ALARM Group ALERT ¿ click for a description of ALARM, The Computing Alert System Alert Number:  011006-01 Alert Date:  01/10/06 Alert Title:  Microsoft releases three security bulletins for January Update-to:   Update-to: 122905-01 "Windows Image Rendering Exploit Affects All XP and 2003" and ITS Alert 1/06/06 "Microsoft has released a fix for a serious flaw in Windows system used to view images" OS/Platform/Application: Microsoft Windows XP (Including Service Packs 1, 2 and Professional x64 Edition) Microsoft Windows Server 2003 (Including Service Pack 1, x64 and Itanium-based Systems) Microsoft Windows 2000 Service Pack 4 Microsoft Windows 98, Microsoft Windows 98 SE, ME Microsoft Outlook 2000, 2002, and 2003 Microsoft Office 2000 Multilanguage Packs Microsoft Office XP Multilingual User Interface Packs Microsoft Office 2003 Multilingual User Interface Packs Microsoft Exchange 5.0, 5.5, and 2000 Category:  ALERT Severity:  HIGH Attention:  Windows System Administrators, Desktop Support Personnel

Summary:  On January 10 2006 Microsoft released its monthly security bulletin for January.  Included in this bulletin are three bulletins (MS06-001, MS06-002, and MS06-003) all listed by Microsoft as "Critical Severity".  Bulletin MS06-001 addresses a vulnerability in the Graphics Rendering Engine; this bulletin was originally released on January 5 to address potential exploits associated with Windows Meta File (WMF) and other image extensions.  See the associated ALARM and ITS Alerts (links provided below) for more detail.  Bulletin MS06-002 addresses a vulnerability in Embedded web fonts and MS06-003 addresses a vulnerability in TNEF message decoding.

Alert 1/06/06 "Microsoft has released a fix for a serious flaw in Windows system
used to view images":
http://www.albany.edu/its/alarm_alert_microsoft_releases_fix_windows_images.htm