Microsoft rolls out 10 fixes in monthly patch cycle

The six 'critical' vulnerabilities include four in Office and two in Windows

Microsoft has released 10 fixes as part of its October monthly patch cycle, addressing vulnerabilities in Windows and Office.

Of the 10 vulnerabilities, six were listed by Microsoft as 'critical', one 'important', two 'moderate' and one 'low'.

The six 'critical' vulnerabilities include four in Office and two in Windows. One of the Windows bugs was in the Windows Shell that has a publicly available exploit.

Security firm Secunia said that the exploit could be deployed through a specially crafted web page.

The other 'critical' Windows vulnerability addresses the system's XML handling which, according to Secunia, could also be exploited through a maliciously crafted web page.

There are no currently reported active exploits for the XML vulnerability.

The four Office flaws include one in PowerPoint that is being actively exploited. All four could be exploited through specially crafted Office documents.

A vulnerability in Microsoft's Server Services, a networking component, could allow denial of service attacks, according to Microsoft. The Server Services vulnerability was listed as 'important'.

The 'moderate' fixes were for vulnerabilities in the .Net programming application and the Object Packager component, which is used to embed one document inside another.

The 'low' vulnerability fix was for TCP/IP IPv6, which is used for internet connections.

Microsoft had to break its regular monthly schedule to issue a patch for a vulnerability in the Vector Markup Language that was being actively exploited in September.

• Microsoft security updates for October 2006