Microsoft's dominant Internet Explorer browser has undergone a security makeover to correct at least four vulnerabilities that could be used in code execution attacks if a user simply surfs to a maliciously rigged Web page.
The cumulative IE update (MS07-057), shipped as part of this month's Patch Tuesday updates, carries a "critical" rating on all versions except for IE 7 on Windows Server 2007. Internet Explorer 7 on Windows Vista is affected.
In all, Microsoft released six bulletins (one was withdrawn at the last minute) with patches for at least nine software vulnerabilities.
Two of the four vulnerabilities being patched -- browser entrapment bugs that makes it easy to launch phishing attacks -- was first discussed back in February when Michal Zalewski published proof-of-concept exploits.
The ever-present Microsoft Word application also gets a major bandaid in this patch batch. The software giant's 60th bulletin for 2007 (MS07-060) patches a "critical" remote code execution vulnerability exists in the way the word processing program handles specially crafted Word files.
"The vulnerability could allow remote code execution if a user opens a specially crafted Word file with a malformed string," Microsoft warned.
The flaw affects users of Office 2000, Office XP and Office 2004 for Mac.
A third "critical" bulletin (MS07-055) provides cover for a remote code execution vulnerability affecting the Kodak Image Viewer, formerly known as Wang Image Viewer. This flaw is most serious on systems running Windows 2000 but Microsoft warned that Windows XP and Windows Server 2003 may also be affected if upgraded from Windows 2000.
Windows Vista users should also pay attention to MS07-056, which covers a nasty flaw in the way Outlook Express and Vista's built-in Windows Mail handles NNTP responses. This bug could be exploit if a user simply browses to a booby-trapped Web site.
The October updates also includes MS07-058, covering an "important" denial-of-service flaw in RPC authentication (Windows Vista is affected); and MS07-059, which corrects a privilege escalation bug affecting Windows SharePoint Services 3.0 and Office SharePoint Server 2007.