Microsoft Security Bulletin MS06-001
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
Second Tuesday again
Microsoft Security Bulletin MS06-002
Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)
The recent WMF patch protects IE from dodgy images, this one is to protect IE from dodgy text. Also there is some speculation that the WMF hole in GDI.exe could have been present as far back as Windows 3.0 so you can't assume IE will ever be safe even if it goes 6 months without needing a patch.
Alternatives to IE
http://www.opera.com - Best out of the box browser, closed source but so far the most secure windows browser.
http://www.mozilla.com - most tweakable browser, open source, generally needs patching more often than opera
On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit.
The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer
Must say I'm impressed with the new version. It will patch most of your applications with minimal fuss. You could set it up for your Granny.
Reminder - new patches for windows / IE out now.
Just a reminder it's that time of the month again.
Patches for IE6 through IE10 and Office , usual Remote Code Execution stuff
The first patches say there might be less damage if you aren't logged in with admin rights, which is then undermined because the last patch is about attackers gaining elevated privileges anyway.