If it’s the second Tuesday of the month, it’s patch day for Microsoft (Quote). The company released six fixes yesterday, covering a variety of bugs in Windows and Office that range from important to critical.
Five of the six are considered critical, the most severe ranking Microsoft uses for its bug listings. All of them allow for remote code execution and cover vulnerabilities in Internet Explorer, Microsoft Agent, XML Core Services, the Workstation Service and Adobe’s Flash player.
The important fix addresses a potential remote code execution flaw in the client service for NetWare. Unlike the five critical fixes, this bug does not allow malicious code to take control of the system.
The fixes are required for all Microsoft operating systems, from Windows 2000 Service Pack 4 going forward. The IE vulnerability traces back to IE 5.
In addition to the fixes, this monthly patch updates the Malicious Software Removal Tool to remove the Win32/Brontok, a virus spread via e-mail.
All of the fixes and updates will be pushed out to Windows XP Service Pack 2 users with Automatic Updates turned on. They are also available for manual download by using the Windows Update feature in Windows XP, Windows Server 2003 and 2000.
Also available with this patch is Internet Explorer 7, but if customers don’t wish for it to be automatically downloaded and installed, they are advised to use the blocker Microsoft provides.