Welcome to Blaisdell's Little Corner of the Web

Home Browsers Microsoft Office 97 Site Search Windows

Freeware | Freeware From A-Z | Security | Virus Information

Welcome to        

Office Index II | Office Index I |                                                    | This site was Updated on  08/12/2006 |

Plugging the holes
Make quick work of fixing the holes in your Microsoft-based systems and workstations with the help of these patches.

Warning! 
Microsoft doesn't send patches to it's software through email. 
Go to the Windows Update Center for that.

If you receive an e-mail that claims to be distributing a Microsoft security patch, it is a hoax that may be distributing a virus. Microsoft does not distribute security patches via e-mail. You can learn more about Microsoft's software distribution policies here: http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

Stamp out the pests that infect computing!

Microsoft Security Bulliten Web Site
Bo's Security Updates by the Month
Errors after install a hotfix or Security Update
You cannot access HTML Help functionality on some Web sites after installing security update MS05-001
Microsoft Security Bulletin Summary for December 2005

Last Updated on Saturday, August 12, 2006


Title: Microsoft Security Bulletin Summary for August, 2006
Issued: August 8, 2006
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=70983
NOTE: The DOT is advising all Windows users to install bulletin MS06-040 ASAP!
********************************************************************
Summary:
========
This advisory contains information about all security updates
released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================
NOTE: The DOT is advising all Windows users to install bulletin MS06-040 BB ASAP!

MS06-040 - Vulnerability in Server Service Could Allow Remote Code
           Execution (921883)

  - Affected Software: 
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Windows XP Service Pack 2
    - Windows XP Service Pack 1
    - Windows XP Professional x64 Edition
    - Windows 2000 Service Pack 4

    - Impact: Remote Code Execution
    - Version Number: 1.0  

MS06-041 - Vulnerability in DNS Resolution Could Allow Remote Code
           Execution (920683)

  - Affected Software: 
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Windows XP Service Pack 2
    - Windows XP Service Pack 1
    - Windows XP Professional x64 Edition
    - Windows 2000 Service Pack 4
    - Impact: Remote Code Execution
    - Version Number: 1.0  

MS06-042 - Cumulative Security Update for Internet Explorer (918899)

  - Affected Software: 
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Windows XP Service Pack 2
    - Windows XP Service Pack 1
    - Windows XP Professional x64 Edition
    - Windows 2000 Service Pack 4

    - Impact: Remote Code Execution
    - Version Number: 1.0  

MS06-043 - Vulnerability in Microsoft Windows Could Allow Remote
           Code Execution (920214)

  - Affected Software: 
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Windows XP Service Pack 2
    - Windows XP Professional x64 Edition
    - Impact: Remote Code Execution
    - Version Number: 1.0  

MS06-044 - Vulnerability in Microsoft Management Console Could Allow
           Remote Code Execution (917008)

  - Affected Software: 
    - Windows 2000 Service Pack 4
    - Impact: Remote Code Execution
    - Version Number: 1.0  


MS06-046 - Vulnerability in HTML Help Could Allow Remote Code
           Execution (922616)

  - Affected Software: 
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Windows XP Service Pack 2
    - Windows XP Service Pack 1
    - Windows XP Professional x64 Edition
    - Windows 2000 Service Pack 4
    - Impact: Remote Code Execution
    - Version Number: 1.0  

MS06-047 - Vulnerability in Microsoft Visual Basic for Applications
           Could Allow Remote Code Execution (921645)

  - Affected Software: 
    - Office XP Service Pack 3
    - Project 2002 Service Pack 1
    - Visio 2002 Service Pack 2
    - Office 2000 Service Pack 3
    - Access 2000 Runtime Service Pack 3
    - Project 2000 Service Release 1
    - Works Suite 2006
    - Works Suite 2005
    - Works Suite 2004
    - Microsoft Visual Basic for Applications SDK 6.4
    - Microsoft Visual Basic for Applications SDK 6.3
    - Microsoft Visual Basic for Applications SDK 6.2
    - Microsoft Visual Basic for Applications SDK 6.0
    - Impact: Remote Code Execution
    - Version Number: 1.0  

MS06-048 - Vulnerabilities in Microsoft Office Could Allow Remote
           Code Execution (922968)

