On February 13, 2007, Microsoft released 12 Security Bulletins addressing 20 separate vulnerabilities. Components addressed include Microsoft Windows, Microsoft Office, Microsoft Visual Studio, Microsoft Step-by-Step Interactive Training, Microsoft Antivirus, and Microsoft Data Access Components. A February 2 vulnerability in Excel was among the issues addressed. Other outstanding vulnerabilities addressed in this release include four Microsoft Word Vulnerabilities, and a ADODB.Connection ActiveX vulnerability. At this time, several Microsoft vulnerabilities still remain unpatched. These include the new Microsoft Word vulnerability identified on February 8 by McAfee Avert Labs, a Microsoft Client Server Run-Time Subsystem Vulnerability, a Microsoft Internet Explorer Pop-Up Address Bar Spoofing vulnerability, and a Microsoft Windows Internet Connection Sharing Vulnerability.
- Critical
- Systems worldwide are targeted by a worm.
- New malware that potentially can cause damage has been reported and has spread globally.
- Elevated
- An unpatched or recently patched vulnerability is present on many systems worldwide but requires user interaction to be exploited.
- An existing vulnerability becomes more serious because new exploit code has been published.
- There is new malware activity, but it is not widespread.
- Low
- There is no direct threat to systems that have been patched.
- No new significant malware activity has been reported.
- Severe
- An unpatched or recently patched vulnerability can be exploited by a worm, and systems worldwide are at risk to be targeted by a particular worm. No worm activity has been identified.
- A high incidence of new malware that potentially can cause damage has been reported.
