Microsoft Plugs 'Critical' Office Security Leak | Internet News
Security
SHARE
Facebook X Pinterest WhatsApp

Microsoft Plugs ‘Critical’ Office Security Leak

Written By
Ed Sutherland
Ed Sutherland
Sep 12, 2006
2 minute read

UPDATED: Software giant Microsoft released three security
bulletins, one of which is aimed at correcting a critical flaw in Microsoft
Publisher 2000.

The critical patch, MS06-054, cures a security risk posed by a malformed Publisher file.

If a user is logged in with administrative rights, attackers could take control of a system, deleting or changing data, according to Microsoft.

A second patch, deemed “important,” is aimed at Windows XP users. Security bulletin MS06-52 is meant to solve a denial-of-service vulnerability in the Windows Reliable Multicast Program (PGM) component of the operating system.

Although not installed by default, the PGM flaw could enable attackers to
wrest control of a system by sending a malformed message, according
to Microsoft.

The final patch is rated “moderate,” meaning Windows XP, Windows 2000
and Windows Server 2003 users should consider applying it.

Security Bulletin MS06-053 fixes a vulnerability in
the indexing service that could allow cross-site scripting.

The flaw could allow an attacker to gain access to information that later
could be used to compromise a system.

The index service lies at the core of Windows systems, indexing the
contents of IIS Web servers, as well as filesystems.

The patch replaces MS05-003, first released by Microsoft on January 11, 2005.

Microsoft also re-released two critical patches.

MS06-040, first
introduced on Aug. 8, fixes a buffer over-run vulnerability in Windows.

MS06-042 is a cumulative patch addressing 10 flaws in Internet Explorer 5.01 and Internet Explorer 6.

Some believed this month’s Office patch might address a flaw in Word 2000, which Microsoft earlier this month said it was
investigating.

The zero-day flaw could allow attackers to corrupt
system memory and execute arbitrary code by opening a malicious Word
file or visiting a special Web site.

The patches could come as welcome relief to Windows users who
had become accustomed to applying half-a-dozen or more security fixes
each month.

Last month, Microsoft unveiled a dozen patches, nine deemed of “critical” importance.
Ed Sutherland
Internet News Logo

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

facebook
x

Company

Contact us Advertise with us

Categories

News Enterprise Small Business Reviews Podcasts Blog Research

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information