 Advanced Server, Windows XP
> Home Edition, Windows XP Professional, Windows XP Professional 64-Bit
> Edition, Windows Server 2003 for Small Business Server, Windows Server
> 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows
> Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows
> Server 2003 Datacenter Edition for Itanium-based Systems, Windows Server
> 2003 Enterprise Edition for Itanium-based Systems, Internet Explorer 5.01,
> Windows Server 2003 Datacenter x64 Edition, Windows Server 2003 Enterprise
> x64 Edition, Windows Server 2003 Standard x64 Edition, Windows Vista,
> Windows Vista x64, Internet Explorer 6.0, Internet Explorer 6.0 for
> Windows XP Service Pack 2, Internet Explorer 6 for Microsoft Windows XP
> Professional x64 Edition, Internet Explorer 6.0 for Windows Server 2003,
> Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition,
> Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based
> Systems, Internet Explorer 7.0 for Windows XP Service Pack 2 , Internet
> Explorer 7.0 For Windows 2003, Internet Explorer 7 for Windows 2003 for
> Itanium, Internet Explorer 7 for Windows 2003 x64 Edition, Internet
> Explorer 7.0 for Windows Vista, Internet Explorer 7.0 for Windows Vista
> x64
>
> MS07-028 - Vulnerability in CAPICOM Could Allow Remote Code Execution
> (931906)
> http://www.microsoft.com/technet/sec.../MS07-028.mspx
> -- Affected Software: CAPICOM, Platform SDK Redistrubutable: CAPICOM,
> BizTalk Server 2004
>
> MS07-029 - Vulnerability in Windows DNS RPC Interface Could Allow Remote
> Code Execution (935966)
> http://www.microsoft.com/technet/sec.../MS07-029.mspx
> -- Affected Software: Windows 2000 Server, Windows 2000 Professional,
> Windows 2000 Datacenter Server, Windows 2000 Advanced Server, Windows
> Server 2003 for Small Business Server, Windows Server 2003, Datacenter
> Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003,
> Standard Edition, Windows Server 2003, Web Edition, Windows Server 2003
> Datacenter Edition for Itanium-based Systems, Windows Server 2003
> Enterprise Edition for Itanium-based Systems, Windows Server 2003
> Datacenter x64 Edition, Windows Server 2003 Enterprise x64 Edition,
> Windows Server 2003 Standard x64 Edition
>
> Don't forget to read the CAVEATS in each security bulletins (if any).
>
> References:
> MS Security Bulletins for end-users:
> http://www.microsoft.com/athome/secu...ns/200705.mspx
> MS Security Bulletins for IT Pro:
> http://www.microsoft.com/technet/sec.../ms07-may.mspx
> MS Response Center Blog: http://blogs.technet.com/msrc/default.aspx
>
> Please note, Microsoft NEVER send security updates via e-mail. Download
> the updates only from the vendors website - visit Windows Update and
> Office Update or Microsoft Update websites. You may also get the updates
> thru Automatic Updates functionality in Windows system.
>
> Webcast:
> Microsoft will host a webcast tomorrow. The webcast focuses on addressing
> your questions and concerns about the security bulletins. Therefore, most
> of the live webcast is aimed at giving you the opportunity to ask
> questions and get answers from their security experts.
> Start Date: Wednesday, May 09, 2007 11:00 AM Pacific Time (US & Canada)
> Presenters: Christopher Budd, CCE, CISA, CISM, CISSP, ISSMP Security
> Program Manager, Microsoft Corporation and Mike Reavey, Lead Security
> Program Manager, Microsoft Corporation
> http://msevents.microsoft.com/CUI/We...CountryCode=US
>
> Tool:
> Check your system for missing or misconfigured patches using Microsoft
> Baseline Security Analyzer (MBSA)
> http://www.microsoft.com/technet/sec.../mbsahome.mspx
>
> Support:
> Call Microsoft at 1-866-PCSAFETY for issues on security patches if you are
> in the US and Canada. For other location, go here:
> http://support.microsoft.com/common/international.aspx
>
> --
> Regards,
> Donna Buenaventura
> Windows Security MVP
> w: http://cou.dozleng.com
> b: http://msmvps.com/donna

05-08-2007

All links are online now except the MS Security Bulletins for end-users:
http://www.microsoft.com/athome/secu...ns/200705.mspx which
is change now to
http://www.microsoft.com/protect/com...ns/200705.mspx

Donna
"John J. Jobst" <john.j.jobst@us.army.mil> wrote in message
news:uIV2TnZkHHA.4904@TK2MSFTNGP05.phx.gbl...
> Maybe in a few hours they will do that, but right now many of the links in
> your post get me nothing.
>

05-08-2007

Hi Donna,

It would be nice if you could list the URLs and KB numbers for the
non-security updates each month too.

