Risk: High
Microsoft's July security update addresses 18 vulnerabilities delivered in seven bulletins, five of which are classified as 'critical'.
All of the critical flaws could allow remote code execution if exploited and have been found in the Server Service, DHCP Client Service, Microsoft Excel and Microsoft Office.
Two vulnerabilities addressed are classified as 'important', one of which has been found in ASP.net, which could enable an attacker to bypass ASP.net security to gain unauthorised access to objects in the Application folder. Although an attacker successfully exploiting the vulnerability would not be able to change user rights or execute remote code, it may provide them with useful information that they could subsequently use to compromise a system. The other 'important' flaw was found in Microsoft Internet Information Services and could allow an attacker to take complete control of a system. However, the attacker would need to have a valid log-in and the server would need to be configured to allow anonymous or authenticated users to upload web content.
The patches to protect against these newly discovered vulnerabilities can be downloaded from
http://www.microsoft.com/technet/security/bulletin/ms06-jul.mspx
As it has recently been announced that Microsoft is ceasing support for Windows 98 and Millennium Edition, which includes issuing security updates, many people are concerned that thousands will be using operating systems that can't have the latest vulnerabilities identified and patched. It is strongly recommended that those using 98 or ME upgrade to XP - it's far better to spend money on a new operating system than to use one that could potentially be vulnerable to attackers.