UPDATED: Microsoft Patches 3 Flaws, Zero-Day Still Open
- By Becky Nagel
- September 11, 2006
As expected, Microsoft released three patches today to fix one critical Office vulnerability as well as two Windows flaws.
The critical patch (MS06-054) addresses a hole in Microsoft Publisher that "could allow remote code execution" -- a common issue with patches Microsoft deems critical. There do appear to be issues with installing this patch; more information is available in the references links on this page of Microsoft's Web site.
The two Windows-related patches are rated important (MS06-052) and moderate (MS06-053), and address flaws with Reliable Multicast Program and indexing services, respectively. See the related links for more information.
Redmond also re-released two patches (MS06-040, MS06-042) originally included in last month's "Patch Tuesday" -- the company issued updates in late August to fix problems with the patches.
Noticeably absent from today's offerings was a patch that would fix the current zero-day Word exploit. Microsoft said in the Security Advisory it issued for the flaw last week that it was considering an out-of-cycle patch for that issue.
"It was too soon to pull together because [Microsoft] acknowledged it on the sixth...but at the same time, it is zero-day so it should be a big priority," commented Amol Sarwate, director of the vulnerability research lab at Redwood Shores, Calif.-based Qualys, a provider of enterprise Software as a Service (SaaS) security and compliance software.
Sarwate recommends IT professionals educate their users about the flaw until the patch is released.
To view today's official advisory, go here.