Microsoft has just posted their security patch builletin for the month of February. As usual all required patches for your PC can be found on Microsoft Update. Here's a brief summary of the six major patches released this month:
A vulnerability exists in the Graphics Rendering Engine that could allow remote code execution.
A vulnerability exists in the way that Windows Media Player processes certain files that could allow remote code execution.
A remote code execution vulnerability exists in the Windows Media Player plug-in for non-Microsoft Internet browsers that can allow remote code execution.
A vulnerability exists that could allow an attacker to send a specially crafted IGMP that could cause an affected system to stop responding.
A vulnerability exists in the Windows Web Client Service that could allow an attacker to take complete control of an affected system. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
A vulnerability exists in the Windows and Office Korean Input Method Editor that could allow an attacker to take complete control of an affected system. For an attack to be successful an attacker must be able to interactively log on to the affected system.
Many people are having issues with the MS06-007 patch when installing it from Microsoft Update. Users have claimed that having a patched tcpip.sys file is one cause of the error, while the vast majority simply have it fail on install. Downloading the patch and installing it manually seems to work without any reported problems.
There were a few smaller releases from Microsoft today including updates for Outlook, PowerPoint 2000, and a new Malicious Software Removal Tool. Windows Media Player 10 was also updated to build 3990 after the application of both related patches this month. Apple has coincidently released OS X 10.4.5 today for folks to download.
View: Neowin Forum Discussion