Donna Buenaventura wrote:
> Also:
> Non-Security, High-Priority Updates on MU, WU, WSUS and SUS
>
> * Microsoft has released six non-security, high-priority updates on
> Microsoft Update (MU) and Windows Server Update Services (WSUS).
> * Microsoft has released one non-security, high-priority update for
> Windows on Windows Update (WU) and Software Update Services (SUS).
>
> Note that this information pertains only to non-security, high-priority
> updates on Microsoft Update, Windows Update, Windows Server Update
> Services, and Software Update Services released on the same day as the
> security bulletin summary. Information will not be provided about
> non-security updates released on other days.
>
> "Donna Buenaventura" <dbuenaventura@mvps.org> wrote in message
> news:7B848EAA-F796-450C-AF93-59D9ED3B4336@microsoft.com...
>> Microsoft has released the following security bulletins today:
>>
>> MS07-023 - Vulnerabilities in Microsoft Excel Could Allow Remote Code
>> Execution (934233)
>> http://www.microsoft.com/technet/sec.../MS07-023.mspx
>> -- Affected Software: Office 2000, Excel 2000, Office XP, Excel 2002,
>> Office 2003, Excel 2003, Excel Viewer 2003, Office System 2007, Excel
>> 2007, Office 2004 for Macintosh
>>
>> MS07-024 - Vulnerabilities in Microsoft Word Could Allow Remote Code
>> Execution (934232)
>> http://www.microsoft.com/technet/sec.../MS07-024.mspx
>> -- Affected Software: Office 2000, Word 2000, Office XP, Word 2002,
>> Office 2003, Word 2003, Word Viewer 2003, Office 2004 for Macintosh,
>> Works 2004, Works 2005, Works 2006
>>
>> MS07-025 - Vulnerability in Microsoft Office Could Allow Remote Code
>> Execution (934873)
>> http://www.microsoft.com/technet/sec.../MS07-025.mspx
>> -- Affected Software: Office 2000, Excel 2000, FrontPage 2000,
>> Publisher 2000, Office XP, Excel 2002, FrontPage 2002, Publisher 2002,
>> Office 2003, Excel 2003, FrontPage 2003, Publisher 2003, Excel Viewer
>> 2003, Office System 2007, Excel 2007, Publisher2007, SharePoint
>> Designer 2007, Expression Web, Microsoft Office Compatibility Pack for
>> Word, Excel, and PowerPoint 2007 File Formats , Office 2004 for Macintosh
>>
>> MS07-026 - Vulnerabilities in Microsoft Exchange Could Allow Remote
>> Code Execution (931832)
>> http://www.microsoft.com/technet/sec.../MS07-026.mspx
>> -- Affected Software: Exchange 2000 Server, Exchange Server 2003,
>> Exchange Server 2007
>>
>> MS07-027 - Cumulative Security Update for Internet Explorer (931768)
>> http://www.microsoft.com/technet/sec.../MS07-027.mspx
>> -- Affected Software: Windows 2000 Server, Windows 2000 Professional,
>> Windows 2000 Datacenter Server, Windows 2000 Advanced Server, Windows
>> XP Home Edition, Windows XP Professional, Windows XP Professional
>> 64-Bit Edition, Windows Server 2003 for Small Business Server, Windows
>> Server 2003, Datacenter Edition, Windows Server 2003, Enterprise
>> Edition, Windows Server 2003, Standard Edition, Windows Server 2003,
>> Web Edition, Windows Server 2003 Datacenter Edition for Itanium-based
>> Systems, Windows Server 2003 Enterprise Edition for Itanium-based
>> Systems, Internet Explorer 5.01, Windows Server 2003 Datacenter x64
>> Edition, Windows Server 2003 Enterprise x64 Edition, Windows Server
>> 2003 Standard x64 Edition, Windows Vista, Windows Vista x64, Internet
>> Explorer 6.0, Internet Explorer 6.0 for Windows XP Service Pack 2,
>> Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition,
>> Internet Explorer 6.0 for Windows Server 2003, Internet Explorer 6 for
>> Microsoft Windows Server 2003 x64 Edition, Internet Explorer 6 for
>> Microsoft Windows Server 2003 for Itanium-based Systems, Internet
>> Explorer 7.0 for Windows XP Service Pack 2 , Internet Explorer 7.0 For
>> Windows 2003, Internet Explorer 7 for Windows 2003 for Itanium,
>> Internet Explorer 7 for Windows 2003 x64 Edition, Internet Explorer
>> 7.0 for Windows Vista, Internet Explorer 7.0 for Windows Vista x64
>>
>> MS07-028 - Vulnerability in CAPICOM Could Allow Remote Code Execution
>> (931906)
>> http://www.microsoft.com/technet/sec.../MS07-028.mspx
>> -- Affected Software: CAPICOM, Platform SDK Redistrubutable: CAPICOM,
>> BizTalk Server 2004
>>
>> MS07-029 - Vulnerability in Windows DNS RPC Interface Could Allow
>> Remote Code Execution (935966)
>> http://www.microsoft.com/technet/sec.../MS07-029.mspx
>> -- Affected Software: Windows 2000 Server, Windows 2000 Professional,
>> Windows 2000 Datacenter Server, Windows 2000 Advanced Server, Windows
>> Server 2003 for Small Business Server, Windows Server 2003, Datacenter
>> Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003,
>> Standard Edition, Windows Server 2003, Web Edition, Windows Server
>> 2003 Datacenter Edition for Itanium-based Systems, Windows Server 2003
>> Enterprise Edition for Itanium-based Systems, Windows Server 2003
>> Datacenter x64 Edition, Windows Server 2003 Enterprise x64 Edition,
>> Windows Server 2003 Standard x64 Edition
>>
>> Don't forget to read the CAVEATS in each security bulletins (if any).
>>
>> References:
>> MS Security Bulletins for end-users:
>> http://www.microsoft.com/athome/secu...ns/200705.mspx
>> MS Security Bulletins for IT Pro:
>> http://www.microsoft.com/technet/sec.../ms07-may.mspx
>> MS Response Center Blog: http://blogs.technet.com/msrc/default.aspx
>>
>> Please note, Microsoft NEVER send security updates via e-mail.
>> Download the updates only from the vendors website - visit Windows
>> Update and Office Update or Microsoft Update websites. You may also
>> get the updates thru Automatic Updates functionality in Windows system.
>>
>> Webcast:
>> Microsoft will host a webcast tomorrow. The webcast focuses on
>> addressing your questions and concerns about the security bulletins.
>> Therefore, most of the live webcast is aimed at giving you the
>> opportunity to ask questions and get answers from their security experts.
>> Start Date: Wednesday, May 09, 2007 11:00 AM Pacific Time (US & Canada)
>> Presenters: Christopher Budd, CCE, CISA, CISM, CISSP, ISSMP Security
>> Program Manager, Microsoft Corporation and Mike Reavey, Lead Security
>> Program Manager, Microsoft Corporation
>> http://msevents.microsoft.com/CUI/We...CountryCode=US
>>
>>
>> Tool:
>> Check your system for missing or misconfigured patches using Microsoft
>> Baseline Security Analyzer (MBSA)
>> http://www.microsoft.com/technet/sec.../mbsahome.mspx
>>
>> Support:
>> Call Microsoft at 1-866-PCSAFETY for issues on security patches if you
>> are in the US and Canada. For other location, go here:
>> http://support.microsoft.com/common/international.aspx
>>
>> --
>> Regards,
>> Donna Buenaventura
>> Windows Security MVP
>> w: http://cou.dozleng.com
>> b: http://msmvps.com/donna
>

--
Gerry Hickman (London UK)

