The hotfix for MS06-042, which was supposed to be released today, has been delayed. Worse: It turns out that MS06-042 introduced a new security problem. The crashes everyone is having so much fun with are just the tip of the iceberg. The issue can also be used to execute arbitrary code. In particular, note that MSFT’s advisory essentially tells you how to exploit the issue. Exploits will likely follow very soon (days?).
Arbitrary code as well? This just keeps getting better. Apparently 042 fixes more bugs than in adds so it’s advised by the good folks at SANS that you should at least apply the patch in the interim. Also on their list is a recommendation to switch to Firefox as your browser of choice. Read on…
Article Link
another Article Link
[tags]MS06-042, Microsoft, Security Problems, Late Patches[/tags]
