Microsoft releases its Security Bulletins for January 2006
Microsoft has released two critical patches in addition to the emergency patch issued in the last week's early release of Microsoft Security Bulletin Summary for January.
Microsoft Security Bulletin MS06-002 warns of a serious vulnerability in the way Windows handles web fonts, potentially allowing an attacker to gain complete control of an affected system. This vulnerability affects all current versions of Windows.
Microsoft Security Bulletin MS06-003 pertains to a vulnerability that affects Microsoft Outlook and Microsoft Exchange. This vulnerability lies in the handling of e-mail that is encoded in the Microsoft specific Transport Neutral Encapsulation Format (TNEF) protocol and a specially crafted e-mail message delivering malware could cause the Exchange server to become infected simply by processing the message, without the need for a user to open the e-mail.
We recommend that users patch their systems by downloading and installing critical Microsoft updates as soon as possible.
Users are also encouraged to update their antivirus software daily and to install a firewall on their computers, if they have not done so already. For more information on firewalls, please read Microsoft's tutorial on how to protect your PC.
Microsoft Security Bulletin Summary for January reports the release of one security patch rated "critical". This patch has been released ahead of schedule due to the urgent need to prevent further exploitation of the recently discovered vulnerability in the rendering of Windows Metafile image files (.wmf). For detailed information on this patch see Microsoft Security Bulletin MS06-001. Microsoft has issued a press release regarding this vulnerability and the patch now released. This is an unusual step and is an indication of the significance of the issue.
The vulnerability lies in the way the Windows graphics rendering engine handles the Windows Metafile (.wmf) image file format. Recently, attackers have used numerous websites and mass-mailed e-mail messages to take advantage of this vulnerability to install spyware, viruses and other malware on affected computers. Among other things these computers have been used to send out thousands of spam e-mails without the knowledge or consent of their owners.
This vulnerability affects all versions of Windows and we strongly advise all Windows users to patch their systems against this vulnerability immediately. This patch can be downloaded via Microsoft Security Bulletin MS06-001 or by visiting Microsoft Update.
Related information from FRISK Software:
Information from Microsoft:
- Technical Summary of January Security Bulletins.
- Microsoft press release regarding WMF vulnerability patch
- Microsoft Security Bulletin MS06-001 - [KB912919]
- Microsoft Security Bulletin MS06-002 - [KB908519]
- Microsoft Security Bulletin MS06-003 - [KB902412]
Third party information: