Topic: Microsoft offers fix for 23 security holes

[Clive]

Microsoft has released patches for 23 security holes, 15 of which it has rated critical.

According to security company McAfee, attackers are already exploiting 11 of the vulnerabilities, which affect Outlook, Powerpoint, Internet Explorer and Windows.

Anti-virus company Symantec said it rates the Server Service vulnerability as most critical, followed by the Power Point vulnerabilities.

Kevin Hogan, senior manager, Symantec Security Response, EMEA and JAPAC, said: ?In addition to the PowerPoint vulnerabilities, this month's series of patches includes fixes for issues affecting Internet Explorer, Microsoft Office, PowerPoint, and Outlook Express.

?These vulnerabilities are the primary focus for researchers and attackers alike, and we continue to see an increasing number of content borne threats as a result.

?As desktop applications continue to grow as a target, it is important that users continue to install available updated software patches on all applications regularly.?

Symantec recommends people regularly run Microsoft Update and install the latest security updates, avoid opening unknown or unexpected e-mail attachments or following web links from unknown or unverified sources.

http://update.microsoft.com

[Simon]

I have just received a big update - 9 items in total.  I wonder if this will also solve the shutdown problems?

[Clive]

I'm going to D/L them now.

[Clive]

I haven't experienced any problems with the downloads.  This is what they are:

Bulletin MS06-040: Vulnerability in Server Service Could Allow Remote Code Execution (921883) [Critical]
This update resolves several vulnerabilities in the Server service that could allow remote code execution.


Bulletin MS06-041: Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683) [Critical]
This update resolves several vulnerabilities in the DNS service that could allow remote code execution.


Bulletin MS06-042: Cumulative Security Update for Internet Explorer (918899) [Critical]
This update resolves several vulnerabilities in Internet Explorer that could allow remote code execution.


Bulletin MS06-043: Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214) [Critical]
This update resolves a vulnerability in Outlook Express that could allow remote code execution.


Bulletin MS06-044: Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008) [Critical]
This update resolves a vulnerability in the Microsoft Management Console that could allow remote code execution.


Bulletin MS06-046: Vulnerability in HTML Help Could Allow Remote Code Execution (922616) [Critical]
This update resolves several vulnerabilities in HTML Help that could allow remote code execution.


Bulletin MS06-047: Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645) [Critical]
This update resolves a vulnerability in Visual Basic for Applications that could allow remote code execution. {Require Microsoft Update or alternative source.}


Bulletin MS06-048: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968) [Critical]
This update resolves two vulnerabilities in PowerPoint that could allow remote code execution. {Require Microsoft Update or alternative source.}


Bulletin MS06-051: Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422) [Critical]
This update resolves several vulnerabilities in the Windows kernel that could allow remote code execution.


Bulletin MS06-045: Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398) [Important]
This update resolves a vulnerability in Windows Explorer that could allow remote code execution.


Bulletin MS06-049: Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958) [Important]
This update resolves several vulnerabilities in the Windows kernel that could allow elevation of privilege.


Bulletin MS06-050: Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670) [Important]
This update resolves two vulnerabilities in the hyperlink object library that could allow remote code execution. User interaction is required for an attacker to exploit these vulnerabilities.