Feb. 2007 Security Updates

Twelve patches-six critical and six important-addressing multiple vulnerabilities were distributed on the Feb. 2007 “Patch Tuesday.” The patches repair vulnerabilities in Windows, Internet Explorer (IE), Office, and Microsoft’s malicious software detection tools, but a new “zero-day” exploit is not covered by the February updates for Office. Microsoft also released a nonsecurity but important update to address changes to the dates for Daylight Saving Time (DST) in the United States and Canada, which could affect software including Windows, Office, SharePoint, Exchange, and Dynamics; if the patch is not installed, incorrect time calculations and missed appointments could result.

Critical Patches

Among the six critical patches, the most interesting in Feb. 2007 were the two fixes for Word (MS07-014) and Office (MS-015) that fix a variety of vulnerabilities, including some vulnerabilities that have been associated with “zero-day” exploits that have been publicly circulating for several months. However, shortly after the release of these updates, Microsoft released an additional advisory on a potential “zero-day” exploit for Office 2000 and XP. This exploit would require a user to open a malicious Office file attached to an e-mail or otherwise provided to them by an attacker.