Microsoft Security Patch Tuesday - May 2007

On Tuesday 8 May 2007 Microsoft is planning to release:

Security Updates

  • Two Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
  • Three Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting Microsoft Exchange. The highest Maximum Severity rating for these is Critical. These updates will not require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting CAPICOM and BizTalk. The highest Maximum Severity rating for these is Critical. These updates will not require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.
Microsoft Windows Malicious Software Removal Tool
  • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS

  • Microsoft will release 1 NON-SECURITY High-Priority Update for Windows on Windows Update (WU) and Software Update Services (SUS).
  • Microsoft will release 6 NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
View: Microsoft Security Bulletin Advance Notification

Report a problem with article
Previous Story

Porn played on Disney Channel in N.J.

Next Story

Orange announces flat rate pricing for mobile internet use

9 Comments

Commenting is disabled on this article.

Next week's Patch Tuesday updates from Microsoft will include fixes for a wide range of "critical" vulnerabilities in the Windows, Office and Exchange product lines, the software giant announced today.

As part of its advance notice mechanism, Microsoft said a total of 7 bulletins will be released on May 8, 2007. Here are the barebones details.

Two Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will require a restart.
Three Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates may require a restart.
One Microsoft Security Bulletin affecting Microsoft Exchange. The highest Maximum Severity rating for these is Critical. These updates will not require a restart.
One Microsoft Security Bulletin affecting CAPICOM and BizTalk. The highest Maximum Severity rating for these is Critical. These updates will not require a restart.
One of the "critical" bulletins will most certainly contain fixes for the Windows DNS RPC vulnerability that was being used in attacks by botnet herders last month.

According to FrSIRT, there are several known Microsoft Office vulnerabilities that are unpatched. The list includes two code-execution vulnerabilities, one each in Microsoft Word and Microsoft Powerpoint. The PowerPoint bug was reported to Microsoft nine months ago (July, 2006).

These critical patches are only released when new flaws are found. You have to remember that an OS when released supposedly stands up to all its current possible attacks and flaws. However as the days and weeks pass after release date new flaws are found and are patched as quickly as possible. For a lot of us we are very grateful for the patching no matter if it takes a few hours to a few days to be released as we know the company is trying to look after its customers. Yet there are still a few who will make a mockery of the system and whine about it till their pc bsod's.

p.s.

I'm guessing Jock and rich have still patched

rich.bradshaw said,
Why do you have to restart after Windows updates? What a stupid way to patch things...

It depends on whats being patched. Some services can be stopped, patched, and restarted, others cannot without loosing important capability. Vista is much better in this regard, but xp requires a lot of restarts

Andareed said,
Could be a kernel update.

If it's a kernel update then ANY OS will need a restart. As said above, Vista is a bit beter at patching then XP when it comes to restarts, but any low level updates will need a restart, that's kernel mode stuff. Now that MS has started to move more parts out of kernel mode and into user mode space restarts will be fewer and fewer.