With 7 critical security updates

May 9, 2007 07:40 GMT  ·  By

March 2007 will have to remain a good memory, as the first Microsoft security sabbatical month in over two years, because in April and May the Redmond Company has regained its momentum. Following the past month - when Microsoft made available an out of band security update addressing the critical Windows Animated Cursor Handling vulnerability affecting Windows Vista, and the monthly security patch cycle, just as the DNS flaw took center stage - the Redmond Company's May security performance topped their achievement in April.

This month, Microsoft plugged a total of 19 vulnerabilities across a range of its products via no less than 7 security updates labeled with a Critical security rating. Excel, Word, Office, Exchange, Internet Explorer, Windows DNS and Microsoft CAPICOM are all the pieces of software affected by critical vulnerabilities that can allow an attacker to take complete ownership of a compromised system after a successful exploit.

Microsoft Security Bulletin MS07-023 addresses three vulnerabilities in Excel 2000, 2003, 2007 and in Microsoft Office 2004 for Mac. However, only the vulnerabilities in Microsoft Excel 2000 Service Pack 3 are considered critical.

Microsoft Security Bulletin MS07-024 is designed to resolve three vulnerabilities in Word 2000, 2003, Microsoft Works Suite 2004, 2005, and 2006 and Microsoft Office 2004 for Mac. Still, as was the case with Excel, only the vulnerabilities affecting Microsoft Word 2000 Service Pack 3 are Critical.

Microsoft Security Bulletin MS07-025 resolves a single vulnerability in Office 2000 SP3, Office XP SP3, Office 2003 SP2, Office 2007 System and Office 2004 for Mac.

Microsoft Security Bulletin MS07-026 will fix four vulnerabilities in Exchange 2000 Server SP3, Exchange Server 2003 SP1 and Exchange Server 2003 SP2 and Exchange Server 2007, all rated as Critical.

Microsoft Security Bulletin MS07-027 delivers the monthly Cumulative Security Update for Internet Explorer plugging six browser holes.

Microsoft Security Bulletin MS07-028 is meant for users of CAPICOM and Microsoft BizTalk Server 2004, that are affected by a critical vulnerability.

Microsoft Security Bulletin MS07-029 patches the critical vulnerability in the DNS Server Service that is under limited and targeted attacks since mid April.