Microsoft Security Bulleting Release - October 2006
Please see details below regarding this months security bulleting release.
What is this alert?
This alert is to provide you with an overview of Security Bulletins released on 10 October 2006.
================================================
New Security Bulletins
================================================
Microsoft is releasing the following security bulletins for newly discovered vulnerabilities:
MAXIMUM SEVERITY |
BULLETIN NUMBER |
PRODUCTS AFFECTED |
IMPACT |
Moderate |
MS06-056 |
Microsoft Windows .NET Framework 2.0 |
Information Disclosure |
Critical |
MS06-057 |
Microsoft Windows |
Remote Code Execution |
Critical |
MS06-058 |
Microsoft Office |
Remote Code Execution |
Critical |
MS06-059 |
Microsoft Office |
Remote Code Execution |
Critical |
MS06-060 |
Microsoft Office |
Remote Code Execution |
Critical |
MS06-061 |
Microsoft Windows or Office |
Remote Code Execution |
Critical |
MS06-062 |
Microsoft Office |
Remote Code Execution |
Important |
MS06-063 |
Microsoft Windows |
Denial of Service |
Low |
MS06-064 |
Microsoft Windows |
Denial of Service |
Important |
MS06-065 |
Microsoft Windows |
Remote Code Execution |
Summaries for these new bulletins may be found here.
Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable.
================================================
Microsoft Windows Malicious Software Removal Tool
================================================
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here:
================================================
High-Priority Non-Security Updates on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS)
================================================
Microsoft is today also making the following High-Priority NON-SECURITY updates available on WU, MU, SUS and WSUS:
KB NUMBER |
TITLE |
Available via: |
912580 |
Update for Outlook 2003 Junk E-Mail Filter |
MU |
923097 |
Update for Office 2003 |
MU |
================================================
TechNet Webcast: Information about Microsoft August 2006 Security Bulletins
================================================
Information about Microsoft October 2006 Security Bulletins (Level 200)
Wednesday, 11 October 2006 11:00 AM (GMT-08:00) Pacific Time (US & Canada) Click here
The on-demand version of the webcast will be available 24 hours after the live webcast here:
================================================
Security Bulletin Details
================================================
MS06-056
Title: Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770)
Affected Software:
Microsoft .NET Framework 2.0 for the following operating system versions:
· Microsoft Windows 2000 Service Pack 4
· Microsoft Windows XP Service Pack 1 or Windows XP Service Pack 2
· Microsoft Windows XP Professional x64 Edition
· Microsoft Windows XP Tablet PC Edition
· Microsoft Windows XP Media Center Edition
· Microsoft Windows Server 2003 or Microsoft Windows Server 2003 Service Pack 1
· Microsoft Windows Server 2003 for Itanium-based Systems or Windows Server 2003 with SP1 for Itanium-based Systems
· Microsoft Windows Server 2003 x64 Edition
Affected Components:
· Microsoft .NET Framework 2.0
Non-Affected Software:
· Microsoft .NET Framework 1.0
· Microsoft .NET Framework 1.1
Impact of Vulnerability: Information Disclosure
Maximum Severity Rating: Moderate
Restart Requirement: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.
To help reduce the chance that a reboot will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012.
Update Can Be Uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel.
More information on this vulnerability is available here
******************************************************************
MS06-057
Title: Vulnerability in Windows Explorer Could Allow Remote Execution (923191)
Affected Software:
· Microsoft Windows 2000 Service Pack 4
· Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
· Microsoft Windows XP Professional x64 Edition
· Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
· Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
· Microsoft Windows Server 2003 x64 Edition
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: You must restart your system after you apply this security update.
Update Can Be Uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel.
More information on this vulnerability is available here:
******************************************************************
MS06-058
Title: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)
Affected Software:
· Microsoft Office 2000 Service Pack 3
· Microsoft PowerPoint 2000
· Microsoft Office XP Service Pack 3
· Microsoft PowerPoint 2002
· Microsoft Office 2003 Service Pack 1 or Service Pack 2
· Microsoft Office PowerPoint 2003
· Microsoft Office 2004 for Mac
· Microsoft PowerPoint 2004 for Mac
· Microsoft Office v. X for Mac
· Microsoft PowerPoint v. X for Mac
Non-Affected Software:
· Microsoft PowerPoint 2003 Viewer
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: Varies depending on which update is being installed (Office version, Operating System). See the Security Bulletin - linked below for more details.
Update Can Be Uninstalled: Varies depending on which update is being installed (Office version, Operating System). See the Security Bulletin - linked below for more details.
More information on this vulnerability is available here:
******************************************************************
MS06-059
Title: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164)
Affected Software:
· Microsoft Office 2000 Service Pack 3
· Microsoft Excel 2000
· Microsoft Office XP Service Pack 3
· Microsoft Excel 2002
· Microsoft Office 2003 Service Pack 1 or Service Pack 2
· Microsoft Office Excel 2003
· Microsoft Office Excel Viewer 2003
· Microsoft Office 2004 for Mac
· Microsoft Excel 2004 for Mac
· Microsoft Office v. X for Mac
· Microsoft Excel v. X for Mac
· Microsoft Works Suites:
· Microsoft Works Suite 2004
· Microsoft Works Suite 2005
· Microsoft Works Suite 2006
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: Varies depending on which update is being installed (Office version, Operating System). See the Security Bulletin - linked below for more details.
Update Can Be Uninstalled: Varies depending on which update is being installed (Office version, Operating System). See the Security Bulletin - linked below for more details.
