News
UPDATED: Microsoft Patches 3 Flaws, Zero-Day Still Open
- By Becky Nagel
- September 11, 2006
As expected, Microsoft released three patches today to fix one critical Office vulnerability as well as two Windows flaws.
The critical patch (MS06-054) addresses a hole in Microsoft Publisher that "could allow remote code execution" -- a common issue with patches Microsoft deems critical. There do appear to be issues with installing this patch; more information is available in the references links on this page of Microsoft's Web site.
The two Windows-related patches are rated important (MS06-052) and moderate (MS06-053), and address flaws with Reliable Multicast Program and indexing services, respectively. See the related links for more information.
Redmond also re-released two patches (MS06-040, MS06-042) originally included in last month's "Patch Tuesday" -- the company issued updates in late August to fix problems with the patches.
Noticeably absent from today's offerings was a patch that would fix the current zero-day Word exploit. Microsoft said in the Security Advisory it issued for the flaw last week that it was considering an out-of-cycle patch for that issue.
"It was too soon to pull together because [Microsoft] acknowledged it on the sixth...but at the same time, it is zero-day so it should be a big priority," commented Amol Sarwate, director of the vulnerability research lab at Redwood Shores, Calif.-based Qualys, a provider of enterprise Software as a Service (SaaS) security and compliance software.
Sarwate recommends IT professionals educate their users about the flaw until the patch is released.
To view today's official advisory, go here.
About the Author
Becky Nagel serves as vice president of AI for 1105 Media specializing in developing media, events and training for companies around AI and generative AI technology. She also regularly writes and reports on AI news, and is the founding editor of PureAI.com. She's the author of "ChatGPT Prompt 101 Guide for Business Users" and other popular AI resources with a real-world business perspective. She regularly speaks, writes and develops content around AI, generative AI and other business tech. She has a background in Web technology and B2B enterprise technology journalism.