  - Affected Software: 
    - Office 2003 Service Pack 2
    - Office 2003 Service Pack 1
    - Office XP Service Pack 3
    - Office 2000 Service Pack 3
    - Office v. X for Mac
    - Office 2004 for Mac
    - Impact: Remote Code Execution
    - Version Number: 1.0  

MS06-051 - Vulnerability in Windows Kernel Could Result in Remote
           Code Execution (917422)

  - Affected Software: 
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Windows XP Service Pack 2
    - Windows XP Service Pack 1
    - Windows XP Professional x64 Edition
    - Windows 2000 Service Pack 4
    - Impact: Remote Code Execution
    - Version Number: 1.0  

Important Security Bulletins
============================

MS06-045 - Vulnerability in Windows Explorer Could Allow Remote Code
           Execution (921398)

  - Affected Software: 
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Windows XP Service Pack 2
    - Windows XP Service Pack 1
    - Windows XP Professional x64 Edition
    - Windows 2000 Service Pack 4
    - Impact: Remote Code Execution
    - Version Number: 1.0  

MS06-049 - Vulnerability in Windows Kernel Could Result in Elevation
           of Privilege (920958)

  - Affected Software: 
    - Windows 2000 Service Pack 4
    - Impact: Elevation of Privilege
    - Version Number: 1.0  

MS06-050 - Vulnerabilities in Microsoft Windows Hyperlink Object
           Library Could Allow Remote Code Execution (920670)

  - Affected Software: 
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Windows XP Service Pack 2
    - Windows XP Service Pack 1
    - Windows XP Professional x64 Edition
    - Windows 2000 Service Pack 4
    - Impact: Remote Code Execution
    - Version Number: 1.0  

Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions,
and Update Deployment Information please read
the Microsoft Security Bulletin Summary for this
month at:
 http://go.microsoft.com/fwlink/?LinkId=70983

 July Patch Tuesday Update
Title: Microsoft Security Bulletin Summary for July 2006
Issued: July 11, 2006
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=69768
********************************************************************

Summary:
========
This advisory contains information about all security updates
released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS06-035 - Vulnerability in Server Service Could Allow Remote Code Execution
           (917159)

  - Affected Software: 
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Windows XP Professional Service Pack 2
    - Windows XP Professional Service Pack 1
    - Windows XP Professional x64 Edition
    - Windows XP Home Service Pack 2
    - Windows XP Home Service Pack 1
    - Windows 2000 Service Pack 4

    - Impact: Remote Code Execution
    - Version Number: 1.0

MS06-036 - Vulnerability in DHCP Client Service Could Allow Remote Code
           Execution (914388)

  - Affected Software: 
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Windows XP Professional Service Pack 2
    - Windows XP Professional Service Pack 1
    - Windows XP Professional x64 Edition
    - Windows XP Home Service Pack 2
    - Windows XP Home Service Pack 1
    - Windows 2000 Service Pack 4

    - Impact: Remote Code Execution
    - Version Number: 1.0

MS06-037 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
           (917285)

  - Affected Software: 
    - Excel 2003
    - Excel Viewer 2003
    - Excel 2002
    - Excel 2000
    - Excel v.X for Mac
    - Excel 2004 for Mac

    - Impact: Remote Code Execution
    - Version Number: 1.0

MS06-038 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
           (917284)

  - Affected Software: 
    - Office 2003 Service Pack 2
    - Office 2003 Service Pack 1
    - Office XP Service Pack 3
    - Office 2000 Service Pack 3
    - Office v.X for Mac
    - Office 2004 for Mac
    - Project 2002
    - Project 2000
    - Visio 2002
    - Works Suite 2006
    - Works Suite 2005
    - Works Suite 2004

    - Impact: Remote Code Execution
    - Version Number: 1.0

MS06-039 - Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution 
(915384)

  - Affected Software: 
    - Office 2003 Service Pack 2
    - Office 2003 Service Pack 1
    - Office XP Service Pack 3
    - Office 2000 Service Pack 3
    - Project 2002
    - Project 2000
    - Works Suite 2006
    - Works Suite 2005
    - Works Suite 2004

    - Impact: Remote Code Execution
    - Version Number: 1.0

Important Security Bulletins
============================

MS06-033 - Vulnerability in ASP.NET Could Allow Information Disclosure (917283)

