Microsoft released two more critical patches yesterday. These fix a flaw in the way Microsoft Windows processes embedded web fonts (MS06-002) and a Microsoft Outlook and Microsoft Exchange Transport Neutral Encapsulation Format (TNEF) decoding vulnerability. If properly exploited, these flaws can allow a hacker to execute arbitrary code or cause a denial of service on an unpatched system.
Alan Bentley, UK managing director at security tools firm PatchLink, commented: "It has clearly been a bad year for downloadable file formats in the Windows world and it is only 10 days into the New Year. The new patches show some critical issues in Microsoft WMF, MS-TNEF and Web Font download file formats that can all allow remote code execution.