Microsoft Patches 23 Vulnerabilities

from internetnews.com

Microsoft released 12 patches aimed at resolving multiple security risks discovered in its operating system and popular Office suite.

Nine of the 12 security updates were deemed “critical,” affecting various Windows components, as well as two Office applications previously known to be vulnerable.

The remaining three patches involved “important” security issues, such as remote code execution or elevated user privileges.

Several critical patches revisited flaws previously discovered in applications, such as PowerPoint, Outlook Express and Internet Explorer.

Another patch addressed flaws in a core Windows component already exploited in the “wild,” according to a security researcher.

Steve Mansuik, research manager of eEye Digital Security, called MS06-40 important because the flaw in the Windows Services could allow attackers to take control of systems running Windows XP, Windows Server 2003 and Windows 2000.

Internet Explorer was the subject of a cumulative update answering eight critical flaws affecting IE 5.01 and IE 6 for Windows XP, Windows 2003 and Windows 2000.

MS06-42 replaces the MS06-021 security bulletin issued April 11.

The new patch re-enables ActiveX control handling disabled by the previous security bulletin.

A fix for a previously reported PowerPoint vulnerability was also part of the dozen patches released today.

Today’s patch, MS06-048, replaces MS06-38, a security bulletin released in July.

The new patch is of critical importance for PowerPoint 2000 users, as well as for XP and 2003 PowerPoint systems.

A flaw in Outlook Express 6 for XP Pro and XP Service Pack 2, as well as Server 2003, could allow a remote attacker to run malicious code.

MS06-043 critical patch resolves the problem, according to the software maker.

Rounding out Microsoft’s “Patch Tuesday” event were two security updates ranked “important” for Windows users.