Despite releasing it last week, MS06-001, the WMF flaw, was also released as one of three Critical, Remote Code Execution possible patches that comprised the January 2006 Microsoft security bulletin. As is typical, the patches seem to affect every supported version from Windows 2000 on up. However, earlier versions of Windows are provided with a link which seems to say “you’re on your own.” Here are the patches:
MS06-001 – Vulnerability in Graphics Rendering Engine Could Allow
Remote Code Execution (912919)
MS06-002 – Vulnerability in Embedded Web Fonts Could Allow Remote
Code Execution (908519)
MS06-003 – Vulnerability in TNEF Decoding in Microsoft Outlook and
Microsoft Exchange Could Allow Remote Code Execution (902412)
So, Microsoft graphics, Microsoft Fonts, Microsoft Office and Microsoft Outlook all have serious flaws. Get patching!
It is the second week of 2006.