This Patch-Tuesday, Microsoft patched 11 vulnerabilities. Among the patched vulnerabilities are two that can be remotely exploited by an anonymous user, MS06-074 SNMP Buffer Overflow Vulnerability and MS06-077 Remote Installation Service Vulnerability. The Windows SNMP Service and Remote Installation Service are not default installed which greatly reduces the attack surface.

The vulnerability in Visual Studio, exploited in the wild, has been addressed in this month’s patch cycle.

The update of our graphs of last month is found below. The top graph shows that Microsoft almost hit one hundred critical vulnerabilities for 2006. The year is not over and Microsoft may provide out-of-cycle patches for the current 0-Day Word vulnerabilities.