Microsoft’s much-awaited December patch has been released. The package includes 11 security patches in total, including a cumulative Internet Explorer bulletin and an update meant to fix a flaw in the Windows Media file format.
These fixes include three critical patches that address remote execution vulnerabilities in Internet Explorer, Visual Studio 2005 and Windows Media Player.
MS06-078 fixes a flaw in windows multimedia player. The problem was unexpected behavior of the media player when subjected to fast forward and rewind. The reason behind was infected Advanced Systems Format (ASF) files and Advanced Stream Redirector (ASX) files which were hindered by the attackers and auto-opened when viewed in a Web browser. eEye Digital Security recommended the users to configure Windows Media Player not to automatically open ASX files.
MS06-072 fixes the flaws for Internet Explorer and has made improvements in Pop-up Blocker. The third critical patch is MS06-073 that fixed a remote code execution flaw in an ActiveX control used in Visual Studio 2005.
All the three patches provided updates for the application, which could be easily exploited by a rigged Web page.
Other patches in the package have updates for certain other applications like Simple Network Management Protocol (SNMP), Remote Installation Service (RIS) and Outlook Express.
Via: CRN
