Posted by Virus Bulletin on Sep 13, 2006
MS patches previous patches, but not Word exploit.
Microsoft's monthly 'Patch Tuesday' release of security fixes has been relatively quiet, with only three new bugs repaired, in addition to re-released patches to replace defective ones issued last month. However, the recently exploited MS Word 2000 vulnerability is not fixed by the release, and users will presumably have to wait another month before this hole is covered.
The MS06-040 problem, which has been causing scares for several weeks, is repatched by this release, along with MS06-042, which covers a buffer overflow in several versions of Internet Explorer. The new patches fix problems with MS Publisher and PGM which could open the way for remote code execution, and an issue with the indexing service which could allow cross-site scripting.
Further details on the fixes are available at the Microsoft TechNet site. The Word issue is so far only covered by this advisory.
Also released yesterday, this bulletin from Adobe, reporting a serious vulnerability in their Flash software, which could allow malicious websites to hijack machines browsing to them.
Posted on 13 September 2006 by Virus Bulletin
