The only critical update this month is
The flaw affects Office 2000 Service Pack 3, Office XP Service Pack 3; Office 2003 Service Pack 1; Office 2003 Service Pack 2; and Microsoft Publisher 2000, 2002 and 2003.
Meanwhile, Microsoft released MS06-052, an "important" update for Pragmatic General Multicast (PGM), a multicast protocol within Windows used to detect, report on and request retransmission of incomplete or lost inbound data.
Microsoft officials said attackers could exploit a remote code execution flaw in the program to send a specially crafted multicast message to an affected system to launch malicious code. The problem is that the application fails to properly bounds check externally supplied data. Windows XP Service Pack 1 and Windows XP Service Pack 2 are affected.
Finally, Microsoft released MS06-053, a "moderate" fix for an information disclosure vulnerability in the Windows Indexing Service. The flaw is in how the program handles query validations.
"The vulnerability could allow an attacker to run client-side script on behalf of a user," Microsoft officials said. "The script could spoof content, disclose information, or take any action that the user could take on the affected Web site."
The flaw affects:
Chris Andrew, vice president of security technologies at Scottsdale, Ariz.-based vulnerability management firm Patchlink Corp., suggested IT administrators use the lighter load this month to harden their defenses against the growing array of zero-day threats. He noted that attackers are actively exploiting a Microsoft Word flaw that wasn't patched this month, and that zero-day threats will keep increasing.
"There's a lot they could be doing to lock down their network, like restricting user rights and making sure security policies are well-organized," he said.
This article originally appeared on SearchSecurity.com.