It’s the nineteeth week of the year, and Microsoft issues fixes #23 through #27, running a bit ahead of the pace from the last couple of years. And “Remote Code Execution” is obviously the goal of the bad guys. Here’s the list:
- MS07-023 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)
- MS07-024 – Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)
- MS07-025 – Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)
- MS07-026 – Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)
- MS07-027 – Cumulative Security Update for Internet Explorer (931768)
- MS07-028 – Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)
- MS07-029 – Vulnerability in RPC on Windows DNS Server Could Allow
Here’s the Microsoft summary, with links for more details. The Internet Storm Center at the SANS Institute is rating most of these as “Patch Now!” with few contraindications. As usual, make backups, and get patching!