The American software giant has released 5 security bulletins to patch 14 software vulnerabilities. Among these, the createTextRange vulnerability was previously exploited by hackers to install spyware and keyloggers on users’ computers.
The bulletin MS06-013 addresses 10 vulnerabilities in Internet Explorer 5.x and 6.x, 7 of which are classified as “critical.” Notably, the createTextRange flaw was discovered 3 weeks ago and quickly spread across more than 200 websites. The delay in releasing the patch led many third-party companies to fix the browser “on behalf of” Microsoft. According to eEye Digital Security, approximately 156,000 users downloaded their temporary patch within just two weeks.
Meanwhile, the update MS06-015 addresses a serious issue where the Windows XP operating system autonomously handles folders, while MS06-014 resolves problems related to Windows MDAC (Microsoft Data Access Component), which is used when accessing SQL databases. Both of these vulnerabilities could be exploited by hackers to take control of the entire system if users are tricked into opening attachments or visiting sites containing malicious code.
Microsoft also fixed a “critical” vulnerability in the free email service Outlook Express (MS06-016). Additionally, the company launched MS06-017 to address a “moderate” vulnerability in the FrontPage web design application within Microsoft Office.
Most of the issues addressed in these 5 bulletins are rated as “critical,” so users are urged to update their patches as soon as possible.
T.N.
