Oct. 2006 Security Updates

Six critical, one important, two moderate, and one low severity patch addressing 26 vulnerabilities were distributed on the Oct. 2006 “Patch Tuesday.” The vulnerabilities affect Windows, Office for Windows and the Mac, and any software that might use Microsoft’s Core XML Services. In addition, Microsoft used the monthly patch release announcements to update customers on products leaving support, how to block the pending automatic installation of Internet Explorer (IE) 7.0, and pending changes to Microsoft’s offline patch detection tools.

Critical Patches

The Oct. 2006 critical patches fix vulnerabilities in Windows, Office for Windows and the Mac, and other products that use Microsoft’s XML Core Services. Developers use Microsoft XML Core Services (MSXML) with JScript, Visual Basic Scripting Edition (VBScript), and Microsoft Visual Studio 6.0 to build XML-based applications. Because developers, including third parties, use these components in their applications, they can be installed in multiple locations on the same computer depending on how many applications the user has installed that use MSXML. All instances must be patched for the system to be completely secured, and MBSA and other detection tools should detect when the patch is needed.