Microsoft puts out December patches

Microsoft has released its December 2006 security bulletin, which includes seven updates: three are listed as "critical," its most serious risk rating, and four are listed as "important." None of the updates this month is specific to Microsoft Office, despite the appearance of two zero-day exploits within the last week targeting users of Microsoft Word.

Microsoft no longer offers technical support for Windows 98 and Windows Me, nor does Microsoft continue to provide technical support for users of Windows XP SP1. To keep your Windows 98 and Me systems secure, seeCNET Reviews' roundup of compatible third-party security applications. To keep your Windows XP SP1 system secure, update to Windows XP SP2 today. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS06-072: Critical
Titled "Cumulative Security Update for Internet Explorer (925454)," this bulletin affects users of Windows 2000 (SP4), Windows XP (SP2), and Windows Server 2003 (SP1), running Internet Explorer versions 5.01 through 6.x, and addresses the vulnerabilities detailed in CVE-2006-5579, CVE-2006-5581, CVE-2006-5578, and CVE-2006-5577. Successful exploitation could lead to remote code execution.

MS06-073: Critical
Titled "Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674)," this bulletin affects users of Microsoft Visual Studio 2005 Standard Edition, Professional Edition,Team Suite, Team Edition for Developers, Team Edition for Architects, Team Edition for Testers only (all other versions of Visual Studio are not affected). The patch addresses the vulnerabilities detailed in CVE-2006-4704. Successful exploitation could lead to remote code execution.

MS06-074: Important
Titled "Vulnerability in SNMP Could Allow Remote Code Execution (926247)" this bulletin affects users of Windows 2000 (SP4), Windows XP (SP2), and Windows Server 2003 (SP1 and x64 editions), and addresses the vulnerability detailed in CVE-2006-5583. Successful exploitation could lead to remote code execution.

MS06-075: Important
Titled "Vulnerability in Windows Could Allow Elevation of Privilege (926255)," this bulletin affects users of Windows 2000 (SP4), Windows XP (SP2), and Windows Server 2003 (SP1),, and addresses the vulnerabilities detailed in CVE-2006-5585. Successful exploitation could lead to elevation of privileges on affected systems.

MS06-076: Important
Titled "Cumulative Security Update for Outlook Express (923694)," this bulletin affects users of Windows 2000 (SP4), Windows XP (SP2), and Windows Server 2003 (SP2, and x64 editions), and addresses the vulnerability detailed in CVE-2006-2386. Successful exploitation could lead to remote code execution.

MS06-077: Important
Titled "Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)," this bulletin affects users of Windows 2000 (SP4), but does not affect users of Windows XP (SP2), and Windows Server 2003 (SP2, and x64 editions), and addresses the vulnerability detailed in CVE-2006-5584. Successful exploitation could lead to remote code execution.

MS06-078: Critical
Titled "Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)," this bulletin affects users of Microsoft Windows Media Format 7.1 through 9.5 Series Runtime on the following operating system versions: Microsoft Windows 2000 (SP4), Microsoft Windows XP (SP1 or 2, x64 edition, Tablet PC, Media Center), and Microsoft Windows Server 2003 (SP1, Itanium-based Systems, and x64 edition), and addresses the vulnerability detailed in CVE-2006-4702 and CVE-2006-6134. Successful exploitation could lead to information disclosure.