New Microsoft Patches Released

Microsoft has released seven security bulletins for February 2006. Two of them are rated Critical and the rest are rated Important.

MS06-004 is another vulnerability affecting Windows Metafile (WMF) images, which were the subject of a security bulletin last month. MS06-005 is a vulnerability affecting Windows Media Player. Both vulnerabilities allow remote code execution.

MS06-006 is another vulnerability for Windows Media Player, this time for WMP plugin for non- Internet Explorer browsers; this vulnerability allows remote code execution. MS06-007 describes a denial of service vulnerability arising from how Windows handle specially-crafted IGMP packets. MS06-008 is a vulnerability in Windows Web Client service that could allow an attacker to take complete control of a target system. MS06-009 describes a vulnerability that exists in the Windows and Office Korean Input Method Editor that could allow elevation of privileges. MS06-010 discusses how Powerpoint 2000 can disclose information to an attacker.

A summary of these vulnerabilities can be found here. If you are using Microsoft products that are affected by these advisories, please update your software. You can turn on Automatic Updates, or visit the links stated above to download the patches. Take note that some of these vulnerabilities have existing exploits already, so we can never be sure when malware authors will exploit these holes. Good thing there are no zero-day exploit malwares, unlike the WMF brouhaha last month.