  - Affected Software: 
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Windows XP Professional Service Pack 2
    - Windows XP Professional Service Pack 1
    - Windows XP Professional x64 Edition
    - Windows XP Home Service Pack 2
    - Windows XP Home Service Pack 1
    - Windows 2000 Service Pack 4
    - .NET Framework 2.0

    - Impact: Information Disclosure
    - Version Number: 1.0

MS06-034 - Vulnerability in Microsoft Internet Information Services using Active

           Server Pages Could Allow Remote Code Execution (917537)

  - Affected Software: 
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Windows XP Professional Service Pack 2
    - Windows XP Professional Service Pack 1
    - Windows XP Professional x64 Edition
    - Windows 2000 Service Pack 4

    - Impact: Remote Code Execution
    - Version Number: 1.0

Update Availability:
===================
Updates are available to address these issues. For additional information, including 
Technical Details, Workarounds, answers to Frequently Asked Questions, and Update 
Deployment Information please read the Microsoft Security Bulletin Summary for this
month at: http://go.microsoft.com/fwlink/?LinkId=69768

Title: Microsoft Security Bulletin Summary for June 2006
Issued: June 13, 2006
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=68324
********************************************************************

Summary:
========
This advisory contains information about all security updates
released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS06-021 - Cumulative Security Update for Internet Explorer (916281)

  - Affected Software: 
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Windows XP Service Pack 2
    - Windows XP Service Pack 1
    - Windows XP Professional x64 Edition
    - Windows 2000 Service Pack 4
    - Review the FAQ section of bulletin MS06-021 for information 
      about these operating systems:
        - Windows Millennium Edition (ME)
        - Windows 98 Second Edition (SE)
        - Windows 98
    - Impact: Remote Code Execution
    - Version Number: 1.0


MS06-022 - Vulnerability in ART Image Rendering Could Allow Remote
           Code Execution (918439)

  - Affected Software: 
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Windows XP Service Pack 2
    - Windows XP Service Pack 1
    - Windows XP Professional x64 Edition
    - Windows 2000 Service Pack 4 with the Windows 2000 AOL Image
      Support Update
    - Review the FAQ section of bulletin MS06-022 for information 
      about these operating systems:
        - Windows Millennium Edition (ME)
        - Windows 98 Second Edition (SE)
        - Windows 98
    - Impact: Remote Code Execution
    - Version Number: 1.0


MS06-023 - Vulnerability in Microsoft JScript Could Allow Remote
           Code Execution (917344)

  - Affected Software: 
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Windows XP Service Pack 2
    - Windows XP Service Pack 1
    - Windows XP Professional x64 Edition
    - Windows 2000 Service Pack 4
    - Review the FAQ section of bulletin MS06-023 for information 
      about these operating systems:
        - Windows Millennium Edition (ME)
        - Windows 98 Second Edition (SE)
        - Windows 98
    - Impact: Remote Code Execution
    - Version Number: 1.0


MS06-024 - Vulnerability in Windows Media Player Could Allow Remote
           Code Execution (917734)

  - Affected Software: 
    - Windows Media Player 10
    - Windows Media Player 9
    - Windows Media Player for XP
    - Windows Media Player 7.1
    - Impact: Remote Code Execution
    - Version Number: 1.0


MS06-025 - Vulnerability in Routing and Remote Access Could Allow
           Remote Code Execution (911280)

  - Affected Software: 
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Windows XP Service Pack 2
    - Windows XP Service Pack 1
    - Windows XP Professional x64 Edition
    - Windows 2000 Service Pack 4
    - Impact: Remote Code Execution
    - Version Number: 1.0


MS06-026 - Vulnerability in Graphics Rendering Engine Could Allow
           Remote Code Execution (918547)

  - Affected Software: 
    - Windows Millennium Edition (ME)
    - Windows 98 Second Edition (SE)
    - Windows 98 
    - Impact: Remote Code Execution
    - Version Number: 1.0


MS06-027 - Vulnerability in Microsoft Word Could Allow Remote Code
           Execution (917336)

  - Affected Software: 
    - Word 2003
    - Word Viewer 2003
    - Word 2002
    - Word 2000
    - Works Suite 2006
    - Works Suite 2005
    - Works Suite 2004
    - Works Suite 2003
    - Works Suite 2002
    - Works Suite 2001
    - Works Suite 2000
    - Impact: Remote Code Execution
    - Version Number: 1.0


