14 DAY TRIAL // As McAfee predicted almost a month back, October was synonymous with an escalation of security issues for Microsoft. This of course following a traditionally slow September when it comes down to both the patches and the vulnerabilities fronts. On Tuesday, October 9, Microsoft made available a total of six security bulletins, patching no less than nine vulnerabilities across a range of products including Windows, Internet Explorer, the company's desktop mail clients and Office Word. The fact of the matter is that the past week, the Redmond company announced seven security bulletins, but in the meantime, they managed to change their tune.
"We released 6 bulletins: 4 have a maximum severity rating of Critical and 2 have a maximum severity rating of Important. You might notice that we are shipping 6, not 7, bulletins this month, as we had originally stated in our Advance Notification Service last Thursday. As previously communicated, the ANS is always subject to change. We decided to remove one of the updates from the release schedule due to a quality control issue, so we can resolve that issue prior to releasing the update to customers," stated Tami Gallupe, Release Manager with the Microsoft Security Response Center.
No less than four of the security bulletins issued by Microsoft are labeled with a maximum severity rating of critical. This was necessary due to the fact that the vulnerabilities patched with this release of security updates allow for remote code execution in the eventuality of a successful exploit. The other two bulletins received a severity rating of Important due to the fact that they only permit Denial of Service attacks and Elevation of Privileges.
Gallupe also added that the "bulletins are as follows:
- MS07-055 addresses a vulnerability in Kodak Image Viewer, and is rated as a Critical bulletin. - MS07-056 addresses a vulnerability Outlook Express and Windows Mail, and is rated as a Critical bulletin for earlier versions of Windows and as an Important bulletin for Windows Vista. - MS07-057 is a Cumulative Security Update for Internet Explorer, and is rated as a Critical bulletin. - MS07-058 addresses a vulnerability in RPC, and is rated as an Important bulletin. - MS07-059 addresses a vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007, and is rated as an Important bulletin. - MS07-060 addresses a vulnerability in Microsoft Word, and is rated as a Critical bulletin for earlier versions and as an Important bulletin for more recent versions. "