05-08-2007

Hi,

That's going to be tough because non-security updates usually don't show up
"all-at-once" and/or no summary page for it like the security bulletins do
but there's other method to get them:
1. Go to Microsoft Update - it should detect if a system requires update
(whether it's a security update or not)
2. Go to Downloads page - http://www.microsoft.com/download and simply hit
"Go" button (without entering any text)... then sort it by hitting "release
date". All updates that is ready or just released should be at the top
3. Calendar of Updates (site I own but maintain by volunteers)
http://cou.dozleng.com - we post the updates whether high or non-high as we
find them.
4. There is feeds for all downloads as soon as it is ready:
http://www.thundermain.com/rss/

Regards,

Donna

"Gerry Hickman" <gerry666uk@newsgroup.nospam> wrote in message
news:%2335rHPbkHHA.4872@TK2MSFTNGP03.phx.gbl...
> Hi Donna,
>
> It would be nice if you could list the URLs and KB numbers for the
> non-security updates each month too.
>
> Donna Buenaventura wrote:
>> Also:
>> Non-Security, High-Priority Updates on MU, WU, WSUS and SUS
>>
>> * Microsoft has released six non-security, high-priority updates on
>> Microsoft Update (MU) and Windows Server Update Services (WSUS).
>> * Microsoft has released one non-security, high-priority update for
>> Windows on Windows Update (WU) and Software Update Services (SUS).
>>
>> Note that this information pertains only to non-security, high-priority
>> updates on Microsoft Update, Windows Update, Windows Server Update
>> Services, and Software Update Services released on the same day as the
>> security bulletin summary. Information will not be provided about
>> non-security updates released on other days.
>>
>> "Donna Buenaventura" <dbuenaventura@mvps.org> wrote in message
>> news:7B848EAA-F796-450C-AF93-59D9ED3B4336@microsoft.com...
>>> Microsoft has released the following security bulletins today:
>>>
>>> MS07-023 - Vulnerabilities in Microsoft Excel Could Allow Remote Code
>>> Execution (934233)
>>> http://www.microsoft.com/technet/sec.../MS07-023.mspx
>>> -- Affected Software: Office 2000, Excel 2000, Office XP, Excel 2002,
>>> Office 2003, Excel 2003, Excel Viewer 2003, Office System 2007, Excel
>>> 2007, Office 2004 for Macintosh
>>>
>>> MS07-024 - Vulnerabilities in Microsoft Word Could Allow Remote Code
>>> Execution (934232)
>>> http://www.microsoft.com/technet/sec.../MS07-024.mspx
>>> -- Affected Software: Office 2000, Word 2000, Office XP, Word 2002,
>>> Office 2003, Word 2003, Word Viewer 2003, Office 2004 for Macintosh,
>>> Works 2004, Works 2005, Works 2006
>>>
>>> MS07-025 - Vulnerability in Microsoft Office Could Allow Remote Code
>>> Execution (934873)
>>> http://www.microsoft.com/technet/sec.../MS07-025.mspx
>>> -- Affected Software: Office 2000, Excel 2000, FrontPage 2000, Publisher
>>> 2000, Office XP, Excel 2002, FrontPage 2002, Publisher 2002, Office
>>> 2003, Excel 2003, FrontPage 2003, Publisher 2003, Excel Viewer 2003,
>>> Office System 2007, Excel 2007, Publisher2007, SharePoint Designer 2007,
>>> Expression Web, Microsoft Office Compatibility Pack for Word, Excel, and
>>> PowerPoint 2007 File Formats , Office 2004 for Macintosh
>>>
>>> MS07-026 - Vulnerabilities in Microsoft Exchange Could Allow Remote
>>> Code Execution (931832)
>>> http://www.microsoft.com/technet/sec.../MS07-026.mspx
>>> -- Affected Software: Exchange 2000 Server, Exchange Server 2003,
>>> Exchange Server 2007
>>>
>>> MS07-027 - Cumulative Security Update for Internet Explorer (931768)
>>> http://www.microsoft.com/technet/sec.../MS07-027.mspx
>>> -- Affected Software: Windows 2000 Server, Windows 2000 Professional,
>>> Windows 2000 Datacenter Server, Windows 2000 Advanced Server, Windows XP
>>> Home Edition, Windows XP Professional, Windows XP Professional 64-Bit
>>> Edition, Windows Server 2003 for Small Business Server, Windows Server
>>> 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition,
>>> Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition,
>>> Windows Server 2003 Datacenter Edition for Itanium-based Systems,
>>> Windows Server 2003 Enterprise Edition for Itanium-based Systems,
>>> Internet Explorer 5.01, Windows Server 2003 Datacenter x64 Edition,
>>> Windows Server 2003 Enterprise x64 Edition, Windows Server 2003 Standard
>>> x64 Edition, Windows Vista, Windows Vista x64, Internet Explorer 6.0,
>>> Internet Explorer 6.0 for Windows XP Service Pack 2, Internet Explorer 6
>>> for Microsoft Windows XP Professional x64 Edition, Internet Explorer 6.0
>>> for Windows Server 2003, Internet Explorer 6 for Microsoft Windows
>>> Server 2003 x64 Edition, Internet Explorer 6 for Microsoft Windows
>>> Server 2003 for Itanium-based Systems, Internet Explorer 7.0 for Windows
>>> XP Service Pack 2 , Internet Explorer 7.0 For Windows 2003, Internet
>>> Explorer 7 for Windows 2003 for Itanium, Internet Explorer 7 for Windows
>>> 2003 x64 Edition, Internet Explorer 7.0 for Windows Vista, Internet
>>> Explorer 7.0 for Windows Vista x64
>>>
>>> MS07-028 - Vulnerability in CAPICOM Could Allow Remote Code Execution
>>> (931906)
>>> http://www.microsoft.com/technet/sec.../MS07-028.mspx
>>> -- Affected Software: CAPICOM, Platform SDK Redistrubutable: CAPICOM,
>>> BizTalk Server 2004
>>>
>>> MS07-029 - Vulnerability in Windows DNS RPC Interface Could Allow Remote
>>> Code Execution (935966)
>>> http://www.microsoft.com/technet/sec.../MS07-029.mspx
>>> -- Affected Software: Windows 2000 Server, Windows 2000 Professional,
>>> Windows 2000 Datacenter Server, Windows 2000 Advanced Server, Windows
>>> Server 2003 for Small Business Server, Windows Server 2003, Datacenter
>>> Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003,
>>> Standard Edition, Windows Server 2003, Web Edition, Windows Server 2003
>>> Datacenter Edition for Itanium-based Systems, Windows Server 2003
>>> Enterprise Edition for Itanium-based Systems, Windows Server 2003
>>> Datacenter x64 Edition, Windows Server 2003 Enterprise x64 Edition,
>>> Windows Server 2003 Standard x64 Edition
>>>
>>> Don't forget to read the CAVEATS in each security bulletins (if any).
>>>
>>> References:
>>> MS Security Bulletins for end-users:
>>> http://www.microsoft.com/athome/secu...ns/200705.mspx
>>> MS Security Bulletins for IT Pro:
>>> http://www.microsoft.com/technet/sec.../ms07-may.mspx
>>> MS Response Center Blog: http://blogs.technet.com/msrc/default.aspx
>>>
>>> Please note, Microsoft NEVER send security updates via e-mail. Download
>>> the updates only from the vendors website - visit Windows Update and
>>> Office Update or Microsoft Update websites. You may also get the updates
>>> thru Automatic Updates functionality in Windows system.
>>>
>>> Webcast:
>>> Microsoft will host a webcast tomorrow. The webcast focuses on
>>> addressing your questions and concerns about the security bulletins.
>>> Therefore, most of the live webcast is aimed at giving you the
>>> opportunity to ask questions and get answers from their security
>>> experts.
>>> Start Date: Wednesday, May 09, 2007 11:00 AM Pacific Time (US & Canada)
>>> Presenters: Christopher Budd, CCE, CISA, CISM, CISSP, ISSMP Security
>>> Program Manager, Microsoft Corporation and Mike Reavey, Lead Security
>>> Program Manager, Microsoft Corporation
>>> http://msevents.microsoft.com/CUI/We...CountryCode=US
>>>
>>> Tool:
>>> Check your system for missing or misconfigured patches using Microsoft
>>> Baseline Security Analyzer (MBSA)
>>> http://www.microsoft.com/technet/sec.../mbsahome.mspx
>>>
>>> Support:
>>> Call Microsoft at 1-866-PCSAFETY for issues on security patches if you
>>> are in the US and Canada. For other location, go here:
>>> http://support.microsoft.com/common/international.aspx
>>>
>>> --
>>> Regards,
>>> Donna Buenaventura
>>> Windows Security MVP
>>> w: http://cou.dozleng.com
>>> b: http://msmvps.com/donna
>>
>
>
> --
> Gerry Hickman (London UK)

