Microsoft Patches Five ‘Critical’ Flaws

Microsoft Windows and Office have the spotlight today, as the company released seven patches, five deemed critical, as part of its patch Tuesday.

In response to at least 10 vulnerabilities, the seven patches
fixed security holes in consumer and enterprise software.

At the top of the critical list is security bulletin MS06-035, which addresses a vulnerability in Windows Server 2003, as well as Windows XP and
Windows 2000. A security flaw in the Windows Server Service could
allow remote code execution.

Another critical security patch, MS06-036, hopes to keep Windows
computers online. A hole in the DHCP Client Service of both servers
and Windows XP and Windows 2000 machines could prevent systems from
connecting to the Internet.

Bulletin MS06-037 announces a patch that fixes a vulnerability permitting attackers to send malformed Excel files that later could be executed, taking control of a system, according to Jonathan Bitle, product manager of Qualys, a
managed security company.

Two of the critical patches affect Office users.

For those running Office 2000, Service Pack 3, Microsoft released
MS06-038, resolving two vulnerabilities, the most serious permitting
remote code execution.

The second Office hole affects Project 2000 users. The patch, MS06-038 resolves two vulnerabilities in Office, the most serious of which could allow remote code execution.

Microsoft also released two patches marked “important.”

In MS06-033, a vulnerability in ASP.NET could allow an attacker to gain access to information, such
as filenames, in the Applications folder.

The flaw could not allow
intruders to execute remote code or raise user rights, according to
Microsoft.

The final Tuesday patch is MS06-034, which could allow attackers to wrest control of a Windows IIS server by uploading
malformed .ASP Web pages.

Intruders would need to have valid logon
information for the vulnerability to work, according to today’s
security notice.

Today’s batch of security bulletins follows 12 security
notices
the company released last month.

That group of patches included fixes
for Windows and Microsoft applications, including Windows Media
Player, Internet Explorer and Microsoft Outlook.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web