Heading the list are three separate bulletins that, in all, address eight separate newly discovered vulnerabilities in Microsoft Office which could allow an attacker to take complete control of an affected system.
MS07-023 addresses BIFF record, set font and filter record vulnerabilities in Excel, while MS07-024 addresses array overflow, document stream and RTF parsing vulnerabilities that potentially allows remote execution of code. The last of the top three bulletins MS07-025 fixes the drawing object vulnerability in Office.
An additional two fixes address a total of 10 vulnerabilities related to Microsoft Exchange and Internet Explorer.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=iThe other four bulletins include one that addresses four newly discovered vulnerabilities in Microsoft Exchange, MS07-026. Another, MS07-027, addresses six vulnerabilities in Internet Explorer.
Microsoft also announced that its monthly installment of software designed to remove malicious software from users systems is available today. Microsoft said this month's update removes Win32/Renos. The software removal tool is available here.
Security provider McAfee (Quote) said its McAfee Avert Labs worked with Microsoft (Quote) to disclose and patch the vulnerability in Word and is encouraging users to update their systems as soon as possible.
"Of particular concern is the large number of Microsoft Office, Word, Excel and Internet Explorer vulnerabilities being patched today," said Dave Marcus, security research and communications manager at McAfee Avert Labs. "These applications are the most frequently targeted by malware (define) writers, so we recommend that all customers evaluate their security coverage and policies to insure they have adequate protection in place."