Posted by: kurtsh | September 27, 2006

RELEASE: MS06-055 Critical Vulnerability Patch released TODAY

Warm up your Systems Management Server or Software Update Server.  We’ve released a patch outside of the normal "once-a-month, every-second-Tuesday" cycle. 

MS06-055 addresses a vulnerability in Vector Markup Language rendering, a component of Windows, and has a maximum severity rating of Critical. The update addresses a vulnerability that could allow an attacker to take complete control of a system remotely. 

We’ve discovered a public attack using the vulnerability that the patch fixes and the testing we normally do completed early.  Right now we’re monitoring the movement of the attack and it’s spread has been pretty limited.  That being said, we’re encouraging everyone – Enterprise & Consumer to patch their systems.  Folks using Automatic Update should get patched tonight or whenever Automatic Update is set on their computers to do a Critical Update check.

Note that if you’re one of the smart folks that have the Windows XP firewall enabled on their workstations, you more than likely don’t have to worry about any existing exploitation through this vulnerability.  The firewall will normally block any sort of intrusion posed by threats leveraging the vulnerability patched by MS06-055.

Microsoft will hold a special live webcast on September 27, 2006 to provide technical details on the MS06-055 out of band release and to answer questions. Customers can sign up for the Web cast here.  Other webcasts for vulnerabilities patched monthly can be found here:

Microsoft will also be releasing additional security updates on Tuesday, October 10, 2006 as part of its regularly scheduled release of security updates. Customers can find out more information about that release at:


%d bloggers like this: