Microsoft has released its September 2006 security bulletin, which includes only three updates: One is listed as critical, one as important, and one as moderate. The critical update this month is specific to Microsoft Office Publisher. Missing is a patch for the recently announced vulnerablity in Microsoft Office Word 2000. Users of Windows 98 and Windows Me will notice that Microsoft no longer offers technical support for these two operating systems. To keep your Windows 98 and Me systems secure, see our roundup of compatible third-party security applications. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.
Entitled "Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007)," this bulletin affects users of Windows 2000 SP4, Windows XP x64, and Windows Server 2003 (SP1, SP2, and x64 editions). Successful exploitation could lead to remote code execution.
Entitled "Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685)," this bulltin affects users of Windows 2000, Windows XP (SP1, SP2, and x64 editions), and Windows Server 2003 (SP1, SP2, and x64 editions). Successful exploitation could lead to private information disclosure.
Entitled "Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729)," this bulletin affects users of Microsoft Office 2000, Office 2002, and Office 2003. Successful exploitation could lead to remote code execution.