The company published seven security bulletins as part of its monthly patch cycle. All are tagged "critical," its highest rating. Critical vulnerabilities typically allow an attacker to gain full control of an affected system with very little, if any, action by the user.
Most of the vulnerabilities addressed by Tuesday's fixes can only be exploited after someone visits a rigged Web site or opens a malicious file, attack approaches that are increasingly popular among cybercrooks.
Microsoft's MS07-027 update fixes six flaws in Internet Explorer that could be exploited through malicious Web sites. Three Microsoft updates deal with flaws in Office applications, including Office 2007. Most of these bugs exist because of errors in the way the applications handle certain files and could be exploited through a rigged Office file.
Microsoft's Patch Tuesday - another 19 updates released
Posted on Wednesday, May 09 2007 @ 12:56 CEST by Thomas De Maesschalck