Microsoft patches three "Critical" flaws

Several apply to older versions of Internet Explorer


13 December 2006 15:15 GMT / By Amber Maitland

It's that time of the month again, time for Microsoft to go about plugging holes in its many software applications.

Yesterday's Patch Tuesday inaugurated seven fixes for 11 vulnerabilities, including a last-minute patch for two zero-day flaws in Windows Media Player. As expected, the updates did not include fixes for the two zero-day flaws found in Microsoft Office last week.

The update also includes a patch for a flawed WMI Object Broker ActiveX control in Visual Studio 2005.

Security analysts have noticed a trend of hackers executing zero-day exploits shortly before Patch Tuesday so that there's no time for Microsoft to include a fix in the patch.

The so-called surprise fix takes care of a problem with the way Media Player handles the ASX file format. Hackers could create “malformed” ASX files that would end up in remote code execution.

Six vulnerabilities in Internet Explorer that were previously undetected in the wild have also been patched. Symantec warns that a bug in script handling could allow for “complete system compromise” at the hands of an attacker.

Overall, three of the patches have been rated Critical, and the rest Important.
Full tags
Software, PC software, Software updates, Microsoft

share print story pdf email story

Recommended articles

Recommended articles from around the web
Loading

Best iPad 2 apps

We detail the best iPad 2 and iPad apps in the app store Which iPad app should you download?

Best new iPad apps

We detail the best iPad apps in the app store for your new Retina Display Which iPad app should you download?

Windows 8

First Look: Windows 8 Consumer Preview reviewed

The new iPad

The new iPad: Everything you need to know

Pocket-lint poll

Q. Does the Samsung Galaxy S III deliver what you hoped for?

Vote YES Vote NO

» LAST TIME
When asked Would you switch from iOS to Android? 54% said yes and 46% said no