It’s the second Tuesday of July and that means patches from Microsoft. This month brings six patches, three rated critical, two important, and one moderate. Only five of the patches (and only two of the critical patches) are for desktops. The sixth patch only affects server operating systems. Windows Vista also gets its own unique patch although it’s the one rated moderate.
Two of the patches affect Microsoft Office software:
MS07-036 is rated critical and affects all versions of Microsoft Excel from Excel 2000 on up. It also applies to the Office 2007 compatibility pack. It’s only rated critical for Excel 2000. Microsoft rates the other versions as “important”. The bulletin does not list any known issues.
MS07-037 is rated important and affects Microsoft Office Publisher 2007 only. The bulletin does not list any known issues.
One patch affects Vista only:
MS07-038 is rated moderate and affects Windows Vista, both 32-bit and 64-bit versions. This patches a vulnerability in the Windows Vista firewall that could allow an attacker to gather information about a host. There are no known issues listed in the bulletin.
One patch affects .NET:
MS07-040 is rated critical and affects .NET versions 1.x and 2.x, version 3.x is not affected. All operating systems are affected if they have a vulnerable version of .NET installed. There are no known issues listed in the bulletin.
The final desktop patch, MS-07-041, is rated important and affects Microsoft Internet Information Server (IIS) when running on Windows XP SP2. Earlier versions of Windows XP may be affected but Microsoft only supports service pack 2. IIS is not installed by default on Windows XP.
The server patch is is MS07-039 and is a vulnerability in Active Directory that’s rated critical.
The patches are available through automatic update or can be downloaded individually from Microsoft.