June Security Release Alert

As part of Microsoft’s commitment to deliver security updates on a predictable and consistent monthly schedule, Microsoft released six new security bulletins on 12 June 2007.


Here is an overview of these new security bulletins:


Bulletin Number


Maximum Severity Rating

Products Affected


Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)


Visio 2002, 2003


Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)


Windows 2000, Windows XP, Windows Server 2003


Vulnerability in Windows Vista Could Allow Information Disclosure (931213)


Windows Vista


Cumulative Security Update for Internet Explorer (933566)


All current versions Internet Explorer on all currently supported versions of Microsoft Windows


Cumulative Security Update for Outlook Express and Windows Mail (929123)


Outlook Express 6 on Windows XP and Windows Server 2003; Windows Mail on Windows Vista


Vulnerability in Win 32 API Could Allow Remote Code Execution (935839)


Windows 2000, Windows XP, Windows Server 2003



You can find a more comprehensive bulletin summary at the Microsoft’s Security Update Archive: http://www.microsoft.com/technet/security/current.aspx.  All recent updates are available for download at http://www.microsoft.com/security/.


Microsoft continues to urge all customers running Windows XP to update to the latest version of Windows XP, Windows XP Service Pack 2 with Advanced Security Technologies. More information is available at http://www.microsoft.com/security/.  We also encourage customers to deploy Windows Server 2003 Service Pack 2 which provides customers with significant security enhancements and reliability and performance improvements. More information about Windows Server 2003 Service Pack 2 is available at http://www.microsoft.com/windowsserver2003/default.mspx.


Microsoft recommends that all customers sign up for Microsoft Update (MU) and enable its Automatic Updates functionality to receive all updates available this month and to help make their systems more secure. MU is a service offered at no charge that gives customers everything they get through Windows Update (WU), plus high priority updates for Office and other Microsoft applications. MU includes the Automatic Updates functionality already found in WU so users can choose to automatically install high-priority updates. Customers can sign up for MU by following the steps at: http://update.microsoft.com/microsoftupdate.


Additional Resources


Microsoft encourages system administrators to join the monthly technical webcast to learn more about this month’s security updates, the Malicious Software Removal Tool and the TechNet IT Pro Security Newsletter column on Principles of Patch Management:


Title: Information about Microsoft June Security Bulletins (Level 200) 


When: Wednesday, June 13, 2007 11:00 AM Pacific Time (US & Canada)


URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032327013