Mar. 2006 Security Updates

One new critical patch for Office and an important patch that hardens the security of Windows services were released on the Mar. 2006 “Patch Tuesday.” The second patch changes the configuration of Windows rather than changing binary files, so rolling back the configuration changes could be difficult. Microsoft also forewarned administrators who had not yet installed an earlier nonsecurity update to Internet Explorer (IE) that applying the update is inevitable—the nonsecurity change will be included in the next IE security patch.

Critical Patches

The Office patch fixes remote code vulnerabilities, a class of vulnerability that could allow an attacker to take complete control of an unpatched system if a user opens certain malformed files. The malformed file could include a malformed range of cells or a malformed graphic, among other possibilities. An attack could also exploit the vulnerability via routing slips or the File Send option in Office. These document routing features allow a user to route or send any type of file to coworkers by attaching it to an e-mail message.