MS07-018 (Critical) — Fixes two flaws in Microsoft’s Content Management Server, a product that allows customers to build, deploy, and maintain Web sites. One is a remote code execution vulnerability in the way HTTP requests are handled and the second bug could cause spooofing or cross-site scripting attacks.
MS07-019 (Critical) — A remote code execution vulnerability in the Universal Plug and Play service. An attacker can use specially crafted HTTP requests to run arbitrary code in the context of local service.
MS07-020 (Critical) — A remote code execution vulnerability in the way Microsoft Agent handles certain specially crafted URLs. This puts Windows users at risk of drive-by Web-based attacks.
MS07-021 (Critical) — This covers three different CSRSS vulnerabilities, all affecting Windows Vista and prior versions of Windows. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. Exploit code for some of these are publicly available.
MS07-022 (Important) — A Windows kernel flaw that could allow privilege elevation attacks. This occurs the Windows Kernel allows for incorrect permissions to be used when mapping a memory segment.