Microsoft patched up 18 flaws with their latest update released yesterday.
From the seven security bulletins released, five of them were considered critical and the other two important.
The big problem that was addressed with this patch is about a flaw component that could be used to spread a worm. The Windows component responsible for this flaw is called “mailslot” and by sending a specially crafted network packet, an intruder could use the hole to remotely commandeer a vulnerable computer, without user interaction. The flaw affects Windows 2000, Windows XP and Windows Server 2003, Microsoft said in security bulletin MS06-035.
A “mailslot” is a temporary mechanism utilized by applications and operating system processes to facilitate unidirectional data transfer on Windows systems.
“This vulnerability is the only worm candidate among the patched vulnerabilities today,” Monty IJzerman, senior manager at McAfee Avert Labs said in a statement. Systems running Windows XP with Service Pack 2 and Windows Server 2003 with Service Pack 1 are at a lesser risk to this flaw because the operating systems do not have services listening on mailslots by default, according to Microsoft.
An error in the Windows Dynamic Host Configuration Protocol, or DHCP, client on the same systems similarly opens the door to a remote attack via a malicious network packet. However, an attacker has to be on the same subnetwork as the intended target, Microsoft said in bulletin MS06-036.
“Remotely exploitable vulnerabilities can pose a serious threat to organizations because they do not require user interaction and can be attacked from across the Internet,” Dave Cole, director of Symantec Security Response, said in a statement.
Regarding Office, it seems that no more than 13 flaws were patched . These flaws could be exploited by crafting a malicious Office document. They could give complete control over a vulnerable system if the document is opened. If you have Office 2000 then you have bigger chances to be affected without even knowing because that version Office does not display an extra warning when it opens files from the Outlook e-mail client.
As for the “important” ones, the one addressed in MS06-034 solves a problem with Web servers that allow users to upload new content and the other (MS06-033) could allow an attacker to view the contents of the applications folder on a Web server.
There’s not much but when will all these patches will stop? Until when will Microsoft patch its bugged software?
All I can tell you is to use automatic updates and get your computer to date. Let’s hope that Microsoft won’t screw it this time as last time when they managed to damage more than to solve the problems.