05-08-2007	#1 (permalink)
Donna Buenaventura Guest	Microsoft Security Bulletins for May 2007 Microsoft has released the following security bulletins today: MS07-023 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233) http://www.microsoft.com/technet/sec.../MS07-023.mspx -- Affected Software: Office 2000, Excel 2000, Office XP, Excel 2002, Office 2003, Excel 2003, Excel Viewer 2003, Office System 2007, Excel 2007, Office 2004 for Macintosh MS07-024 - Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232) http://www.microsoft.com/technet/sec.../MS07-024.mspx -- Affected Software: Office 2000, Word 2000, Office XP, Word 2002, Office 2003, Word 2003, Word Viewer 2003, Office 2004 for Macintosh, Works 2004, Works 2005, Works 2006 MS07-025 - Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873) http://www.microsoft.com/technet/sec.../MS07-025.mspx -- Affected Software: Office 2000, Excel 2000, FrontPage 2000, Publisher 2000, Office XP, Excel 2002, FrontPage 2002, Publisher 2002, Office 2003, Excel 2003, FrontPage 2003, Publisher 2003, Excel Viewer 2003, Office System 2007, Excel 2007, Publisher2007, SharePoint Designer 2007, Expression Web, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats , Office 2004 for Macintosh MS07-026 - Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832) http://www.microsoft.com/technet/sec.../MS07-026.mspx -- Affected Software: Exchange 2000 Server, Exchange Server 2003, Exchange Server 2007 MS07-027 - Cumulative Security Update for Internet Explorer (931768) http://www.microsoft.com/technet/sec.../MS07-027.mspx -- Affected Software: Windows 2000 Server, Windows 2000 Professional, Windows 2000 Datacenter Server, Windows 2000 Advanced Server, Windows XP Home Edition, Windows XP Professional, Windows XP Professional 64-Bit Edition, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows Server 2003 Datacenter Edition for Itanium-based Systems, Windows Server 2003 Enterprise Edition for Itanium-based Systems, Internet Explorer 5.01, Windows Server 2003 Datacenter x64 Edition, Windows Server 2003 Enterprise x64 Edition, Windows Server 2003 Standard x64 Edition, Windows Vista, Windows Vista x64, Internet Explorer 6.0, Internet Explorer 6.0 for Windows XP Service Pack 2, Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition, Internet Explorer 6.0 for Windows Server 2003, Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition, Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems, Internet Explorer 7.0 for Windows XP Service Pack 2 , Internet Explorer 7.0 For Windows 2003, Internet Explorer 7 for Windows 2003 for Itanium, Internet Explorer 7 for Windows 2003 x64 Edition, Internet Explorer 7.0 for Windows Vista, Internet Explorer 7.0 for Windows Vista x64 MS07-028 - Vulnerability in CAPICOM Could Allow Remote Code Execution (931906) http://www.microsoft.com/technet/sec.../MS07-028.mspx -- Affected Software: CAPICOM, Platform SDK Redistrubutable: CAPICOM, BizTalk Server 2004 MS07-029 - Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) http://www.microsoft.com/technet/sec.../MS07-029.mspx -- Affected Software: Windows 2000 Server, Windows 2000 Professional, Windows 2000 Datacenter Server, Windows 2000 Advanced Server, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows Server 2003 Datacenter Edition for Itanium-based Systems, Windows Server 2003 Enterprise Edition for Itanium-based Systems, Windows Server 2003 Datacenter x64 Edition, Windows Server 2003 Enterprise x64 Edition, Windows Server 2003 Standard x64 Edition Don't forget to read the CAVEATS in each security bulletins (if any). References: MS Security Bulletins for end-users: http://www.microsoft.com/athome/secu...ns/200705.mspx MS Security Bulletins for IT Pro: http://www.microsoft.com/technet/sec.../ms07-may.mspx MS Response Center Blog: http://blogs.technet.com/msrc/default.aspx Please note, Microsoft NEVER send security updates via e-mail. Download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system. Webcast: Microsoft will host a webcast tomorrow. The webcast focuses on addressing your questions and concerns about the security bulletins. Therefore, most of the live webcast is aimed at giving you the opportunity to ask questions and get answers from their security experts. Start Date: Wednesday, May 09, 2007 11:00 AM Pacific Time (US & Canada) Presenters: Christopher Budd, CCE, CISA, CISM, CISSP, ISSMP Security Program Manager, Microsoft Corporation and Mike Reavey, Lead Security Program Manager, Microsoft Corporation http://msevents.microsoft.com/CUI/We...CountryCode=US Tool: Check your system for missing or misconfigured patches using Microsoft Baseline Security Analyzer (MBSA) http://www.microsoft.com/technet/sec.../mbsahome.mspx Support: Call Microsoft at 1-866-PCSAFETY for issues on security patches if you are in the US and Canada. For other location, go here: http://support.microsoft.com/common/international.aspx -- Regards, Donna Buenaventura Windows Security MVP w: http://cou.dozleng.com b: http://msmvps.com/donna

