Microsoft Plugs 'Critical' Office Security Leak - WinPlanet Windows Software Reviews

You are in the: Small Business Computing Channel

ť ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet

Power Search | Tips

In-Depth Reviews

Tips & Tutorials

Browsers

Chat / Conferencing

Desktop Utilities

Development

Internet Apps

Multimedia

OS Service Packs

Productivity Tools

Enter a keyword

Newsletters offering Windows news, articles, tips and reviews.

Partners & Affiliates

Small Business Computing

Ecommerce Guide

Webopedia

WinPlanet

WinPlanet / News

Download of the day

• McAfee Total Protection

Most Popular Software Downloads

• Mozilla Firefox

• Microsoft Office 2010

• QuickTime for Windows

• Adobe Reader

• Mozilla Thunderbird

• Winamp

• Microsoft Office 2007 Service Pack

• Google Earth

• Adobe Flash Player

• Windows Vista Service Pack 2 (Vista SP2)

• CCleaner (Crap Cleaner)

Most Popular Software Articles

• Windows Vista Tips: Home Networking Setup Tutorial

• 10 Must-Have Apps: The Free Windows Networking Toolkit

• How to Make Your Internet Connection Faster, Better

Software Reviews

Microsoft Plugs 'Critical' Office Security Leak
September's Patch Tuesday Delivers Three Patches
Ed Sutherland

Software giant Microsoft (Quote, Chart) has released three security bulletins, one of which is aimed at correcting a critical flaw in Microsoft Publisher 2000.

The critical patch, MS06-054, cures a security risk posed by a malformed Publisher file.

If a user is logged in with administrative rights, attackers could take control of a system, deleting or changing data, according to Microsoft

A second patch, deemed "important," is aimed at Windows XP users. Security bulletin MS06-52 is meant to solve a denial-of-service vulnerability in the Windows Reliable Multicast Program (PGM) component of the operating system.

Although not installed by default, the PGM flaw could enable attackers to wrest control of a system by sending a malformed message, according to Microsoft.

The final patch is rated "moderate," meaning Windows XP, Windows 2000 and Windows Server 2003 users should consider applying it.

Security Bulletin MS06-053 fixes a vulnerability in the indexing service that could allow cross-site scripting.

The flaw could allow an attacker to gain access to information that later could be used to compromise a system.

The index service lies at the core of Windows systems, indexing the contents of IIS Web servers, as well as filesystems.

The patch replaces MS05-003, first released by Microsoft on January 11, 2005.

Microsoft also re-released two critical patches.

MS06-040, first introduced on Aug. 8, fixes a buffer over-run vulnerability in Windows.

MS06-042 is a cumulative patch addressing 10 flaws in Internet Explorer 5.01 and Internet Explorer 6.

Some believed this month's Office patch might address a flaw in Word 2000, which Microsoft earlier this month said it was investigating.

The zero-day flaw could allow attackers to corrupt system memory and execute arbitrary code by opening a malicious Word file or visiting a special Web site.

The patches could come as welcome relief to Windows users who had become accustomed to applying half-a-dozen or more security fixes each month.

Last month, Microsoft unveiled a dozen patches, nine deemed of "critical" importance.

News courtesy of internetnews.com

September 12, 2006

Download Microsoft Windows Malicious Software Removal Tool Now!

Download Internet Explorer Security Patches Now!

View All Microsoft Service & Security Releases

Contents:
1. September's Patch Tuesday Delivers Three Patches

The Network for Technology Professionals

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Whitepapers and eBooks

Microsoft Personalized Whitepapers and Resources for You
Article: Why Migrating from MySQL to SQL Server 2008 Makes Sense
Articles: Build a More Agile Business with IBM
Articles: IBM Offers Enhanced Measurement and Management for Energy Usage
Microsoft Article: Windows 7 Features Your Clients Will Need on Day One

Articles: IBM Helps Transformation to an Information-Based Enterprise
Microsoft Articles: Visual Studio 2010
Adobe Article: Java Developers Finding a Home at Adobe Flex
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Webcast: Connecting PHP to Microsoft Technologies
Video: Windows Azure Debugging Tips

MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Ready. Set. Windows 7.
HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us
Microsoft Free Trials: Windows Server 2008 R2, Exchange Server 2010 and Windows 7
Get the Windows 7 SDK

Free Trial: Red Gate SQL Backup Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Learn Unified Communications
BlackBerry Application Development Resources
Learn SQL Server 2008
Learn Windows Server 2008 R2
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products

Learn Forefront
Learn System Center
All About Botnets
Learn SharePoint
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES