Black Tuesday Jan. 2007
Well now, this isn't so black…it's "just a flesh wound" really… 
As you may have heard MS decided to scale back the releases for this month at the last minute. Unfortunately the issues not being addressed are mostly Office bugs which have exploits in the wild.
Microsoft's official overview can be found here.
Of course, you know you want to check out ISC's gridtastic overview here.
MS07-001 (Important) CVE-2006-5574 is for Office 2003. Specifically it is for a very niche component, that is the Brazilian grammar checker. Apparently, when any of the vulnerable MS Office documents are opened, if it invokes the grammar checker it is potentially be exploitable.
MS07-002 (Critical) This has way too many CVEs for me to list inline and explain individually, but this is a combination of many privately reported vulnerabilities for Excel. I recommend seeing the Microsoft document to see all the problem descriptions on a single page. CVE-2007-0027 CVE-2007-0028 CVE-2007-0029 CVE-2007-0030 CVE-2007-0031
MS07-003 (Critical) This covers 3 vulnerabilities for Outlook Express. CVE-2006-1305 is a DoS caused by the processing of emails malformed email headers, and is individually rated as moderate. CVE-2007-0033 has to do with parsing a malformed VEVENT, and is generally rated as important, though it doesn't exist in Outlook 2000. CVE-2007-0034 on the other hand is what gives this cumulative patch its critical status. A potential remote code execution can occur when outlook parses a malformed .oss file. Specifically for Outlook 2000 this seems to be a critical vulnerability.
MS07-004 (Critical) This is a vulnerability in VML rendering in Internet Explorer and Outlook Express. No, not that 0-day VML vulnerability from a couple months ago, a new one! The original iDefense advisory lists a work around for those who can't patch, but it also has another tiny jewel I find funny: poor Jospeh Moti missed out on the iDefense Q3 Challenge, and therefore an additional $10,000, by a scant 10 days. Oh well, better luck next time (and there will be a next time, as I will post tomorrow). This issue is assigned CVE-2007-0024.
