Security Bulletins for November 2006
Update: 21 November 2006
Winzip Computing and Microsoft have released separate security updates to patch against a security vulnerability in Winzip 10.0. Adobe has issued a security advisory regarding an Adobe Flash Player update released to resolve serious vulnerabilities.
Winzip Computing reports the release of Winzip 10.0 build 7245 to patch against a security vulnerability in one of its component modules. This vulnerability could allow for remote code execution on an affected system.
The vulnerability lies in the way Internet Explorer handles ActiveX controls. A malicious attacker could exploit the vulnerability by constructing a specially crafted webpage or HTML e-mail message. This could allow remote code execution if a user visited the webpage or viewed the e-mail message. An attacker who successfully exploited the vulnerability could gain complete control of an affected computer. This security vulnerability is also discussed in Microsoft Security Bulletin MS06-067.
Adobe Security Bulletin APSB06-18 reports the release of a critical patch against multiple security vulnerabilities in the Adobe Flash Player that could potentially allow an attacker to gain complete control of an affected computer.
Adobe recommends that all users of Adobe Flash Player Adobe Flash Player 220.127.116.11 and earlier versions upgrade to the newest version 18.104.22.168. Updates are available at the Flash Player Download Center.
Microsoft Security Bulletin Summary for November reports the release of six patches, five of which are rated "critical". These updates patch against vulnerabilities that could potentially allow for remote code execution or elevation of privilege on affected computers. An end-user version of this update summary is also available.
Users are advised to patch their systems against these vulnerabilities immediately. Patches can be downloaded via links posted within the appropriate Security Bulletins or by visiting Microsoft Update.
We recommend that users patch their systems by downloading and installing critical Microsoft updates as soon as possible.
Users are also encouraged to update their antivirus software daily and to install a firewall on their computers, if they have not done so already. For more information on firewalls, please read Microsoft's tutorial on how to protect your PC.
- Microsoft Security Bulletin MS06-067
- Microsoft Security Bulletin MS06-068
- Microsoft Security Bulletin MS06-069
- Microsoft Security Bulletin MS06-070
- Microsoft Security Bulletin MS06-071