Today Microsoft released six Security Bulletins detailing 15 vulnerabilities. Three of the vulnerabilities had surfaced before today’s fixes. Two vulnerabilities are uniquely found on Windows Vista; one can lead to disclosure of sensitive information on Vista and one to remote code execution via Vista’s Windows Mail. After the release of the patches today, exploit details for MS07-032, the Windows SChannel vulnerability have been posted.

Did Microsoft actually patch more than 15 vulnerabilities? The actual number is indeed higher judging from the MS07-030 Visio Security Bulletin: “This important update resolves […] in addition to other security issues identified during the course of the investigation.”. Silently fixing “other security issues” leaves Microsoft’s customers in the dark since they can’t tell the urgency to apply the patches and whether their security tools will protect the affected software.

The monthly update of the numbers is shown below. After adding the fifteen patched vulnerabilities, the 2007 numbers are still higher than those of earlier years.
Š