OSNews also notes Microsoft Patches Seven Vulnerabilities. “Microsoft alerted us this time about seven vulnerabilities of which five were rated critical and two important. There are vulnerabilities in the Server service, the DHCP Client service, Excel and Office that could allow remote code execution.”
Seven patches, 5 Critical with Remote Code Execution possibilities, 2 Important, which includes Remote Code Execution within IIS. Bulletins MS06-033 through MS06-039 issued on the 28th week of the year. It looks like this kind of velocity, more than one per week, has been steady at Microsoft for nearly three years now. I would have expected the more secure IIS6 and Windows Server 2003 to stem the flow a bit. But these product continue to be listed in the affected systems list. Hmm.
MS06-033: Vulnerability in ASP.NET Could Allow Information Disclosure (917283)
MS06-034: Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)
MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159)
MS06-036: Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)
MS06-037: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)
MS06-038: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
MS06-039: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)
Security is not a feature, it's a process. Patch now to avoid more problems later.