I received the “Microsoft Security Bulletin Summary for August, 2006” in my inbox this morning. You'll want to sign up on the Microsoft site if you don't get this email and have responsibility for supporting and protecting Windows machines. You can find the bulletin here.
Nearly all the 12 items were rated critical and resulted in “Remote Code Execution” – in other words, someone else taking over your machine. Every version of Windows – those still supported – Windows 2000 SP4 through Windows Server 2003 – are affected. Individual applications getting patched include all the Office products, VBA-enabled products, and nearly anything with HTML: Internet Explorer, HTML Help, Microsoft Management Console. Get patching!
MS06-040 – Vulnerability in Server Service Could Allow Remote Code Execution (921883)
MS06-041 – Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683)
MS06-042 – Cumulative Security Update for Internet Explorer (918899)
MS06-043 – Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)
MS06-044 – Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008)
MS06-046 – Vulnerability in HTML Help Could Allow Remote Code Execution (922616)
MS06-047 – Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645)
MS06-048 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968)
MS06-051 – Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422)
MS06-045 – Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)
MS06-049 – Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958)
MS06-050 – Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)
We're up to 51 patches on the 32nd week of the year. It's pretty apparent that whatever Trustworthy Computing brings us, it won't be a static thing.