And the file format
vulnerabilities keep on coming! If the 2006 Microsoft security bulletins have
had a theme, that theme has been file format vulnerabilities in media formats
and Office documents. We kicked off 2006 with an out of cycle patch for the famed
WMF
vulnerability and during the past few months we’ve been inundated with
patches for Excel, Word and PowerPoint among others.
This month’s bulletins included a
handful of patches for public vulnerabilities for which Microsoft had already
released security advisories. The following security advisories received
patches:
These follow the out of cycle
patch in Vector Markup Language, which was released on September 26, 2006 in MS06-055.
I hope that you were able to get
a good break last month when Microsoft had an uncharacteristically light month
with three security bulletins because it’s now time to get back to work. The
October edition of Microsoft Black Tuesday greeted us with a total of 26
vulnerabilities in ten bulletins with 15 of the bulletins receiving a critical
severity ranking.
It looks like there were a few
hiccups with this month’s release. First off, the advance
notification suggested that we would see eleven vulnerabilities, yet, we
only saw ten. It isn’t clear if two bulletins were combined into one or if
one was pulled at the last minute. Also,
in the MSRC
blog posting, Craig Gehre admitting to some networking issues that lead to
automatic updates not being pushed out at the same time that the security
bulletins were posted. No specifics were provided for either issue other that
an acknowledgement that Microsoft is aware of the networking issues and is
working to resolve them before the next release. Fortunately, the patches were
available for a manual download once the bulletins were made available.
Below is a cheat sheet for all
26 vulnerabilities.
Enjoy!
- michael
Posted
10-10-2006 8:33 PM
by
erik.peterson