05-08-2007	#2 (permalink)
John J. Jobst Guest	Re: Microsoft Security Bulletins for May 2007 Maybe in a few hours they will do that, but right now many of the links in your post get me nothing.

05-08-2007	#3 (permalink)
Donna Buenaventura Guest	Re: Microsoft Security Bulletins for May 2007 Also: Non-Security, High-Priority Updates on MU, WU, WSUS and SUS * Microsoft has released six non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS). * Microsoft has released one non-security, high-priority update for Windows on Windows Update (WU) and Software Update Services (SUS). Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, Windows Server Update Services, and Software Update Services released on the same day as the security bulletin summary. Information will not be provided about non-security updates released on other days. "Donna Buenaventura" <dbuenaventura@mvps.org> wrote in message news:7B848EAA-F796-450C-AF93-59D9ED3B4336@microsoft.com... > Microsoft has released the following security bulletins today: > > MS07-023 - Vulnerabilities in Microsoft Excel Could Allow Remote Code > Execution (934233) > http://www.microsoft.com/technet/sec.../MS07-023.mspx > -- Affected Software: Office 2000, Excel 2000, Office XP, Excel 2002, > Office 2003, Excel 2003, Excel Viewer 2003, Office System 2007, Excel > 2007, Office 2004 for Macintosh > > MS07-024 - Vulnerabilities in Microsoft Word Could Allow Remote Code > Execution (934232) > http://www.microsoft.com/technet/sec.../MS07-024.mspx > -- Affected Software: Office 2000, Word 2000, Office XP, Word 2002, Office > 2003, Word 2003, Word Viewer 2003, Office 2004 for Macintosh, Works 2004, > Works 2005, Works 2006 > > MS07-025 - Vulnerability in Microsoft Office Could Allow Remote Code > Execution (934873) > http://www.microsoft.com/technet/sec.../MS07-025.mspx > -- Affected Software: Office 2000, Excel 2000, FrontPage 2000, Publisher > 2000, Office XP, Excel 2002, FrontPage 2002, Publisher 2002, Office 2003, > Excel 2003, FrontPage 2003, Publisher 2003, Excel Viewer 2003, Office > System 2007, Excel 2007, Publisher2007, SharePoint Designer 2007, > Expression Web, Microsoft Office Compatibility Pack for Word, Excel, and > PowerPoint 2007 File Formats , Office 2004 for Macintosh > > MS07-026 - Vulnerabilities in Microsoft Exchange Could Allow Remote Code > Execution (931832) > http://www.microsoft.com/technet/sec.../MS07-026.mspx > -- Affected Software: Exchange 2000 Server, Exchange Server 2003, Exchange > Server 2007 > > MS07-027 - Cumulative Security Update for Internet Explorer (931768) > http://www.microsoft.com/technet/sec.../MS07-027.mspx > -- Affected Software: Windows 2000 Server, Windows 2000 Professional, > Windows 2000 Datacenter Server, Windows 2000 Advanced Server, Windows XP > Home Edition, Windows XP Professional, Windows XP Professional 64-Bit > Edition, Windows Server 2003 for Small Business Server, Windows Server > 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows > Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows > Server 2003 Datacenter Edition for Itanium-based Systems, Windows Server > 2003 Enterprise Edition for Itanium-based Systems, Internet Explorer 5.01, > Windows Server 2003 Datacenter x64 Edition, Windows Server 2003 Enterprise > x64 Edition, Windows Server 2003 Standard x64 Edition, Windows Vista, > Windows Vista x64, Internet Explorer 6.0, Internet Explorer 6.0 for > Windows XP Service Pack 2, Internet Explorer 6 for Microsoft Windows XP > Professional x64 Edition, Internet Explorer 6.0 for Windows Server 2003, > Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition, > Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based > Systems, Internet Explorer 7.0 for Windows XP Service Pack 2 , Internet > Explorer 7.0 For Windows 2003, Internet Explorer 7 for Windows 2003 for > Itanium, Internet Explorer 7 for Windows 2003 x64 Edition, Internet > Explorer 7.0 for Windows Vista, Internet Explorer 7.0 for Windows Vista > x64 > > MS07-028 - Vulnerability in CAPICOM Could Allow Remote Code Execution > (931906) > http://www.microsoft.com/technet/sec.../MS07-028.mspx > -- Affected Software: CAPICOM, Platform SDK Redistrubutable: CAPICOM, > BizTalk Server 2004 > > MS07-029 - Vulnerability in Windows DNS RPC Interface Could Allow Remote > Code Execution (935966) > http://www.microsoft.com/technet/sec.../MS07-029.mspx > -- Affected Software: Windows 2000 Server, Windows 2000 Professional, > Windows 2000 Datacenter Server, Windows 2000 Advanced Server, Windows > Server 2003 for Small Business Server, Windows Server 2003, Datacenter > Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, > Standard Edition, Windows Server 2003, Web Edition, Windows Server 2003 > Datacenter Edition for Itanium-based Systems, Windows Server 2003 > Enterprise Edition for Itanium-based Systems, Windows Server 2003 > Datacenter x64 Edition, Windows Server 2003 Enterprise x64 Edition, > Windows Server 2003 Standard x64 Edition > > Don't forget to read the CAVEATS in each security bulletins (if any). > > References: > MS Security Bulletins for end-users: > http://www.microsoft.com/athome/secu...ns/200705.mspx > MS Security Bulletins for IT Pro: > http://www.microsoft.com/technet/sec.../ms07-may.mspx > MS Response Center Blog: http://blogs.technet.com/msrc/default.aspx > > Please note, Microsoft NEVER send security updates via e-mail. Download > the updates only from the vendors website - visit Windows Update and > Office Update or Microsoft Update websites. You may also get the updates > thru Automatic Updates functionality in Windows system. > > Webcast: > Microsoft will host a webcast tomorrow. The webcast focuses on addressing > your questions and concerns about the security bulletins. Therefore, most > of the live webcast is aimed at giving you the opportunity to ask > questions and get answers from their security experts. > Start Date: Wednesday, May 09, 2007 11:00 AM Pacific Time (US & Canada) > Presenters: Christopher Budd, CCE, CISA, CISM, CISSP, ISSMP Security > Program Manager, Microsoft Corporation and Mike Reavey, Lead Security > Program Manager, Microsoft Corporation > http://msevents.microsoft.com/CUI/We...CountryCode=US > > Tool: > Check your system for missing or misconfigured patches using Microsoft > Baseline Security Analyzer (MBSA) > http://www.microsoft.com/technet/sec.../mbsahome.mspx > > Support: > Call Microsoft at 1-866-PCSAFETY for issues on security patches if you are > in the US and Canada. For other location, go here: > http://support.microsoft.com/common/international.aspx > > -- > Regards, > Donna Buenaventura > Windows Security MVP > w: http://cou.dozleng.com > b: http://msmvps.com/donna

