| With 12 security patches being flagged as critical, plus this week’s Daylight Saving Time fixes, your patch session this month will be extensive. |
Because there are so many this month, I’m putting all the similar patches together within sections below. First up are the critical Office patches.
MS07-011, MS07-012, MS07-013, MS07-014, and MS07-015
Office patches fix a few 0-day threats
The good news is that we have a few Office zero-days now patched. The bad news is that we now have five interrelated patches that need to be applied to our systems.
MS07-014 (929434) and MS07-015 (932554) are the most critical patches of the bunch. But MS07-011 (926436), MS07-012 (923436), and MS07-013 (918118) are also important because they affect the way that Office interacts with Rich Text, embedded links, and documents.
MS07-014 and MS07-015 already have exploits in the wild. This means that you should place the entire lineup of Office patches on a fast track for patching.
I’ve seen some reports of exploits flipping users’ default printers to the Microsoft XPS Document writer. Fortunately, there’s a quick fix — you can easily reset your default printer.
If you’re running Office XP, as opposed to Office 2003, your KB numbers will be different than those listed above. On my old, "crusty" test computer, I was offered the Office 2003 versions of the patches as well as the Office XP versions. Thus, I also saw 920816, 929063, and 929061, reflecting various versions of Word, Visio, and Excel. Don’t be surprised to see 20 or more patches suggested in the Microsoft Update window this month.
Internet Explorer 7 gets patched
Internet Explorer 6 — and now IE7 — get their normal patch rollups in MS07-016 (928090). This patch applies to all supported versions of Windows except Vista, which is immune to the threat.