Black Tuesday Comes Once a Month at Microsoft

microsoft-logo.jpgThe most valid thing you can do to prevent virus infection is to keep your patches up to date — 99.95% of virus’s use existing, known vulnerabilities that already have fixes.

Once a month on Tuesdays Microsoft releases their latest set of bulletins, and it’s your duty if you surf the net with Gates Gear to get yourself patched. Today’s the day, it’s Black Tuesday. If you don’t patch you can become part of someone’s botnet, the botmasters use your precious bandwidth to spam behind your back.

You don’t want to become the Russian Cyber Mafia’s biatch right? So go get patched.

The critical patches are listed below the fold:
Bulletin Identifier Microsoft Security Bulletin MS07-055
Bulletin Title
Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)

Executive Summary
This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in the way that the Kodak Image Viewer, formerly known as Wang Image Viewer, handles specifically crafted images files. The vulnerability could allow an attacker to remotely execute code on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating
Critical

Impact of Vulnerability
Remote Code Execution

Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will require a restart.

Affected Software
Windows. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier Microsoft Security Bulletin MS07-056
Bulletin Title
Security Update for Outlook Express and Windows Mail (941202)

Executive Summary
This critical security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution due to an incorrectly handled malformed NNTP response. An attacker could exploit the vulnerability by constructing a specially crafted Web page.

Maximum Severity Rating
Critical

Impact of Vulnerability
Remote Code Execution

Detection
Microsoft Baseline Security Analyzer and Enterprise Update Scan Tool can detect whether your computer system requires this update. The update will not require a restart, except in certain situations and for Windows Vista.

Affected Software
Windows, Outlook Express, Windows Mail. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier Microsoft Security Bulletin MS07-057
Bulletin Title
Cumulative Security Update for Internet Explorer (939653)

Executive Summary
This critical security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerability with the most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating
Critical

Impact of Vulnerability
Remote Code Execution

Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will require a restart.

Affected Software
Windows, Internet Explorer. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier Microsoft Security Bulletin MS07-060
Bulletin Title
Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)

Executive Summary
This security update resolves a privately reported vulnerability in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file with a malformed string. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating
Critical

Impact of Vulnerability
Remote Code Execution

Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update will not require a restart.

Affected Software
Office. For more information, see the Affected Software and Download Locations section.