Six of the patches - at least one deemed critical by Microsoft - affect Windows users, while four address vulnerabilities in Office, one of them critically important. Another security bulletin targets a moderate security risk in Microsoft's .NET (define) framework.
Although the advance notification includes no details on what vulnerabilities the patches intend to fix, Microsoft has said at least one patch will answer a Windows flaw exploited by malicious hackers.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=iMonday Microsoft it would include a security update in response to proof-of-concept code able to exploit a flaw in the WebViewFolderIcon Active X control. The vulnerability cold enable malicious hackers to gain control of unpatched Windows 2000, Windows XP and Windows Server 2003 systems.
Office users could find the solution to a security headache discovered in September. That problem focused on a PowerPoint vulnerability that opened the door to Trojan attacks. While the exploit was rated a limited risk by security vendors, the exploit included email which created a backdoor for hackers to steal private information.
Microsoft responded by suggesting PowerPoint users employ PowerPoint Viewer 2003.
While the software maker issued an out-of-cycle patch to stem the tide of Web sites using a VML exploit, some security groups unwilling to wait for Oct. 10 released a string of third-party patches to fill the gap.
The VML exploit prompted the creation of the Zeroday Emergency Response Team (ZERT), a group of experienced security researchers. ZERT issued a fix for the VML vulnerability, as well as the WebViewFolderIcon issue.
But ZERT was not alone in offering Windows users an alternative source for security patches.