Microsoft Patch Tuesday for June 2007

Microsoft released six security patches today. Four of them were rated critical, one important and one moderate. There are patches for all supported desktop OS platforms, Internet Explorer, a couple mail apps and for a couple versions of Visio. There aren’t any Office patches.

The four critical desktop patches are:

MS07-031 for Windows XP SP2, Windows XP x64 and Windows XP x64 SP2. It’s rated as “important” for Windows 2000 SP4. Earlier versions of Windows 2000 and XP may be affected but aren’t supported by Microsoft. On Windows XP this vulnerability can allow remote code execution. On other OS’s the vulnerability results in a denial of service attack (such as a system crash). The user must visit a malicious website to be exploited.

MS07-033 is the cumulative patch for all versions of Internet Explorer and is critical on all desktop OS’s that run it. Since this is a cumulative update it carries forward any baggage of earlier issues (like changes in ActiveX control handling). As usual, the most serious vulnerability impact is remote code execution. Six new vulnerabilities are identified in the bulletin some of which allow remote code execution.

MS07-034 is for Windows Mail on Vista (including Vista x64). It is rated “important” for Outlook Express 6 on all versions of Windows XP. There are five different vulnerabilities identified. On XP they may disclose information, on Vista they allow remote code execution.

MS07-035 is for all desktop OS’s except Vista. It’s not needed on Vista. This allows remote code execution.

The patches are released through Windows Update and are available for individual download.