News
Microsoft Releases 8 'Critical' Security Patches
The Redmond software giant released 12 patches -- eight of which are deemed "critical" -- as part of its regularly scheduled monthly security update.
Microsoft Corp. released 12 patches -- eight of which are deemed "critical" -- as part of its regularly scheduled monthly security update.
Three of the critical patches relate to vulnerabilities in Internet Explorer, while others deal with the Windows operating system, Windows Media Player, Word and PowerPoint flaws. All of the critical patches fix problems that "could allow remote code execution," as the company likes to say.
The critical patches are:
- MS06-021, Cumulative Security Update for Internet Explorer: Resolves several vulnerabilities in Internet Explorer that could allow remote code execution, four of which are rated "critical" for IE 6 for Windows XP SP 2 (multiple CVEs). The company recommends reading this Knowledge Base article for known issues with this patch.
- MS06-022, Vulnerability in ART Image Rendering Could Allow Remote Code Execution: This update resolves a vulnerability that could allow remote code execution when using Internet Explorer (CVE-2006-2378).
- MS06-023, Vulnerability in Microsoft JScript Could Allow Remote Code Execution: Resolves a vulnerability in JScript that could allow remote code execution when using Internet Explorer (CVE-2006-1313). Update should be installed at the same time as MS06-021 above to be effective.
- MS06-024, Vulnerability in Windows Media Player Could Allow Remote Code Execution: Deals with Windows Media Player PNG vulnerability CVE-2006-0025.
- MS06-025, Vulnerability in Routing and Remote Access Could Allow Remote Code Execution: Fixes Windows vulnerabilities dealing with RRAS memory corruption and RASMAN registry corruption (multiple CVEs).
- MS06-026, Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution: Fixes a graphics rendering vulnerability relating to the way Windows handles Windows MetaFile (WMF) graphics (CVE-2006-2376). Microsoft recommends reading this KB article for known issues relating to this patch, although the article does not address those issues at press time.
- MS06-027, Vulnerability in Microsoft Word Could Allow Remote Code Execution: Fixes a flaw related to a Word malformed object pointer vulnerability (CVE-2006-2492).
- MS06-028, Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution: Fixes a flaw in PowerPoint that could allow hackers to exploit administrator log-ins (CVE-2006-0022). Critical rating applies to PowerPoint 2000 only -- rated "important" for other versions.
There are also three patches rated "important" and one "moderate." They are:
- MS06-029, Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection: Fixes a script injection vulnerability that exists in Exchange Server running Outlook Web Access in which an attacker could exploit via a crafted e-mail message (CVE-2006-1193). Microsoft recommends reading this KB article before installing for known issues with this patch.
- MS06-030, Vulnerability in Server Message Block Could Allow Elevation of Privilege: This update resolves several vulnerabilities in Windows that require the attacker to validate logon credentials and be able to log on locally to exploit (multiple CVEs).
- MS06-032, Vulnerability in TCP/IP Could Allow Remote Code Execution: Fixes an IP source route vulnerability (CVE-2006-2379). Microsoft recommends reviewing this KB article for known issues with this patch.
- MS06-031, Vulnerability in RPC Mutual Authentication Could Allow Spoofing: This moderate-rated vulnerability fixes an issue with the RPC service that could enable an attacker to spoof trusted network resource (CVE-2006-2380).
For more information on all these patches, view the Microsoft Security Bulletin Summary for June 2006 found here.
About the Author
Becky Nagel is vice president of AI for 1105 Media, where she specializes in training internal and external customers on maximizing their business potential via a wide variety of generative AI technologies as well as developing cutting-edge AI content and events. She's the author of "ChatGPT Prompt 101 Guide for Business Uses," regularly leads research studies on generative AI business usage, and serves as the director of AI Boardroom, a new resource for C-level executives looking to excel in the AI era. Prior to her current position she was a technical leader for 1105 Media's Web, advertising and production teams as well as editorial director for a suite of enterprise technology publications, including serving as founding editor of PureAI.com. She has 20 years of enterprise technology journalism experience, and regularly speaks and writes about generative AI, AI, edge computing and other cutting-edge technologies. She can be reached at [email protected].