May 2007 Patch Tuesday

Microsoft released five critical security bulletins for desktop software today. In line with a growing trend, 3 of the 5 were for application software and not operating systems. Most of the vulnerabilities were also intended to be exploited through a website. Mac users also take notice since Office 2004 for the Mac is also vulnerable and needs patching.

MS07-023 is for Office, specifically Microsoft Excel. All versions from 2000-2007 are affected as-is the Excel viewers and compatibility packs. Office 2004 for Mac is also vulnerable and needs updating.

MS07-024 is also for Office, this time it’s for Word. The patch is NOT needed for the latest version, Word 2007. But it’s needed for all versions from 2000-2003 and Office 2004 for Mac. The Word viewer also needs updating, Microsoft Works 2004, 2005 and 2006 are also vulnerable and needs updating.

MS07-025 is another Office patch. and affects every version from 2000-2007 along with all the viewers and compatibility packs. Office 2004 for Mac is also affected and needs updating.

MS07-027 is the cumulative update for Internet Explorer. All supported versions of Internet Explorer on all supported operating systems are affected and needs to be updated.

MS07-028 is a patch for CAPCOM which is the “Cryptographic API Component Object Model”. CAPCOM is an Active X control that allows scriptors (VBS, ASP, etc…) he ability to encrypt data. It’s part of the Biztalk servers but may be installed by other software. My Windows XP SP2 machine needed the update, other systems may not need it.

You can get the updates through Windows Update. The links above will also bring you to the bulletins at the Microsoft site. I applied the updates to Windows XP SP2 and Vista without a problem. I don’t run any versions of Office at home so I can’t try those updates. There aren’t any compatibility warnings in the bulletins.