Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Microsoft Fixes 23 Flaws, Including Bug With MSBlast Potential

Microsoft on Tuesday published 12 security bulletins for Windows and Office that patched 23 vulnerabilities, 16 of which the Redmond, Wash. developer tagged as "critical." Both the number of bugs disclosed and the tally of critical fixes broke previous records.

Ten of the updates addressed flaws in Windows, while 2 affected Microsoft Office or one of its bundled applications. According to security analysts, several of the bulletins patch vulnerabilities that are already being exploited in the wild, including one used to attack the PowerPoint presentation maker just days after July's security updates were revealed.

Security analysts immediately pegged MS06-040 bulletin as the fix to apply first.

In an alert to customers of its DeepSight threat system, Cupertino, Calif.-based Symantec noted that MS06-040, which fixes a flaw in Windows' Server service, should be patched pronto. "At least one exploit for the issue has already been developed, and as such may be released soon," Symantec stated. "The issues can be exploited by an anonymous user against Windows XP
SP2 to execute arbitrary code, making it a prime candidate for a worm."

Mike Murray, director of research at vulnerability management vendor nCircle, was even more adamant about MS06-040's potential.

  • 1