Microsoft released 12 software patches on Tuesday to fix 16 vulnerabilities in the Windows operating system and Office desktop software. The patches include eight fixes for critical security holes that could be used to run malicious code on affected computer. A critical vulnerability in a component of Messenger that renders PNG (Portable Network Graphics) image files used to display icons. A critical vulnerability in the Server Message Block (SMB) protocol that affects Windows XP, Windows 2000 and Windows Server 2003 and could be used to launch attacks on vulnerable Windows systems from Web pages. A critical vulnerability in Microsoft’s License Logging Service that affects Windows Sever 2003, Windows 2000 and Windows NT Server 4.0. Four critical vulnerabilities in the Internet Explorer Web browser Versions 5 and 6. The patch includes a fix for the “drag and drop” vulnerability that allows remote attackers to use Web-based attacks to place an executable file on a user’s Windows system without the user receiving a dialog box asking for approval for the download.

Microsoft released 12 software patches on Tuesday to fix 16 vulnerabilities
in the Windows operating system and Office desktop software. The patches include
eight fixes for critical security holes that could be used to run malicious code
on affected computer. These are among the most serious holes Microsoft
addressed:

  • A critical vulnerability in a component of Messenger that renders PNG
    (Portable Network Graphics) image files used to display icons, such as smiley
    faces, in instant messaging conversations. If successfully exploited, the
    vulnerability could be hidden in a buddy icon and launched whenever MSN users
    load contact lists.
  • A critical vulnerability in the Server Message Block (SMB) protocol that
    affects Windows XP, Windows 2000 and Windows Server 2003 and could be used to
    launch attacks on vulnerable Windows systems from Web pages. SMB is used to
    communicate between Windows machines and to share network resources such as
    printers and files.
  • A critical vulnerability in Microsoft’s License Logging Service that
    affects Windows Sever 2003, Windows 2000 and Windows NT Server 4.0. The
    service is a tool that helps customers manage software licenses for Microsoft
    server products. A remote attacker could use the vulnerability to cause the
    License Logging Service to fail, causing a denial of service attack on Windows
    Server 2003 systems or to install programs; view, change, or delete data; or
    to create new user accounts on Windows 2000 and NT Server 4.0 systems.
  • Four critical vulnerabilities in the Internet Explorer Web browser
    Versions 5 and 6. The patch includes a fix for the "drag and drop"
    vulnerability that allows remote attackers to use Web-based attacks to place
    an executable file on a user’s Windows system without the user receiving a
    dialog box asking for approval for the download.