Microsoft today issued six security updates for Windows, Office and the .Net Framework - five of them rated as critical.
The most serious of the batch is MS07-039, which patches a pair of bugs in Active Directory in Windows 2000 Server and Windows Server 2003, the two supported server editions of Microsoft's operating system. The most dangerous of the two is a vulnerability in the way Active Directory validates an LDAP (Lightweight Directory Access Protocol) request. According to Microsoft's write-up, "an attacker who successfully exploited this vulnerability could take complete control of an affected system."
Two of the remaining five bulletins were pegged "critical" by Microsoft, while another two were marked "important." The final update was tagged as "moderate."
MS07-036, which patches three vulnerabilities, two of them judged critical and one of them a zero-day flaw already out in public, repairs bugs in Excel 2000, 2002, 2003 and 2007.
The third critical update, MS07-040, plugs three holes in the .Net Framework, the primary Windows runtime environment called on by developers. The fixes in MS07-040 apply to all but Version 3.x of .Net Framework.
Of the remaining security updates, one fixes a flaw in Publisher 2007, another patches Internet Information Services 5.1 on Windows XP Professional SP2, and the third quashes a bug in Windows Vista's bundled firewall.
That last, although rated "moderate," second-from-the-bottom in Microsoft's four-step severity rating system, is worth some reflection, said Symantec's Friedrichs.
For additional information and downloads, visit http://www.microsoft.com/technet/security/bulletin/ms07-jul.mspx