It's that time of the month again. Microsoft's patch bandwagon (http://www.microsoft.com/technet/security/bulletin/ms05-jul.mspx) rolled into town yesterday loaded with three critical updates.

The updates aim to fix a vulnerability (http://secunia.com/advisories/16004/) found in the Color Management Module of Windows that could allow remote code execution (MS05-036 (http://www.microsoft.com/technet/security/bulletin/ms05-036.mspx)) and a security bug in JView Profiler (MS05-037 (http://www.microsoft.com/technet/security/bulletin/ms05-037.mspx)) that might be used to crash Internet Explorer and inject hostile code. Last, but not least, is a vulnerability (http://secunia.com/advisories/15998/) in several Microsoft Word versions involving font parsing that could also be used as a conduit to smuggle malicious code onto vulnerable systems (MS05-035 (http://www.microsoft.com/technet/security/bulletin/ms05-035.mspx)). US CERT has produced an overview of Microsoft's three critical security fixes here (http://www.us-cert.gov/cas/techalerts/TA05-193A.html). ®

Related stories

MS issues final software update for Win2K (http://www.theregister.co.uk/2005/06/29/win2k_final_update/)
10 vulns - three critical - in MS patch batch (http://www.theregister.co.uk/2005/06/15/ms_june_patch_batch/)
Microsoft issues solitary patch (http://www.theregister.co.uk/2005/05/11/ms_patch_may/)
Microsoft fortifies monthly patches with interim advisories (http://www.theregister.co.uk/2005/05/10/ms_interim_security_advisories/)
SANS revises Top 20 security vulns list (http://www.theregister.co.uk/2005/05/03/sans_top_20/)