Browser Security News

As expected, Microsoft released three security fixes Tuesday for flaws in components of Windows and Office. One security expert recommended IT administrators use the lighter patching load as an opportunity to tighten defenses against ever-increasing zero-day threats.

The only critical update this month is MS06-054, which addresses a remote code execution vulnerability in Microsoft Publisher, part of the Microsoft Office. The flaw surfaces when the program handles malformed PUB files.

"If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft officials said. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

The flaw affects Office 2000 Service Pack 3, Office XP Service Pack 3; Office 2003 Service Pack 1; Office 2003 Service Pack 2; and Microsoft Publisher 2000, 2002 and 2003.

Meanwhile, Microsoft released MS06-052, an "important" update for Pragmatic General Multicast (PGM), a multicast protocol within Windows used to detect, report on and request retransmission of incomplete or lost inbound data. Microsoft fixes Office, Windows flaws