MS06-028 - Vulnerability in Microsoft PowerPoint Could Allow Remote
           Code Execution (916768)

  - Affected Software: 
    - PowerPoint 2003
    - PowerPoint 2002
    - PowerPoint 2000
    - PowerPoint 2004 for Mac
    - PowerPoint v.X for Mac
    - Impact: Remote Code Execution
    - Version Number: 1.0


Important Security Bulletins
============================

MS06-029 - Vulnerability in Microsoft Exchange Server Running
           Outlook Web Access Could Allow Script Injection (912442)

  - Affected Software: 
    - Exchange Server 2003 Service Pack 2
    - Exchange Server 2003 Service Pack 1
    - Exchange 2000 Server Pack 3 with the August 2004 Exchange 2000
      Server Post-Service Pack 3 Update Rollup
    - Impact: Remote Code Execution
    - Version Number: 1.0


MS06-030 - Vulnerability in Server Message Block Could Allow
           Elevation of Privilege (914389)

  - Affected Software: 
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Windows XP Service Pack 2
    - Windows XP Service Pack 1
    - Windows XP Professional x64 Edition
    - Windows 2000 Service Pack 4
    - Impact: Elevation of Privilege
    - Version Number: 1.0


MS06-032 - Vulnerability in TCP/IP Could Allow Remote Code Execution
           (917953)

  - Affected Software: 
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Windows XP Service Pack 2
    - Windows XP Service Pack 1
    - Windows XP Professional x64 Edition
    - Windows 2000 Service Pack 4
    - Impact: Remote Code Execution
    - Version Number: 1.0

Moderate Security Bulletin
==========================

MS06-031 - Vulnerability in RPC Mutual Authentication Could Allow
           Spoofing (917736)

  - Affected Software: 
    - Windows 2000 Service Pack 4
    - Impact: Spoofing
    - Version Number: 1.0


Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions,
and Update Deployment Information please read
the Microsoft Security Bulletin Summary for this
month at: http://go.microsoft.com/fwlink/?LinkId=68324

Title: Microsoft Security Bulletin Re-Releases
Issued: June 13, 2006

Summary
=======
The following bulletins have undergone a major revision increment. 
Please see the appropriate bulletin for more details.

  * MS06-011

Bulletin Information:
=====================

* MS06-011

 - http://www.microsoft.com/technet/security/bulletin/ms06-011.mspx
 - Reason for Revision: This update has been revised to include
    updated registry key values for the NetBT, RemoteAccess, and
    TCPIP services.  These values have been modified to be the
    same as Windows XP Service Pack 2 on Windows XP Service Pack
    1 systems, and the same as Windows 2003 Service Pack 1 on
    Windows 2003 systems with no service pack applied.  Customers
    are encouraged to apply this revised update for additional
    security from privilege elevation through the these services
    as described in the Vulnerability Details section of this
    security bulletin.  
 - Originally posted: March 14, 2006
 - Updated: June 13, 2006
 - Bulletin Severity Rating: Important
 - Version: 2.0

Title: Microsoft Security Bulletin Summary for May 2006
Issued: May 9, 2006
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=66474
Summary:
========
This advisory contains information about all security updates
released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS06-019 - Vulnerability in Microsoft Exchange Could Allow Remote 
           Code Execution (916803)

  - Affected Software: 
    - Microsoft Exchange Server 2003 Service Pack 1
    - Microsoft Exchange Server 2003 Service Pack 2
    - Microsoft Exchange Server 2000 with the Exchange 2000 
      Post-Service Pack 3 Update Rollup of August 2004

    - Impact: Remote Code Execution
    - Version Number: 1.0  


MS06-020 - Vulnerabilities in Macromedia Flash Player from Adobe 
           Could Allow Remote Code Execution (913433)

  - Affected Software: 
    - Windows XP Service Pack 1
    - Windows XP Service Pack 2

    - Review the FAQ section of bulletin MS06-O20 for information 
      about these operating systems:
        - Windows 98
        - Windows 98 Second Edition (SE)
        - Windows Millennium Edition (ME)

    - Impact: Remote Code Execution
    - Version Number: 1.0  


Moderate Security Bulletins
===========================

MS06-018 - Vulnerability in Microsoft Distributed Transaction 
           Coordinator Could Allow Denial of Service (913580)

