The American software giant has released patches for 21 software vulnerabilities, of which only two do not allow attackers to execute harmful code on users’ computers. 
Among these, eight vulnerabilities are classified as “critical,” the highest danger warning level from Microsoft, affecting Windows, Internet Explorer, Word, PowerPoint, and Exchange Server.
“Microsoft has never simultaneously disclosed 21 vulnerabilities and has not previously encountered 19 vulnerabilities that could be exploited remotely,” remarked Amol Sarwate, an analyst at the security company Qualys (USA).
The most significant update, MS-025, addresses routing and remote access vulnerabilities in Windows, allowing hackers to monitor traffic through connection ports. Systems running on Windows 2000 are most heavily affected, while Windows XP Service Pack 1 – 2 and Windows Server 2003 Service Pack 1 are less impacted.
The second patch, MS06-029, updates Microsoft Exchange Server on Outlook Web Access. “Network administrators should pay attention to this flaw, even though it’s rated as ‘important’, because when checking messages via Outlook Web Access, users only need to open an email to trigger the code in the message and be compromised,” Sarwate warned.
Four other updates address critical vulnerabilities affecting all versions of Windows. MS06-021 fixes vulnerabilities in Internet Explorer 5.01 and 6, while MS06-024 addresses issues with Windows Media Player 7.1, 9, and 10. The bulletin MS06-023 discusses a Microsoft Jscript issue, and MS06-022 enhances ART image rendering capabilities.
Meanwhile, MS06-026 addresses a graphics mechanism issue in the operating system, but is only deemed serious for Windows 98, Windows 98 Second Edition (SE), and Windows Millennium Edition (ME).
Two patches for Microsoft Word (MS06-027) and PowerPoint (MS06-028) within the Office suite are also rated at the highest warning level.
Through the security bulletin MS06-030, Microsoft addressed issues related to the Windows Server Message Block (SMB) component, which could allow hackers to gain elevated privileges in the system. The remaining two bulletins, categorized as “medium,” update RPC Mutual Authentication (MS06-031) and TCP/IP (MS06-032) in Windows.
Last weekend, Microsoft warned that customers may face security risks if they continue to use outdated operating systems.
Windows 98 and Windows ME currently have critical vulnerabilities in handling Component Object Model objects. Attackers could compromise systems after tricking users into accessing a website containing malicious code, which connects their computers to a remote server. “We cannot deploy patches for Windows 98 and ME as they may cause issues with the operating system,” a Microsoft spokesperson stated.
Microsoft plans to stop updates and will not release any further patches for Windows 98, Windows 98 Second Edition, and Windows Millennium starting from July 11. The Bill Gates-led company recommends users set up firewalls to filter traffic through TCP port 139. Additionally, the company will officially cease support for Windows XP Service Pack 1 starting October 10.
Another noteworthy event this week was Mozilla’s unexpected announcement that the upcoming Firefox 3.0 browser, scheduled for release next year, will not support Windows 98 and Windows Millennium. This decision by the open-source software organization has sparked considerable debate. “Mozilla’s products remain compatible with some operating systems that have fewer users than Windows 98 and ME. If they want to stop support, they should conduct a market survey first,” commented member Hermann Schwab on the Bugzilla website.
T.N. compiled