05-08-2007	#4 (permalink)
Donna Buenaventura Guest	Re: Microsoft Security Bulletins for May 2007 All links are online now except the MS Security Bulletins for end-users: http://www.microsoft.com/athome/secu...ns/200705.mspx which is change now to http://www.microsoft.com/protect/com...ns/200705.mspx Donna "John J. Jobst" <john.j.jobst@us.army.mil> wrote in message news:uIV2TnZkHHA.4904@TK2MSFTNGP05.phx.gbl... > Maybe in a few hours they will do that, but right now many of the links in > your post get me nothing. >

05-08-2007	#5 (permalink)
Gerry Hickman Guest	Re: Microsoft Security Bulletins for May 2007 Hi Donna, It would be nice if you could list the URLs and KB numbers for the non-security updates each month too. Donna Buenaventura wrote: > Also: > Non-Security, High-Priority Updates on MU, WU, WSUS and SUS > > * Microsoft has released six non-security, high-priority updates on > Microsoft Update (MU) and Windows Server Update Services (WSUS). > * Microsoft has released one non-security, high-priority update for > Windows on Windows Update (WU) and Software Update Services (SUS). > > Note that this information pertains only to non-security, high-priority > updates on Microsoft Update, Windows Update, Windows Server Update > Services, and Software Update Services released on the same day as the > security bulletin summary. Information will not be provided about > non-security updates released on other days. > > "Donna Buenaventura" <dbuenaventura@mvps.org> wrote in message > news:7B848EAA-F796-450C-AF93-59D9ED3B4336@microsoft.com... >> Microsoft has released the following security bulletins today: >> >> MS07-023 - Vulnerabilities in Microsoft Excel Could Allow Remote Code >> Execution (934233) >> http://www.microsoft.com/technet/sec.../MS07-023.mspx >> -- Affected Software: Office 2000, Excel 2000, Office XP, Excel 2002, >> Office 2003, Excel 2003, Excel Viewer 2003, Office System 2007, Excel >> 2007, Office 2004 for Macintosh >> >> MS07-024 - Vulnerabilities in Microsoft Word Could Allow Remote Code >> Execution (934232) >> http://www.microsoft.com/technet/sec.../MS07-024.mspx >> -- Affected Software: Office 2000, Word 2000, Office XP, Word 2002, >> Office 2003, Word 2003, Word Viewer 2003, Office 2004 for Macintosh, >> Works 2004, Works 2005, Works 2006 >> >> MS07-025 - Vulnerability in Microsoft Office Could Allow Remote Code >> Execution (934873) >> http://www.microsoft.com/technet/sec.../MS07-025.mspx >> -- Affected Software: Office 2000, Excel 2000, FrontPage 2000, >> Publisher 2000, Office XP, Excel 2002, FrontPage 2002, Publisher 2002, >> Office 2003, Excel 2003, FrontPage 2003, Publisher 2003, Excel Viewer >> 2003, Office System 2007, Excel 2007, Publisher2007, SharePoint >> Designer 2007, Expression Web, Microsoft Office Compatibility Pack for >> Word, Excel, and PowerPoint 2007 File Formats , Office 2004 for Macintosh >> >> MS07-026 - Vulnerabilities in Microsoft Exchange Could Allow Remote >> Code Execution (931832) >> http://www.microsoft.com/technet/sec.../MS07-026.mspx >> -- Affected Software: Exchange 2000 Server, Exchange Server 2003, >> Exchange Server 2007 >> >> MS07-027 - Cumulative Security Update for Internet Explorer (931768) >> http://www.microsoft.com/technet/sec.../MS07-027.mspx >> -- Affected Software: Windows 2000 Server, Windows 2000 Professional, >> Windows 2000 Datacenter Server, Windows 2000 Advanced Server, Windows >> XP Home Edition, Windows XP Professional, Windows XP Professional >> 64-Bit Edition, Windows Server 2003 for Small Business Server, Windows >> Server 2003, Datacenter Edition, Windows Server 2003, Enterprise >> Edition, Windows Server 2003, Standard Edition, Windows Server 2003, >> Web Edition, Windows Server 2003 Datacenter Edition for Itanium-based >> Systems, Windows Server 2003 Enterprise Edition for Itanium-based >> Systems, Internet Explorer 5.01, Windows Server 2003 Datacenter x64 >> Edition, Windows Server 2003 Enterprise x64 Edition, Windows Server >> 2003 Standard x64 Edition, Windows Vista, Windows Vista x64, Internet >> Explorer 6.0, Internet Explorer 6.0 for Windows XP Service Pack 2, >> Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition, >> Internet Explorer 6.0 for Windows Server 2003, Internet Explorer 6 for >> Microsoft Windows Server 2003 x64 Edition, Internet Explorer 6 for >> Microsoft Windows Server 2003 for Itanium-based Systems, Internet >> Explorer 7.0 for Windows XP Service Pack 2 , Internet Explorer 7.0 For >> Windows 2003, Internet Explorer 7 for Windows 2003 for Itanium, >> Internet Explorer 7 for Windows 2003 x64 Edition, Internet Explorer >> 7.0 for Windows Vista, Internet Explorer 7.0 for Windows Vista x64 >> >> MS07-028 - Vulnerability in CAPICOM Could Allow Remote Code Execution >> (931906) >> http://www.microsoft.com/technet/sec.../MS07-028.mspx >> -- Affected Software: CAPICOM, Platform SDK Redistrubutable: CAPICOM, >> BizTalk Server 2004 >> >> MS07-029 - Vulnerability in Windows DNS RPC Interface Could Allow >> Remote Code Execution (935966) >> http://www.microsoft.com/technet/sec.../MS07-029.mspx >> -- Affected Software: Windows 2000 Server, Windows 2000 Professional, >> Windows 2000 Datacenter Server, Windows 2000 Advanced Server, Windows >> Server 2003 for Small Business Server, Windows Server 2003, Datacenter >> Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, >> Standard Edition, Windows Server 2003, Web Edition, Windows Server >> 2003 Datacenter Edition for Itanium-based Systems, Windows Server 2003 >> Enterprise Edition for Itanium-based Systems, Windows Server 2003 >> Datacenter x64 Edition, Windows Server 2003 Enterprise x64 Edition, >> Windows Server 2003 Standard x64 Edition >> >> Don't forget to read the CAVEATS in each security bulletins (if any). >> >> References: >> MS Security Bulletins for end-users: >> http://www.microsoft.com/athome/secu...ns/200705.mspx >> MS Security Bulletins for IT Pro: >> http://www.microsoft.com/technet/sec.../ms07-may.mspx >> MS Response Center Blog: http://blogs.technet.com/msrc/default.aspx >> >> Please note, Microsoft NEVER send security updates via e-mail. >> Download the updates only from the vendors website - visit Windows >> Update and Office Update or Microsoft Update websites. You may also >> get the updates thru Automatic Updates functionality in Windows system. >> >> Webcast: >> Microsoft will host a webcast tomorrow. The webcast focuses on >> addressing your questions and concerns about the security bulletins. >> Therefore, most of the live webcast is aimed at giving you the >> opportunity to ask questions and get answers from their security experts. >> Start Date: Wednesday, May 09, 2007 11:00 AM Pacific Time (US & Canada) >> Presenters: Christopher Budd, CCE, CISA, CISM, CISSP, ISSMP Security >> Program Manager, Microsoft Corporation and Mike Reavey, Lead Security >> Program Manager, Microsoft Corporation >> http://msevents.microsoft.com/CUI/We...CountryCode=US >> >> >> Tool: >> Check your system for missing or misconfigured patches using Microsoft >> Baseline Security Analyzer (MBSA) >> http://www.microsoft.com/technet/sec.../mbsahome.mspx >> >> Support: >> Call Microsoft at 1-866-PCSAFETY for issues on security patches if you >> are in the US and Canada. For other location, go here: >> http://support.microsoft.com/common/international.aspx >> >> -- >> Regards, >> Donna Buenaventura >> Windows Security MVP >> w: http://cou.dozleng.com >> b: http://msmvps.com/donna > -- Gerry Hickman (London UK)

