Microsoft releases 13 security patches, eight critical
Microsoft delivered 13 security bulletins Tuesday, the most it's delivered in a monthly update in more than a year.
Eight updates are considered critical, addressing issues in Windows, Internet Explorer, Exchange, Media Player, PowerPoint and Word.
It's the largest number of updates Microsoft has released since February 2005, when it
released 12 security bulletins
, eight of which were also rated critical.
Summarizing the patches
This month's critical update includes:
MS06-021 a cumulative update for Internet Explorer resolving several issues that could enable remote code execution. Most notably, it implements a permanent change in ActiveX behavior, effectively terminating support for a temporary compatibility patch released along with Microsoft Security Bulletin MS06-013. The temporary patch fixed the widely publicized createTextRange exploit.
It also addresses a number of memory-corruption vulnerabilities, an information disclosure flaw that can misinterpret a certain type of specially crafted document as a cascading style sheet, and two spoofing vulnerabilities that could enable an attacker to display spoofed content in an end-user's browser window.
MS06-022 addresses a critical remote code execution vulnerability in Windows and Internet Explorer involving the display of .art files. These are image files used by America Online's client software. If an end-user visited a Web site or viewed an e-mail message containing a specially crafted .art image, it could enable an attacker to take control of the user's system. Various editions of Windows 98, Millennium Edition (Me), Server 2003 and XP are affected.
MS06-023 mitigates a critical remote code execution vulnerability in JScript affecting Windows 98, Me, 2000, XP and Server 2003. "An attacker could exploit the vulnerability by constructing specially crafted JScript that could potentially allow remote code execution if a user visited a Web site or viewed a specially crafted e-mail message," Microsoft said in its bulletin. "An attacker who successfully exploited this vulnerability could take complete control of an affected system."
MS06-024 patches a critical remote code execution hole in Windows Media Player versions 9 and 10 involving how the program processes Portable Network Graphics (.png) images. Specially crafted Media Player content, when opened by an end-user, could enable an attacker to take control of a vulnerable system.
MS06-025 addresses a pair of critical remote code-execution flaws affecting versions of Windows 2000, XP and Server 2003. Vulnerabilities in the Routing and Remote Access Service could enable someone with malicious intent to take control of an affected system.
MS06-026 resolves a remote code execution vulnerability in the Windows GDI Graphics Rendering Engine that makes it prone to a heap overflow vulnerability, enabling a hacker to take complete control of affected Windows 98 and Windows Me systems. Microsoft said in its advisory that an attacker could exploit the vulnerability by constructing a specially crafted .emf or .wmf image that could potentially allow remote code execution if a user visited a malicious Web site or opened a specially crafted attachment in email.
Sunnyvale, Calif.-based Symantec Corp.'s DeepSight Threat Management System Tuesday issued a bulletin about the flaw, giving it a severity rating of 9.4 and an urgency rating of 7.8. Symantec said there are no known exploits for the issue.
The bulletin is not directly related to the Windows Meta File (WMF) glitch that has been the target of numerous exploits this year. Microsoft released a much-anticipated, out-of-cycle patch for that issue in January.
MS06-027 features a fix for the widely publicized zero-day vulnerability in Word. The vendor's word-processing program is subject to what Microsoft calls a critical malformed object pointer execution flaw that could enable remote code execution via a specially crafted Word file. Microsoft said attackers could gain full system privileges from systems whose users are logged on with full administrator privileges.
Affected versions include Word, 2000, 2002 and 2003, plus Microsoft Works Suite versions 2000 through 2006. Microsoft Word versions for Mac are not at risk.
The final critical update, MS06-028, offers a remedy for a remote code-execution flaw in PowerPoint. Using a malformed record, an attacker could exploit the vulnerability to take control of an affected system using a specially crafted PowerPoint file. Microsoft said attackers could gain full system privileges from systems whose users are logged on with full administrator privileges.
This month Microsoft also issued three updated rated important. Those include:
MS06-029, a script injection vulnerability in Microsoft Exchange running Outlook Web Access.
MS06-030, which covers privlege escalation and denial-of-service vulnerabilities in Windows Server Message Block. The issues could enable an attacker to take control of an affected system or cause it to stop running, respectively.
MS06-031, a Windows TCP/IP remote code-execution vulnerability. In some instances this update replaces updates issued in prior security bulletins.
The final bulletin, MS06-032, addresses a "moderate" Windows mutual authentication flaw in RPC. Windows 2000 SP4 is the only OS affected.
Additionally, the SANS Internet Storm Center noted that Microsoft re-released MS06-011, which addressed a privilege escalation vulnerability in certain versions of Windows. SANS said the new patch adds a number of tweaks.
"Microsoft updated this bulletin and the associated security updates to include updated registry key values for the NetBT, RemoteAccess, and TCPIP services," Microsoft said in its advisory. "These values have been modified to be the same as Windows XP Service Pack 2 on Windows XP Service Pack 1 systems, and the same as Windows 2003 Service Pack 1 on Windows 2003 systems with no service pack applied."