Microsoft Patches 7 Bugs; Exploits Expected Soon

Microsoft issues security bulletins that patched seven vulnerabilities, including two tagged "critical," in Windows, Internet Explorer, Media Player, and PowerPoint.
Like MS06-005, Microsoft's MS06-006 bulletin also dealt with Windows Media Player, but concerned the plug-in version used by non-Microsoft browsers. Firefox and Netscape, for instance (but not Opera), can be attacked using this vulnerability, said iDefense, the Reston, Va.-based security firm that discovered the bug and reported it to Microsoft in August 2005.

If patching wasn't possible, iDefense recommended that users assign media file extensions to a player other than Microsoft's.

The other four bulletins rolled out by Microsoft Tuesday -- MS06-007, MS06-008, MS06-009, and MS06-010 -- were all rated as "Important," and covered everything from Windows' Internet Group Management Protocol (IGMP) and its Web Client service to a Korean language pack and PowerPoint 2000, the presentation maker included with Office 2000.

"What I think is really interesting about this month's batch is the diversity of the vulnerabilities," said nCircle's Murray. "A year ago, all we would have seen would have been the regular IE patch, maybe one for Media Player or another for a server product. But this month, there's a Korean language fix, one for Web Client, and another for PowerPoint.

"It's a really diverse month.

"What this shows is that Microsoft has done a good job over the last couple of years, at least concerning the main stuff. That's forcing people to look farther and wider for vulnerabilities. Researchers have to go to new lengths to find interesting vulnerabilities."