4 Microsoft Security Bulletins for January 2007

Microsoft released four security updates for January, rating three of them as critical. Here's a brief description of each update; for more information, go to

http://www.microsoft.com/technet/security/bulletin/ms07-jan.mspx

MS07-001--Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution

This patch deals with a vulnerability in the Brazilian Portuguese version of Microsoft Office 2003. This vulnerability relies upon the user opening a specially crafted file and could be used to take control of an affected system.

Applies to: Microsoft Office 2003 SP2 (Brazilian Portuguese Version)

Recommendation: Unless your users use the Brazilian Portuguese Grammar Checker, you don't need to deploy this update.

MS07-002--Vulnerability in Microsoft Excel Could Allow Remote Code Execution

This patch resolves several exploits in Excel that involve remote code execution. To take advantage of this vulnerability, an attacker must convince a user to open a specially crafted Excel file. If your users are well educated, they will know not to open documents from untrusted sources.

Applies to: Excel versions prior to Excel 2007, Microsoft Works Suite versions prior to 2006, and Office 2004 and v.X for Mac

Recommendation: Remind users not to open documents form untrusted sources and test and deploy patch as quickly as possible.

MS07-003: Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution

This update, which replaces a previous update, fixes a remote code execution vulnerability, a Denial of Service (DoS) vulnerability, and a vulnerability in Advanced Find. Outlook users can trigger an attack simply by opening an email message, so this update is important.

Applies to: Outlook versions prior to 2007

Recommendation: Test and deploy as soon as possible if your organization uses Outlook.

MS07-004--Vulnerability in Vector Markup Language Could Allow Remote Code Execution

This update replaces an existing update (MS06-055) and deals with an exploit through which a Web page that uses Vector Markup Language can be used to leverage remote code execution.

Applies to: Windows versions prior to Vista

Recommendation: Although Web pages that use Vector Markup Language aren't common, you should still test and deploy this patch as quickly as possible because users might encounter such a page.