Microsoft Monthly Security Bulletin Released

Microsoft’s June security releases contain 6 new bulletins, 4 of which have maximum severities of “Critical”. They have also re-released 2 bulletins involving remote code execution.

MS07-030 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051).

MS07-031 Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840).

MS07-032 Vulnerability in Windows Vista Could Allow Information Disclosure (931213).

MS07-033 Cumulative Security Update for Internet Explorer (933566).

MS07-034 Cumulative Security Update for Outlook Express and Windows Mail (929123).

MS07-035 Vulnerability in Win 32 API Could Allow Remote Code Execution (935839).

They also re-released the two bulletins below:

MS07-012 Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) (Updated to v2.0 to reflect applicability to Windows Server 2003 Service Pack 2, and explicitly noting that Platform SDK is not affected).

MS07-018 Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939) Updated to fix an issue whereby custom CMS2002 install paths could be reset in the registry to the default paths, as noted in KB article 924429 “known issues” section).

The Internet Explorer cumulative security update mainly is concerned with ActiveX controls in the browser that could allow hackers to seize total control over a user’s machine or to silently install software using web sites running the ActiveX controls. One update fixed a security hole that was already being exploited, since instructions were posted online.