  - Affected Software: 
    - Windows 2000 Service Pack 4
    - Windows XP Service Pack 1
    - Windows XP Service Pack 2
    - Windows Server 2003
    - Windows Server 2003 for Itanium-based Systems

    - Impact: Denial of Service
    - Version Number: 1.0  

Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions,
and Update Deployment Information please read
the Microsoft Security Bulletin Summary for this
month at: http://go.microsoft.com/fwlink/?LinkId=64680

Microsoft Security Bulletin Re-Releases
Issued: April 25, 2006

Summary
=======
The following bulletins have undergone a major revision increment. 
Please see the appropriate bulletin for more details.

  * MS06-015

Bulletin Information:
=====================

* MS06-015

 - http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx
 - Reason for Revision: This bulletin has been re-released to
    advise customers that revised versions of the security update 
    are available for all products listed in the "Affected Software"
    section. Customers who have already applied the MS06-015 update
    who are not experiencing the problem need take no action. For
    additional information, see "Why did Microsoft reissue this
    bulletin on April 25, 2006." in "Frequently asked questions
    (FAQ) related to this security update" section.
 - Originally posted: April 11, 2006
 - Updated: April 25, 2006
 - Bulletin Severity Rating: Critical
 - Version: 2.0

Title: Microsoft Security Bulletin Re-Releases 
Issued: April 11, 2006

Summary
=======
The following bulletins have undergone a major revision increment. 
Please see the appropriate bulletin for more details.

MS06-005

Bulletin Information:
=====================

MS06-005

 - http://www.microsoft.com/technet/security/bulletin/ms06-005.mspx
 - Reason for Revision: Microsoft updated this bulletin today to
    advise customers that revised versions of the security update
    are available for Microsoft Windows Media Player 10 when
    installed on Windows XP Service Pack 1 or Windows XP Service
    Pack 2, listed in the "Affected Components" section. For more
    information, see on "What are the known issues that customers
    may experience when they install this security update?"

    We revised this update to report an issue when a user tries to
    seek, fast rewind, or fast forward when using Windows Media
    Player 10
  
 - Originally posted: February 14, 2006
 - Updated: April 11, 2006
 - Bulletin Severity Rating: Critical
 - Version: 2.0

Title: Microsoft Security Bulletin Summary for April 2006
Issued: April 11, 2006
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=64680

Summary:
========
This advisory contains information about all security updates
released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS06-013 - Cumulative Security Update for Internet Explorer (912812)

  - Affected Software: 
    - Windows 2000 Service Pack 4
    - Windows XP Service Pack 1
    - Windows XP Service Pack 2
    - Windows XP Professional x64 Edition
    - Windows Server 2003
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Review the FAQ section of bulletin MS06-O15 for information 
      about these operating systems:
        - Windows 98
        - Windows 98 Second Edition (SE)
        - Windows Millennium Edition (ME)
    - Impact: Remote Code Execution
    - Version Number: 1.0  


MS06-014 - Vulnerability in the Microsoft Data Access Components
           (MDAC) Function Could Allow Code Execution (911562)

  - Affected Software: 
    - Windows 2000 Service Pack 4
    - Windows XP Service Pack 1
    - Windows XP Service Pack 2
    - Windows XP Professional x64 Edition
    - Windows Server 2003
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Review the FAQ section of bulletin MS06-O15 for information 
      about these operating systems:
        - Windows 98
        - Windows 98 Second Edition (SE)
        - Windows Millennium Edition (ME)
    - Impact: Remote Code Execution
    - Version Number: 1.0  

MS06-015 - Cumulative Security Update for Internet Explorer (912812)

  - Affected Software: 
    - Windows 2000 Service Pack 4
    - Windows XP Service Pack 1
    - Windows XP Service Pack 2
    - Windows XP Professional x64 Edition
    - Windows Server 2003
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Review the FAQ section of bulletin MS06-O15 for information 
      about these operating systems:
        - Windows 98
        - Windows 98 Second Edition (SE)
        - Windows Millennium Edition (ME)
    - Impact: Remote Code Execution
    - Version Number: 1.0  

Important Security Bulletins
============================

MS06-016 - Cumulative Security Update for Outlook Express (911567)

