Patch Tuesday for May 2007

Mac users take note – It’s the second Tuesday of May and that means it’s patch day for Microsoft. Microsoft released 7 critical update bulletins. Three of them affect Office 2004 for Mac so if you’re a Office 2004 for Mac user read on along with just about every Windows user.

Two of the seven bulletins are for servers only. MS07-026 is for Exchange Server, including the latest version. MS07-029 is for the RPC interface to DNS server and affects their server software.

That leaves 5 bulletins for desktops. Three of them are for Office components.

MS07-023 is for Office, specifically Microsoft Excel 2000, 2002 (aka XP), 2003 and the latest version, Excel 2007. Excel 2004 for the Mac is also vulnerable and needs to be patched. The viewer for Excel 2003 and the compatibility pack for Office 2007 is also affected.

MS07-024 is also for Office, this time it’s for Word. The patch is NOT needed for the latest version, Word 2007. But it’s needed for Word 2000, Word 2002 (aka XP), Word 2003, Word 2004 for the Mac. Word Viewer 2003 also needs to be patched. And the list continues with Microsoft Works Suite 2004, 2005 and 2006. the update file for all three Works version is the same one as for Word 2002.

MS07-025 is another Office patch. Multiple Office components, pretty much every Office user will need the update as it affects Office 2000, Office 2002 (aka XP), Office 2003 and the latest version, Office 2007. Office 2004 for Mac is also affected and needs updating.

MS07-027 is the cumulative update for Internet Explorer. All supported versions of Internet Explorer on all supported operating systems are affected and needs to be updated.

MS07-028 is a patch for CAPCOM which is the “Cryptographic API Component Object Model”. CAPCOM is an Active X control that allows scriptors (VBS, ASP, etc…) he ability to encrypt data. It’s part of the Biztalk servers but may be installed by other software. My Windows XP SP2 machine needed the update, other systems may not need it.

This is a pretty depressing set up updates to see Microsoft release. It shoots holes through the statement that Microsoft has improved security and that their latest “2007” versions are the most secure ever. While they may be the “most secure ever” this set up updates adds ammunition to the argument that they aren’t much more secure. Four of the five desktops updates are needed across all versions, from oldest to newest. I guess it’s possible to say that Vista/Office 2007 only needed 4 out of the 5 patches so it was 20% more secure.