05-08-2007	#6 (permalink)
Donna Buenaventura Guest	Re: Microsoft Security Bulletins for May 2007 Hi, That's going to be tough because non-security updates usually don't show up "all-at-once" and/or no summary page for it like the security bulletins do but there's other method to get them: 1. Go to Microsoft Update - it should detect if a system requires update (whether it's a security update or not) 2. Go to Downloads page - http://www.microsoft.com/download and simply hit "Go" button (without entering any text)... then sort it by hitting "release date". All updates that is ready or just released should be at the top 3. Calendar of Updates (site I own but maintain by volunteers) http://cou.dozleng.com - we post the updates whether high or non-high as we find them. 4. There is feeds for all downloads as soon as it is ready: http://www.thundermain.com/rss/ Regards, Donna "Gerry Hickman" <gerry666uk@newsgroup.nospam> wrote in message news:%2335rHPbkHHA.4872@TK2MSFTNGP03.phx.gbl... > Hi Donna, > > It would be nice if you could list the URLs and KB numbers for the > non-security updates each month too. > > Donna Buenaventura wrote: >> Also: >> Non-Security, High-Priority Updates on MU, WU, WSUS and SUS >> >> * Microsoft has released six non-security, high-priority updates on >> Microsoft Update (MU) and Windows Server Update Services (WSUS). >> * Microsoft has released one non-security, high-priority update for >> Windows on Windows Update (WU) and Software Update Services (SUS). >> >> Note that this information pertains only to non-security, high-priority >> updates on Microsoft Update, Windows Update, Windows Server Update >> Services, and Software Update Services released on the same day as the >> security bulletin summary. Information will not be provided about >> non-security updates released on other days. >> >> "Donna Buenaventura" <dbuenaventura@mvps.org> wrote in message >> news:7B848EAA-F796-450C-AF93-59D9ED3B4336@microsoft.com... >>> Microsoft has released the following security bulletins today: >>> >>> MS07-023 - Vulnerabilities in Microsoft Excel Could Allow Remote Code >>> Execution (934233) >>> http://www.microsoft.com/technet/sec.../MS07-023.mspx >>> -- Affected Software: Office 2000, Excel 2000, Office XP, Excel 2002, >>> Office 2003, Excel 2003, Excel Viewer 2003, Office System 2007, Excel >>> 2007, Office 2004 for Macintosh >>> >>> MS07-024 - Vulnerabilities in Microsoft Word Could Allow Remote Code >>> Execution (934232) >>> http://www.microsoft.com/technet/sec.../MS07-024.mspx >>> -- Affected Software: Office 2000, Word 2000, Office XP, Word 2002, >>> Office 2003, Word 2003, Word Viewer 2003, Office 2004 for Macintosh, >>> Works 2004, Works 2005, Works 2006 >>> >>> MS07-025 - Vulnerability in Microsoft Office Could Allow Remote Code >>> Execution (934873) >>> http://www.microsoft.com/technet/sec.../MS07-025.mspx >>> -- Affected Software: Office 2000, Excel 2000, FrontPage 2000, Publisher >>> 2000, Office XP, Excel 2002, FrontPage 2002, Publisher 2002, Office >>> 2003, Excel 2003, FrontPage 2003, Publisher 2003, Excel Viewer 2003, >>> Office System 2007, Excel 2007, Publisher2007, SharePoint Designer 2007, >>> Expression Web, Microsoft Office Compatibility Pack for Word, Excel, and >>> PowerPoint 2007 File Formats , Office 2004 for Macintosh >>> >>> MS07-026 - Vulnerabilities in Microsoft Exchange Could Allow Remote >>> Code Execution (931832) >>> http://www.microsoft.com/technet/sec.../MS07-026.mspx >>> -- Affected Software: Exchange 2000 Server, Exchange Server 2003, >>> Exchange Server 2007 >>> >>> MS07-027 - Cumulative Security Update for Internet Explorer (931768) >>> http://www.microsoft.com/technet/sec.../MS07-027.mspx >>> -- Affected Software: Windows 2000 Server, Windows 2000 Professional, >>> Windows 2000 Datacenter Server, Windows 2000 Advanced Server, Windows XP >>> Home Edition, Windows XP Professional, Windows XP Professional 64-Bit >>> Edition, Windows Server 2003 for Small Business Server, Windows Server >>> 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, >>> Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, >>> Windows Server 2003 Datacenter Edition for Itanium-based Systems, >>> Windows Server 2003 Enterprise Edition for Itanium-based Systems, >>> Internet Explorer 