Microsoft Patches 7 Critical Vulnerabilities

By Nate Mook | Published July 11, 2007, 1:27 PM

As part of its Patch Tuesday updates this week, Microsoft corrected 10 vulnerabilities in Windows and Office, 7 of which were deemed "critical." Three critical flaws were fixed in Excel that could allow for remote code execution, while one was fixed in Windows 2000 and Server 2003.

The final critical patch was for the .NET Framework, correcting three vulnerabilities - two of which affect client systems and one affecting Web servers running ASP.NET. Lastly, one "important" vulnerability was patched in Office and another in Windows XP; and one moderate flaw was fixed in Vista. Vista's firewall could allow incoming unsolicited network traffic to access a network interface and gather information.

Comments

View comments by with a score of at least

Microsoft are continuing to bulls***ing their "Vista is secure" propaganda by downgrading serious security bugs to moderate.

Score: 0

|

moderate=does not allow remote control of the sustem.

Critical= allows remote execution or seriously compromises stability/performance/integrity on a majority of configurations.

nd one moderate flaw was fixed in Vista. Vista's firewall could allow incoming unsolicited network traffic to access a network interface and gather information.

This clearly falls under moderate.

Nice try, though.

Score: 0

|

One of the updates (KB939373) is "flawed!" It keeps wanting to install itself even after a successful install. Looks like Microsoft has not improved.

Score: 0

|

Updates installed fine for me...

Score: 0

|

Yea, that was a pretty rough patch of road. I experienced the same problem on 2 out of 3 of my computers.

If you (1) fully shut down after installation instead of restarting, or (2) repeat the update process a few times, it will eventually take. I'm not sure if one of those approaches is better than the other, but one worked with each of my patching problems.

(Thanks, Microsoft, for wasting at least two hours of my time last night until I figured out was was happening and *finally* patched your sieve of an OS.)

Score: 0

|

No problem here on 4 machines.

Score: 0

|

ive had the same problems on about 35-40 of the machines here at work, which is a considerably smaller perecentage then what you had, closer to 20% or so, but the full shutdown method hasnt been as effective as trying to reinstall it by hand, that is just download it off microsoft.com and install it off a jump drive, usually takes the first time. maybe doing it in safemode would yeild better results.

Score: 0

|

Same here, installed without a hitch on my laptop and 2 desktops.

Score: 0

|

Installer service is not running in safe mode, good luck trying that route :)

Score: 0

|

Someone doesnt understand the difference between software and ISO format definitions.

Score: 0

|

The more things change....

I can't believe that Office 2007 is so bad that you can still execute remote code through it. Yet they want ISO to standardize that. Also, didn't any of the "experts" at Ecma check the latest formula errors in MS-OOXML?

Holy freakin' crapzilla. Only a suite that toolie could love.

Score: 0

|

of someone who is forced to deal with compatability of file types and having to teach all their users the new programs...:-( i couldnt switch even if i wanted to.

although on the corperate side, office is included in our licensing agreement for very low extra cost and any other non open source program would cost us more. and open source is hard or impossible to get immediate help on the phone or email for support, although it does have a greater base of forum support.

Score: 0

|

Only a suite that toolie could love.

..you neglect to account for the millions of other users of the software. If it were just me, you wouldn't need to be posting here getting your "fanboy" on for ODF.

As for the formula errors, technically, they aren't "wrong", simply undefined.

Which, before you start calling me names and posting your links to your little shrine is wrong.

However, I'd like, as an example, for you to point out to me where these functions are defined in the ODF spec.

Oh, that's right....You can't. They aren't there. ODF supplies roughly *zero* forumula specs. Hence projects like OpenFormula to take care of that for them.

So technically, they are both leaving some key components undefined. It then boils down to a question of which approach is better. A partially defined spec, or none at all.

Personally, I'm actually *with* ODF on this one.

Score: 0

|

64MB of patches. How lovely.
That's a 10th of the size of the operating system (yes, I realise they're not just patching the OS).

Score: 0

|

Keep in mind, that for any system update (Windows, Office, OSX, FF, WeatherBug), even something as simple as a spelling error requires the entire file (dll or whatever) to be replaced. Then, there are cascading effects. When one file is changed, it often requires other files to be updated, and so on downstream. It gets very complicated, very large, very quickly.

Score: 0

|

Which is why Windows needs to move to a more modular design, like Linux systems.

Score: 0

|

that would be nice if it could do that and keep its gui and "ease of use"

dont excactly have the most computer literate of clients here...

Score: 0

|

Google Chrome 4: Yes, it's fast, but is it usable?

As Betanews readers have responded to our stories about Chrome's JavaScript superiority...Does that mean we'd actually use this browser? Well...

Video: Netflix on PlayStation 3

Netflix has come to the PlayStation 3 via Blu-ray and BD-Live.

Verizon Wireless launches new Android, Chocolate, and ruggedized phones

The lower-priced Eris joins the Droid, while the Chocolate gets a touchscreen and more music playback.

Early sales figures for Windows 7 nicely high, but do we know why?

Fans of triple-digit surges in figures quoted by Betanews will love this one, as it appears Microsoft rediscovered how to pull off a software launch.

Myka announces its latest Linux-based 'net top box'

Myka's ION brings Boxee, XMBC, and much more to HDTVs.

What hath Mac wrought? A remembrance after a quarter-century

The reason there's a Macintosh today is not because of some brilliant flash of engineering genius, but because Apple had the audacity to learn from its mistakes.

Early build of Moblin 2.1 improves connectivity, but not device support

The Linux Foundation's Atom-centric OS yesterday received a major overhaul with the project release of Moblin 2.1 for netbooks and nettops.

The iPhone's China syndrome: Sales of 5,000 and climbing

There's actually a country where Apple's device is not a godsend, where sales can be measured in the dozens.

New European counterpart to FCC will ensure 'a more neutral net'

Late Thursday night, the ruling telecom administrators of the EU's member nations signed away their final authority to a new entity overseen by the EC.

Sophos study suggests Windows 7 UAC's default setting is self-defeating

Without any anti-virus installed, a Sophos test showed, User Account Control was only capable of thwarting just one malware package out of ten samples chosen.

Indiscreet tweet trips awareness of Web SSL vulnerability

A group of high-level security engineers had been making progress on thwarting a low-level threat to the Web, until somebody blurted it all out on Twitter.