UPDATED: Software giant Microsoft released three security
bulletins, one of which is aimed at correcting a critical flaw in Microsoft
Publisher 2000.
The critical patch, MS06-054, cures a security risk posed by a malformed Publisher file.
If a user is logged in with administrative rights, attackers could take control of a system, deleting or changing data, according to Microsoft.
A second patch, deemed “important,” is aimed at Windows XP users. Security bulletin MS06-52 is meant to solve a denial-of-service vulnerability in the Windows Reliable Multicast Program (PGM) component of the operating system.
Although not installed by default, the PGM flaw could enable attackers to
wrest control of a system by sending a malformed message, according
to Microsoft.
The final patch is rated “moderate,” meaning Windows XP, Windows 2000
and Windows Server 2003 users should consider applying it.
Security Bulletin MS06-053 fixes a vulnerability in
the indexing service that could allow cross-site scripting.
The flaw could allow an attacker to gain access to information that later
could be used to compromise a system.
The index service lies at the core of Windows systems, indexing the
contents of IIS Web servers, as well as filesystems.
The patch replaces MS05-003, first released by Microsoft on January 11, 2005.
Microsoft also re-released two critical patches.
MS06-040, first
introduced on Aug. 8, fixes a buffer over-run vulnerability in Windows.
MS06-042 is a cumulative patch addressing 10 flaws in Internet Explorer 5.01 and Internet Explorer 6.
Some believed this month’s Office patch might address a flaw in Word 2000, which Microsoft earlier this month said it was
investigating.
The zero-day flaw could allow attackers to corrupt
system memory and execute arbitrary code by opening a malicious Word
file or visiting a special Web site.
The patches could come as welcome relief to Windows users who
had become accustomed to applying half-a-dozen or more security fixes
each month.
Last month, Microsoft unveiled a dozen patches, nine deemed of “critical” importance.