Microsoft Issues 'Zero-Day' XML Core Patch, 5 Others

As expected, Microsoft today issued six patches for a variety of security issues, including an XML vulnerability considered to be "zero day."

As expected, Microsoft today issued six patches for a variety of security issues, including an XML vulnerability considered to be "zero day."

According to Microsoft, this flaw (MS06-071), rated critical, could allow remote code to infect a user's machine if they visit a Web site with the attack code. According to an earlier security advisory, those using Windows Server 2003 SP1 with default settings and using Enhanced Security Configuration are not vulnerable.

According to Microsoft's Security Response Center blog, unlike today's other patches, the company was unable to distribute this one through SUS 1.0. "The update is available through all other channels, and Software Update Services customers can obtain this update directly from the Download Center or through WSUS," wrote Mike Reavey. "We are working to make this update available through SUS as quickly as possible and expect to release it with the next SUS 1.0 update."

This month's other patches are available through SUS 1.0, as well as all other distribution channels. They are:

  • MS06-066, Important: Fixes two problems relating to NetWare and Microsoft Client Services.
  • MS06-067, Critical: Described by Microsoft as a "Cumulative Security Update for Internet Explorer," fixes several problems relating to Windows and IE 5.01 and 6.
  • MS06-068, Critical: Relates to a flaw in Microsoft Agent Memory Corruption in various versions of Windows.
  • MS06-069, Critical: Deals with issues with Windows XP and Macromedia Flash Player.
  • MS06-070, Critical: Fixes a Workstation Service Memory Corruption vulnerability found in Windows 2000 SP4 and Windows XP SP2.

The company did not patch another flaw relating to Visual Studio that's also reported to be "zero day," meaning that active code exploiting the flaw has been found.

To view the official announcement regarding this month's release, go here.

About the Author

Becky Nagel is the vice president of Web & Digital Strategy for 1105's Converge360 Group, where she oversees the front-end Web team and deals with all aspects of digital strategy. She also serves as executive editor of the group's media Web sites, and you'll even find her byline on, the group's newest site for enterprise developers working with AI. She recently gave a talk at a leading technical publishers conference about how changes in Web technology may impact publishers' bottom lines. Follow her on twitter @beckynagel.


  • Azure DevOps Server 2019 Now at Release Candidate 2

    Microsoft released Azure DevOps Server 2019 Release Candidate 2 (RC2), according to a Tuesday announcement.

  • Cloud IT Infrastructure Spending Starting To Take the Lead

    IDC this month published findings on revenues from cloud IT infrastructure spending in the third quarter of 2018, based on server, storage and Ethernet switch sales.

  • How To Run Oculus Rift Apps in Windows Mixed Reality, Part 1

    A lack of apps has been the biggest thorn in the side of Microsoft's mixed reality efforts. One way to get around it is to use apps that were designed for Oculus Rift instead.

  • Windows 10 Mobile To Fall Out of Support in December

    Microsoft will end support for the Windows 10 Mobile operating system on Dec. 10, 2019, according to an announcement.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.