Skip navigation

3 Microsoft Security Bulletins for September 2006

Microsoft released three new Security Bulletins and re-released two existing updates. One of the new bulletins is rated as critical.

MS06-052: Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution

This vulnerability relates to invalid memory access in Windows XP's implementation of the Pragmatic General Multicast (PGM) protocol. The vulnerability could allow an attacker to send specially designed multicast messages to affected systems thereby enabling the execution of malicious code.

Applies to: Windows XP SP1 and SP2.

Recommendation: Unless you use PGM or have the Microsoft Message Queuing (MSMQ) service installed, this update isn't urgent.

MS06-053: Vulnerability in Indexing Service Could Allow Cross-Site Scripting

This bulletin replaces Security Bulletin MS05-003. It fixes a vulnerability in the Indexing Service related to query validation that could be exploited to allow an attacker to run a client-side script on behalf of a user.

Applies to: Windows Server 2003 (x32, x64, and Itanium) and SP1, Windows XP (x32 and x64) SP1 and SP2, and Windows 2000 SP4

Recommendation: Test and install as a part of your regular patch managment cycle.

MS06-054: Vulnerability in Microsoft Publisher Could Allow Remote Code Execution

This remote code execution vulnerability relates to Publisher. This vulnerability could be exploited when Publisher parses a file with a malformed string.

Applies to: Office 2003 SP1 and SP2, Office XP SP3, and Office 2000 SP3

Recommendation: Users of Publisher should test and deploy this patch immediately. This update is less important for organizations that don't use Publisher.

The following updates were re-released:

MS06-040--Vulnerability in Server Service Could Allow Remote Code Execution

A buffer overrun vulnerability in the Server service allows for complete control of an affected system.

Applies to: Windows 2003 and SP1, Windows XP SP1 and SP2, and Windows 2000 SP4

Recommendation: Test the patch and install it immediately.

MS06-042--Cumulative Security Update for Internet Explorer

This update addresses a significant number of vulnerabilities in Internet Explorer (IE). If a user running IE with administrative privileges visits a Web site that uses one of the exploits patched by this update, his or her system could be completely compromised. The attacks will be less damaging if the user is running an account with restricted rights.

Applies to: Windows 2003 and SP1, Windows XP SP1 and SP2, and Windows 2000 SP4

Recommendation: Organizations that use IE should test the update and install it immediately. For organizations that use an alternative browser, this update is important but not critical.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.