OK, the good bad news is out. Here are the four critical patches. There is also one important and one moderate. Right, hop to it.
MS07-031 Windows Schannel Security Package Could Allow Remote Code Execution
This critical security update resolves a privately reported vulnerability in the Secure Channel (Schannel) security package in Windows. The Schannel security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using an Internet Web browser or used an application that makes use of SSL/TLS. However, attempts to exploit this vulnerability would most likely result in the Internet Web browser or application exiting. The system would not be able to connect to Web sites or resources using SSL or TLS until a restart of the system.
MS07-033 Cumulative Security Update for Internet Explorer
This critical security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. All but one of these vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. One vulnerability could allow spoofing, and also involves a specially crafted Web page. In all remote code execution cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. For the spoofing case, exploitation requires user interaction.
This is a critical security update for supported releases of Internet Explorer 5.01 and Internet Explorer 6, and most supported releases of Internet Explorer 7. For Internet Explorer 7 for supported versions and editions of Windows Server 2003, this update is rated moderate. For more information, see the subsection, Affected and Non-Affected Software, in this section.
This security update addresses two vulnerabilities by setting the kill bit for COM objects and for the rest, by modifying the way that Internet Explorer handles calls, error conditions, and special features such as Language Pack Installation and Speech Control.
MS07-034 Cumulative Security Update for Outlook Express and Windows Mail
This critical security update resolves two privately reported and two publicly disclosed vulnerabilities. One of these vulnerabilities could allow remote code execution if a user viewed a specially crafted e-mail using Windows Mail in Windows Vista. The other vulnerabilities could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer and cannot be exploited directly in Outlook Express. For the information disclosure vulnerabilities, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for supported editions of Windows Vista. For other versions of Windows, this update is rated important or moderate or low.
MS07-035 Vulnerability in Win 32 API Could Allow Remote Code Execution
This critical security update resolves a privately reported vulnerability in a Win32 API. This vulnerability could allow remote code execution or elevation of privilege if the affected API is used locally by a specially crafted application. Therefore applications that use this component of the Win32 API could be used as a vector for this vulnerability. For example, Internet Explorer uses this Win32 API function when parsing specially crafted Web pages.
This is a critical security update for all supported versions of Windows 2000, Windows XP, and Windows Server 2003.
Related Security Advisories:
Microsoft Windows Win32 API Code Execution Vulnerability
Microsoft Visio Two Code Execution Vulnerabilities
Windows Secure Channel Digital Signature Parsing Vulnerability
Microsoft Outlook Express and Windows Mail Multiple Vulnerabilities
Microsoft Windows Vista User Information Disclosure
Internet Explorer Multiple Vulnerabilities
[tags]MS07-031, MS07-033, MS07-034, MS07-035, Patch Tuesday[/tags]