5.01, Windows Server 2003 Datacenter x64 Edition, >>> Windows Server 2003 Enterprise x64 Edition, Windows Server 2003 Standard >>> x64 Edition, Windows Vista, Windows Vista x64, Internet Explorer 6.0, >>> Internet Explorer 6.0 for Windows XP Service Pack 2, Internet Explorer 6 >>> for Microsoft Windows XP Professional x64 Edition, Internet Explorer 6.0 >>> for Windows Server 2003, Internet Explorer 6 for Microsoft Windows >>> Server 2003 x64 Edition, Internet Explorer 6 for Microsoft Windows >>> Server 2003 for Itanium-based Systems, Internet Explorer 7.0 for Windows >>> XP Service Pack 2 , Internet Explorer 7.0 For Windows 2003, Internet >>> Explorer 7 for Windows 2003 for Itanium, Internet Explorer 7 for Windows >>> 2003 x64 Edition, Internet Explorer 7.0 for Windows Vista, Internet >>> Explorer 7.0 for Windows Vista x64 >>> >>> MS07-028 - Vulnerability in CAPICOM Could Allow Remote Code Execution >>> (931906) >>> http://www.microsoft.com/technet/sec.../MS07-028.mspx >>> -- Affected Software: CAPICOM, Platform SDK Redistrubutable: CAPICOM, >>> BizTalk Server 2004 >>> >>> MS07-029 - Vulnerability in Windows DNS RPC Interface Could Allow Remote >>> Code Execution (935966) >>> http://www.microsoft.com/technet/sec.../MS07-029.mspx >>> -- Affected Software: Windows 2000 Server, Windows 2000 Professional, >>> Windows 2000 Datacenter Server, Windows 2000 Advanced Server, Windows >>> Server 2003 for Small Business Server, Windows Server 2003, Datacenter >>> Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, >>> Standard Edition, Windows Server 2003, Web Edition, Windows Server 2003 >>> Datacenter Edition for Itanium-based Systems, Windows Server 2003 >>> Enterprise Edition for Itanium-based Systems, Windows Server 2003 >>> Datacenter x64 Edition, Windows Server 2003 Enterprise x64 Edition, >>> Windows Server 2003 Standard x64 Edition >>> >>> Don't forget to read the CAVEATS in each security bulletins (if any). >>> >>> References: >>> MS Security Bulletins for end-users: >>> http://www.microsoft.com/athome/secu...ns/200705.mspx >>> MS Security Bulletins for IT Pro: >>> http://www.microsoft.com/technet/sec.../ms07-may.mspx >>> MS Response Center Blog: http://blogs.technet.com/msrc/default.aspx >>> >>> Please note, Microsoft NEVER send security updates via e-mail. Download >>> the updates only from the vendors website - visit Windows Update and >>> Office Update or Microsoft Update websites. You may also get the updates >>> thru Automatic Updates functionality in Windows system. >>> >>> Webcast: >>> Microsoft will host a webcast tomorrow. The webcast focuses on >>> addressing your questions and concerns about the security bulletins. >>> Therefore, most of the live webcast is aimed at giving you the >>> opportunity to ask questions and get answers from their security >>> experts. >>> Start Date: Wednesday, May 09, 2007 11:00 AM Pacific Time (US & Canada) >>> Presenters: Christopher Budd, CCE, CISA, CISM, CISSP, ISSMP Security >>> Program Manager, Microsoft Corporation and Mike Reavey, Lead Security >>> Program Manager, Microsoft Corporation >>> http://msevents.microsoft.com/CUI/We...CountryCode=US >>> >>> Tool: >>> Check your system for missing or misconfigured patches using Microsoft >>> Baseline Security Analyzer (MBSA) >>> http://www.microsoft.com/technet/sec.../mbsahome.mspx >>> >>> Support: >>> Call Microsoft at 1-866-PCSAFETY for issues on security patches if you >>> are in the US and Canada. For other location, go here: >>> http://support.microsoft.com/common/international.aspx >>> >>> -- >>> Regards, >>> Donna Buenaventura >>> Windows Security MVP >>> w: http://cou.dozleng.com >>> b: http://msmvps.com/donna >> > > > -- > Gerry Hickman (London UK)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Microsoft Security Bulletins for October 2007	Donna Buenaventura \(MVP\)	Vista security	0	10-09-2007 12:51 PM
Microsoft Security Bulletins for June 2007	Donna Buenaventura	Vista security	3	06-12-2007 04:42 PM
Microsoft Security Bulletins for February 2007	Donna Buenaventura	Vista security	2	02-13-2007 08:20 PM
Microsoft Security Bulletins for February 2007	Donna Buenaventura	Vista security	1	02-13-2007 04:35 PM
Microsoft Security Bulletins for February 2007	Donna Buenaventura	Vista security	0	02-13-2007 12:44 PM