News

UPDATED: Microsoft Patches 3 Flaws, Zero-Day Still Open

As expected, Microsoft released three patches today to fix one critical Office vulnerability as well as two Windows flaws.

The critical patch (MS06-054) addresses a hole in Microsoft Publisher that "could allow remote code execution" -- a common issue with patches Microsoft deems critical. There do appear to be issues with installing this patch; more information is available in the references links on this page of Microsoft's Web site.

The two Windows-related patches are rated important (MS06-052) and moderate (MS06-053), and address flaws with Reliable Multicast Program and indexing services, respectively. See the related links for more information.

Redmond also re-released two patches (MS06-040, MS06-042) originally included in last month's "Patch Tuesday" -- the company issued updates in late August to fix problems with the patches.

Noticeably absent from today's offerings was a patch that would fix the current zero-day Word exploit. Microsoft said in the Security Advisory it issued for the flaw last week that it was considering an out-of-cycle patch for that issue.

"It was too soon to pull together because [Microsoft] acknowledged it on the sixth...but at the same time, it is zero-day so it should be a big priority," commented Amol Sarwate, director of the vulnerability research lab at Redwood Shores, Calif.-based Qualys, a provider of enterprise Software as a Service (SaaS) security and compliance software.

Sarwate recommends IT professionals educate their users about the flaw until the patch is released.

To view today's official advisory, go here.

About the Author

Becky Nagel is the vice president of Web & Digital Strategy for 1105's Converge360 Group, where she oversees the front-end Web team and deals with all aspects of digital strategy. She also serves as executive editor of the group's media Web sites, and you'll even find her byline on PureAI.com, the group's newest site for enterprise developers working with AI. She recently gave a talk at a leading technical publishers conference about how changes in Web technology may impact publishers' bottom lines. Follow her on twitter @beckynagel.

Featured

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • After High-Profile Attacks, Biden Calls for Better Software Security

    Recent high-profile security attacks have prompted the Biden administration to issue an executive order aiming to tighten software security practices across the board.

  • With Hybrid Networks on Rise, Microsoft Touts Zero Trust Security

    Hybrid networks, which combine use of cloud services with on-premises software, require a "zero trust" security approach, Microsoft said this week.

  • Feds Advise Orgs on How To Block Ransomware Amid Colonial Pipeline Attack

    A recent ransomware attack on a U.S. fuel pipeline company has put a spotlight on how "critical infrastructure" organizations can prevent similar attacks.