Microsoft shipped its monthly security updates, and these are not superficial patches, but deep fixes, likely with ramifications for everyone using these products. Anticipate serious perturbations to your systems if you are depending on the behavior of these applications as part of your customer solutions. Microsoft ships patched code it classifies as “Critical” for:
MS06-021 – Cumulative Security Update for Internet Explorer (916281): this is supposed to include patches addressing the ActiveX behaviors in the Eolas suit. This is a good time to abandon ActiveX controls and IE if you are still supporting them.
MS06-022 – Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)
MS06-023 – Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344): JScript? Are they still making that?
MS06-024 – Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)
MS06-025 – Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)
MS06-026 – Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (918547)
MS06-027 – Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)
MS06-028 – Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)
“Important,” perhaps less critical patches include:
MS06-029 – Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)
MS06-030 – Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)
MS06-032 – Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)
One “Moderate” patch rounds out the bunch:
MS06-031 – Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736
In addition, MS06-011 Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798) has been re-released as version 2.0 with new patching information.
It's the 24th week of the year, and Microsoft is up to 31 patches.