More information on this vulnerability is available here:
******************************************************************
MS06-060
Title: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)
Affected Software:
· Microsoft Office 2000 Service Pack 3
· Microsoft Word 2000
· Microsoft Office XP Service Pack 3
· Microsoft Word 2002
· Microsoft Office 2003 Service Pack 1 or Service Pack 2
· Microsoft Office Word 2003
· Microsoft Office Word 2003 Viewer
· Microsoft Works Suites:
· Microsoft Works Suite 2004
· Microsoft Works Suite 2005
· Microsoft Works Suite 2006
· Microsoft Office 2004 for Mac
· Microsoft Office v. X for Mac
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: Varies depending on which update is being installed (Office version, Operating System). See the Security Bulletin - linked below for more details.
Update Can Be Uninstalled: Varies depending on which update is being installed (Office version, Operating System). See the Security Bulletin - linked below for more details.
More information on this vulnerability is available here:
******************************************************************
MS06-061
Title: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191)
Affected Software:
· Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Windows 2000 Service Pack 4
· Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Service Pack 1
· Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Service Pack 2
· Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Professional x64 Edition
· Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003
· Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 Service Pack 1
· Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
· Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 x64 Edition
· Microsoft Office 2003 Service Pack 1 or Service Pack 2 with Microsoft XML Core Services 5.0 Service Pack 1
Non-Affected Software:
· Windows 2000 Service Pack 4 running Microsoft XML Core Services 2.5
· Microsoft Windows XP Service Pack 1 running Microsoft XML Core Services 2.5
· Microsoft Windows XP Service Pack 2 running Microsoft XML Core Services 2.5
· Microsoft Windows Server 2003 running Microsoft XML Core Services 2.5
· Microsoft Windows Server 2003 Service Pack 1 running Microsoft XML Core Services 2.5
Affected Components:
· Microsoft XML Core Services 4.0 when installed on Windows 2000 Service Pack 4
· Microsoft XML Core Services 4.0 when installed on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
· Microsoft XML Core Services 4.0 when installed on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
· Microsoft XML Core Services 6.0 when installed on Windows 2000 Service Pack 4
· Microsoft XML Core Services 6.0 when installed on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
· Microsoft XML Core Services 6.0 when installed on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: You must restart your system after you apply this security update.
Update Can Be Uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel.
More information on this vulnerability is available here:
******************************************************************
MS06-062
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)
Affected Software:
· Microsoft Office 2000 Service Pack 3
· Microsoft Access 2000
· Microsoft Excel 2000
· Microsoft FrontPage 2000
· Microsoft Outlook 2000
· Microsoft PowerPoint 2000
· Microsoft Publisher 2000
· Microsoft Word 2000
· Microsoft Office XP Service Pack 3
· Microsoft Access 2002
· Microsoft Excel 2002
· Microsoft FrontPage 2002
· Microsoft Outlook 2002
· Microsoft PowerPoint 2002
· Microsoft Publisher 2002
· Microsoft Visio 2002
· Microsoft Word 2002
· Microsoft Office 2003 Service Pack 1 or Service Pack 2
· Microsoft Access 2003
· Microsoft Excel 2003
· Microsoft Excel 2003 Viewer
· Microsoft FrontPage 2003
· Microsoft InfoPath 2003
· Microsoft OneNote 2003
· Microsoft Outlook 2003
· Microsoft PowerPoint 2003
· Microsoft Project 2003
· Microsoft Publisher 2003
· Microsoft Visio 2003
· Microsoft Word 2003
· Microsoft Word 2003 Viewer
· Microsoft Project 2000 Service Release 1
· Microsoft Project 2002 Service Pack 2
· Microsoft Visio 2002 Service Pack 2
· Microsoft Office 2004 for Mac
· Microsoft Office v. X for Mac
Non-Affected Software:
· Microsoft PowerPoint 2003 Viewer
· Microsoft Works Suites:
· Microsoft Works Suite 2004
· Microsoft Works Suite 2005
· Microsoft Works Suite 2006
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: Varies depending on which update is being installed (Office version, Operating System). See the Security Bulletin - linked below for more details.
Update Can Be Uninstalled: Varies depending on which update is being installed (Office version, Operating System). See the Security Bulletin - linked below for more details.
More information on this vulnerability is available here:
******************************************************************
MS06-063
Title: Vulnerability in Server Service Could Allow Denial of Service (923414)
Affected Software:
· Microsoft Windows 2000 Service Pack 4
· Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
· Microsoft Windows XP Professional x64 Edition
· Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
· Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
· Microsoft Windows Server 2003 x64 Edition
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Important
Restart Requirement: You must restart your system after you apply this security update.
Update Can Be Uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel.
More information on this vulnerability is available here:
******************************************************************
MS06-064
Title: Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819)
Affected Software:
· Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
· Microsoft Windows XP Professional x64 Edition
· Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
· Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
· Microsoft Windows Server 2003 x64 Edition
Non-Affected Software:
· Microsoft Windows 2000 Service Pack 4
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Low
Restart Requirement: You must restart your system after you apply this security update.
Update Can Be Uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel.
More information on this vulnerability is available here:
******************************************************************
MS06-065
Title: Vulnerability in Windows Object Packager Could Allow Remote Execution (924496)
Affected Software:
· Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
· Microsoft Windows XP Professional x64 Edition
· Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
· Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
· Microsoft Windows Server 2003 x64 Edition
Non-Affected Software:
· Microsoft Windows 2000 Service Pack 4
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Moderate
Restart Requirement: You must restart your system after you apply this security update.
Update Can Be Uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel.
More information on this vulnerability is available here:
Cheers, Jeffa