It's that time of the month again. Microsoft's patch bandwagon rolled into town yesterday loaded with three critical updates.
The updates aim to fix a vulnerability found in the Color Management Module of Windows that could allow remote code execution (MS05-036) and a security bug in JView Profiler (MS05-037) that might be used to crash Internet Explorer and inject hostile code. Last, but not least, is a vulnerability in several Microsoft Word versions involving font parsing that could also be used as a conduit to smuggle malicious code onto vulnerable systems (MS05-035). US CERT has produced an overview of Microsoft's three critical security fixes here. ®
MS issues final software update for Win2K
10 vulns - three critical - in MS patch batch
Microsoft issues solitary patch
Microsoft fortifies monthly patches with interim advisories
SANS revises Top 20 security vulns list