Two of the patches affect Microsoft Office software:

MS07-036 is rated critical and affects all versions of Microsoft Excel from Excel 2000 on up. It also applies to the Office 2007 compatibility pack. It’s only rated critical for Excel 2000. Microsoft rates the other versions as “important”. The bulletin does not list any known issues.

MS07-037 is rated important and affects Microsoft Office Publisher 2007 only. The bulletin does not list any known issues.

One patch affects Vista only:

MS07-038 is rated moderate and affects Windows Vista, both 32-bit and 64-bit versions. This patches a vulnerability in the Windows Vista firewall that could allow an attacker to gather information about a host. There are no known issues listed in the bulletin.

One patch affects .NET:

MS07-040 is rated critical and affects .NET versions 1.x and 2.x, version 3.x is not affected. All operating systems are affected if they have a vulnerable version of .NET installed. There are no known issues listed in the bulletin.

The final desktop patch, MS-07-041, is rated important and affects Microsoft Internet Information Server (IIS) when running on Windows XP SP2. Earlier versions of Windows XP may be affected but Microsoft only supports service pack 2. IIS is not installed by default on Windows XP.

The server patch is is MS07-039 and is a vulnerability in Active Directory that’s rated critical.

The patches are available through automatic update or can be downloaded individually from Microsoft.

The four critical desktop patches are:

MS07-031 for Windows XP SP2, Windows XP x64 and Windows XP x64 SP2. It’s rated as “important” for Windows 2000 SP4. Earlier versions of Windows 2000 and XP may be affected but aren’t supported by Microsoft. On Windows XP this vulnerability can allow remote code execution. On other OS’s the vulnerability results in a denial of service attack (such as a system crash). The user must visit a malicious website to be exploited.

MS07-033 is the cumulative patch for all versions of Internet Explorer and is critical on all desktop OS’s that run it. Since this is a cumulative update it carries forward any baggage of earlier issues (like changes in ActiveX control handling). As usual, the most serious vulnerability impact is remote code execution. Six new vulnerabilities are identified in the bulletin some of which allow remote code execution.

MS07-034 is for Windows Mail on Vista (including Vista x64). It is rated “important” for Outlook Express 6 on all versions of Windows XP. There are five different vulnerabilities identified. On XP they may disclose information, on Vista they allow remote code execution.

MS07-035 is for all desktop OS’s except Vista. It’s not needed on Vista. This allows remote code execution.

The patches are released through Windows Update and are available for individual download.

MS07-023 is for Office, specifically Microsoft Excel. All versions from 2000-2007 are affected as-is the Excel viewers and compatibility packs. Office 2004 for Mac is also vulnerable and needs updating.

MS07-024 is also for Office, this time it’s for Word. The patch is NOT needed for the latest version, Word 2007. But it’s needed for all versions from 2000-2003 and Office 2004 for Mac. The Word viewer also needs updating, Microsoft Works 2004, 2005 and 2006 are also vulnerable and needs updating.

MS07-025 is another Office patch. and affects every version from 2000-2007 along with all the viewers and compatibility packs. Office 2004 for Mac is also affected and needs updating.

MS07-027 is the cumulative update for Internet Explorer. All supported versions of Internet Explorer on all supported operating systems are affected and needs to be updated.

MS07-028 is a patch for CAPCOM which is the “Cryptographic API Component Object Model”. CAPCOM is an Active X control that allows scriptors (VBS, ASP, etc…) he ability to encrypt data. It’s part of the Biztalk servers but may be installed by other software. My Windows XP SP2 machine needed the update, other systems may not need it.

You can get the updates through Windows Update. The links above will also bring you to the bulletins at the Microsoft site. I applied the updates to Windows XP SP2 and Vista without a problem. I don’t run any versions of Office at home so I can’t try those updates. There aren’t any compatibility warnings in the bulletins.