Microsoft Security Bulletin Summary for May 2007
Published: | Updated:
This bulletin summary lists security bulletins released for May 2007.
Security Central: Microsoft has provided information, about how you can help protect your computer system, at the following locations:
- Consumers can visit Security At Home, where this information is also available by clicking “Latest Security Updates”.
- IT Professionals can visit the TechNet Security Center.
Update Management Strategies: Security Guidance for Patch Management provides additional information about Microsoft’s best-practice recommendations for applying security updates.
IT Pro Security Zone Community: Learn to improve security and optimize your IT infrastructure, and participate with other IT Pros on security topics in IT Pro Security Community.
Microsoft Security Notification Service: To receive automatic e-mail notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications.
This bulletin summary includes security updates for newly discovered vulnerabilities. Their security bulletins, in order of severity, are as follows:
Microsoft thanks the following for working with us to help protect customers:
- Manuel Santamarina Suarez, working with TippingPoint and Zero Day Initiative, for reporting an issue described in MS07-023.
- Greg MacManus of iDefense Labs for reporting an issue described in MS07-023.
- Craig Schmugar of McAfee Avert Labs for working with us on an issue described in MS07-024.
- Andreas Marx of AV-Test for working with us on an issue described in MS07-024.
- Jun Mao, working with iDefense Labs, for reporting an issue described in MS07-024.
- Martijn Brinkers of Izecom for reporting an issue described in MS07-026.
- Alexander Sotirov of Determina Security Research for reporting an issue described in MS07-026.
- Joxean Koret, working with the iDefense Vulnerability Contributor Program, for reporting an issue described in MS07-026.
- TippingPoint and Zero Day Initiative for reporting an issue described in MS07-027.
- JJ Reyes of Secunia Research for reporting an issue described in MS07-027.
- Haifei Li of Fortinet's FortiGuard Global Security Research Team for reporting an issue described in MS07-027.
- Chris Ries of VigilantMinds Inc. for reporting the issue described in MS07-028.
- Mark Hofman of SANS ISC Handlers for working with us on the issue described in MS07-029.
- Bill O'Malley with the Information Security Office at Carnegie Mellon University for working with us on the issue described in MS07-029.
Microsoft Windows Malicious Software Removal Tool:
Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
Note that this tool is not distributed using Software Update Services (SUS).
Non-Security, High-Priority Updates on MU, WU, WSUS and SUS:
- Microsoft has released six non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
- Microsoft has released one non-security, high-priority update for Windows on Windows Update (WU) and Software Update Services (SUS).
Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, Windows Server Update Services, and Software Update Services released on the same day as the security bulletin summary. Information will not be provided about non-security updates released on other days.
Obtaining Other Security Updates:
Updates for other security issues are available from the following locations:
- Security updates are available from Microsoft Download Center. You can find them most easily by doing a keyword search for "security_patch".
- Updates for consumer platforms are available from Microsoft Update.
- You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086.
- Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.
- International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.
- TechNet Security Center provides additional information about security in Microsoft products.
- Microsoft Software Update Services
- Microsoft Windows Server Update Services
- Microsoft Baseline Security Analyzer (MBSA)
- Microsoft Update
- Windows Update
- Windows Update Catalog: For more information about the Windows Update Catalog, see Microsoft Knowledge Base Article 323166.
- Office Update
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- V1.0 (May 8, 2007): Bulletin summary published.
- V1.1 (June 6, 2007): Bulletin summary updated to remove the literal “Service Pack 1” from all instances of “Windows Server 2003 x64 Edition Service Pack 1” in the table, Affected Software and Download Locations.
- V2.0 (March 26, 2008): Bulletin summary updated to add notes about Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 for MS07-025 in the table, Affected Software and Download Locations.
- V2.1 (April 30, 2008): Bulletin summary updated to remove Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 from the Affected Software table.