MS patches previous patches, but not Word exploit.
Microsoft
‘s monthly ‘Patch Tuesday’ release of security fixes has been relatively quiet, with only three new bugs repaired, in addition to re-released patches to replace defective ones issued last month. However, the
recently exploited
MS Word 2000
vulnerability is not fixed by the release, and users will presumably have to wait another month before this hole is covered.
The
MS06-040 problem
, which has been causing scares for several weeks, is repatched by this release, along with MS06-042, which covers a buffer overflow in several versions of
Internet Explorer
. The new patches fix problems with
MS Publisher
and
PGM
which could open the way for remote code execution, and an issue with the indexing service which could allow cross-site scripting.
Further details on the fixes are available at the
Microsoft TechNet
site
. The
Word
issue is so far only covered by
this advisory
.
Also released yesterday,
this bulletin
from
Adobe
, reporting a serious vulnerability in their
Flash
software, which could allow malicious websites to hijack machines browsing to them.
Posted on 13 September 2006 by
Virus Bulletin
Leave a Reply