14 DAY TRIAL // The seven December 2006 security bulletins released by Microsoft as a part of the company's monthly patch cycle address a total of 18 vulnerabilities. Three of the security bulletins have received Microsoft's maximum severity level of "Critical" while the remaining four were deemed as "Important."
The vast majority of the 18 vulnerabilities were disclosed by Microsoft together with patches addressing them. Also, most of them are client-side vulnerabilities, the users having to be actively involved by handling compromise content for a successful exploit.
Microsoft issued a Cumulative Security Update for Internet Explorer (925454), a patch for a vulnerability in Visual Studio 2005 (925674) and an update for a flaw in Windows Media Format (923689). There are the Redmond Company's three "Critical" security bulletins.
The additional security updates, with a severity of "Important" address vulnerabilities in SNMP, Windows, and in Remote Installation Service. Aside from these, Microsoft also released a Cumulative Security Update for Outlook Express.
- Vulnerability in SNMP Could Allow Remote Code Execution - Microsoft Windows SNMP Service Remote Code Execution Vulnerability - Cumulative Security Update for Internet Explorer - Microsoft Internet Explorer DHTML Script Function Remote Code Vulnerability - Microsoft Internet Explorer Script Error Handling Remote Code Execution Vulnerability - Microsoft Internet Explorer Drag and Drop TIF Folder Information Disclosure Vulnerability - Microsoft Internet Explorer Object Tag TIF Folder Information Disclosure Vulnerability - Vulnerability in Windows Media Player Could Allow Remote Code Execution - Windows Media Player ASX PlayList File Heap Overflow Vulnerability - Windows Media Player Remote ASF File Buffer Overflow Vulnerability - Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution - Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability - Vulnerability in Remote Installation Service Could Allow Remote Code Execution - Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability - Cumulative Security Update for Outlook Express - Microsoft Outlook Express Windows Address Book Contact Record Remote Code Execution Vulnerability - Vulnerability in Windows Could Allow Elevation of Privilege - Microsoft Windows Manifest File Privilege Escalation Vulnerability