HomeSecurity

Microsoft Patches Five ‘Critical’ Flaws

Ed Sutherland
By Ed Sutherland

Microsoft Windows and Office have the spotlight today, as the company released seven patches, five deemed critical, as part of its patch Tuesday.

In response to at least 10 vulnerabilities, the seven patches
fixed security holes in consumer and enterprise software.

At the top of the critical list is security bulletin MS06-035, which addresses a vulnerability in Windows Server 2003, as well as Windows XP and
Windows 2000. A security flaw in the Windows Server Service could
allow remote code execution.

Another critical security patch, MS06-036, hopes to keep Windows
computers online. A hole in the DHCP Client Service of both servers
and Windows XP and Windows 2000 machines could prevent systems from
connecting to the Internet.

Bulletin MS06-037 announces a patch that fixes a vulnerability permitting attackers to send malformed Excel files that later could be executed, taking control of a system, according to Jonathan Bitle, product manager of Qualys, a
managed security company.

Two of the critical patches affect Office users.

For those running Office 2000, Service Pack 3, Microsoft released
MS06-038, resolving two vulnerabilities, the most serious permitting
remote code execution.

The second Office hole affects Project 2000 users. The patch, MS06-038 resolves two vulnerabilities in Office, the most serious of which could allow remote code execution.

Microsoft also released two patches marked “important.”

In MS06-033, a vulnerability in ASP.NET could allow an attacker to gain access to information, such
as filenames, in the Applications folder.

The flaw could not allow
intruders to execute remote code or raise user rights, according to
Microsoft.

The final Tuesday patch is MS06-034, which could allow attackers to wrest control of a Windows IIS server by uploading
malformed .ASP Web pages.

Intruders would need to have valid logon
information for the vulnerability to work, according to today’s
security notice.

Today’s batch of security bulletins follows 12 security
notices the company released last month.

That group of patches included fixes
for Windows and Microsoft applications, including Windows Media
Player, Internet Explorer and Microsoft Outlook.

Ed Sutherland
Ed Sutherland
Previous article
House Passes Ban on Internet Gambling
Next article
Cisco Stirs up NAC Line

Similar Posts

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

Advertisers

Advertise with TechnologyAdvice on InternetNews and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2024 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.