  - Affected Software: 
    - Windows 2000 Service Pack 4
    - Windows XP Service Pack 1
    - Windows XP Service Pack 2
    - Windows XP Professional x64 Edition
    - Windows Server 2003
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Review the FAQ section of bulletin MS0X-OYZ for information 
      about these operating systems:
        - Windows 98
        - Windows 98 Second Edition (SE)
        - Windows Millennium Edition (ME)
    - Impact: Remote Code Execution
    - Version Number: 1.0  

Moderate Security Bulletins
===========================

MS06-017 - Vulnerability in Microsoft FrontPage Server Extensions
            Could Allow Cross-Site Scripting (917627)

  - Affected Software: 
    - Windows 2000 Service Pack 4
    - Windows XP Service Pack 1
    - Windows XP Service Pack 2
    - Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    - Windows XP Professional x64 Edition
    - Windows Server 2003
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition
    - Microsoft SharePoint Team Service
    - Review the FAQ section of bulletin MS0X-OYZ for information 
      about these operating systems:
        - Windows 98
        - Windows 98 Second Edition (SE)
        - Windows Millennium Edition (ME)
    - Impact: Remote Code Execution
    - Version Number: 1.0  

Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details,Workarounds, answers to 
Frequently Asked Questions, and Update Deployment Information please read
the Microsoft Security Bulletin Summary for this month at: 
http://go.microsoft.com/fwlink/?LinkId=64680

Title: Microsoft Security Bulletin Summary for March 2006
Issued: March 14, 2006
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=63209

Summary:
========

This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

Affected Software:

Important Security Bulletins
============================

MS06-011 - Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798)

Update Availability:
===================

Updates are available to address these issues. For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=63209


Title: Microsoft Security Bulletin Re-Release for January 2006
Issued: January 10, 2006
Version Number: 2.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=58872

Summary:
========
This advisory contains information about additional security updates released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS06-001 - Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)

  - Affected Software:
    - Windows 2000 Service Pack 4
    - Windows XP Service Pack 1
    - Windows XP Service Pack 2
    - Windows XP Professional x64 Edition
    - Windows Server 2003
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003 x64 Edition
    - Windows Server 2003 for Itanium-based Systems
    - Windows Server 2003 with SP1 for Itanium-based Systems

    - Review the FAQ section of bulletin MS06-001 for information about these operating systems:
        - Windows 98
        - Windows 98 Second Edition (SE)
        - Windows Millennium Edition (ME)

    - Impact: Remote Code Execution
    - Version Number: 1.0

MS06-002 - Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)

  - Affected Software:
    - Windows 2000 Service Pack 4
    - Windows XP Service Pack 1
    - Windows XP Service Pack 2
    - Windows XP Professional x64 Edition
    - Windows Server 2003
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003 x64 Edition
    - Windows Server 2003 for Itanium-based Systems
    - Windows Server 2003 with SP1 for Itanium-based Systems

    - Review the FAQ section of bulletin MS06-002 for information about these operating systems:
        - Windows 98
        - Windows 98 Second Edition (SE)
        - Windows Millennium Edition (ME)

    - Impact: Remote Code Execution
    - Version Number: 1.0

MS06-003 - Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)

  - Affected Software:
    - Microsoft Office 2000 Service Pack 3
    - Windows Microsoft Office XP Service Pack 3
    - Microsoft Office 2003 Service Pack 1
    - Microsoft Office 2003 Service Pack 2
    - Microsoft Exchange Server 5.0 Service Pack 2
    - Microsoft Exchange Server 5.5 Service Pack 4
    - Microsoft Exchange 2000 Server Pack 3 with the Exchange 2000
      Post-Service Pack 3 Update Rollup of August 2004

    - Impact: Remote Code Execution
    - Version Number: 1.0

Update Availability:
===================
An updates are available to address these issues. For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=58872


Title: Microsoft Security Bulletin Re-Release for January 2006
Issued: January 10, 2006
Version Number: 2.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=58872

Summary:
========
This advisory contains information about additional security updates released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS06-001 - Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)

  - Affected Software:
    - Windows 2000 Service Pack 4
    - Windows XP Service Pack 1
    - Windows XP Service Pack 2
    - Windows XP Professional x64 Edition
    - Windows Server 2003
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003 x64 Edition
    - Windows Server 2003 for Itanium-based Systems
    - Windows Server 2003 with SP1 for Itanium-based Systems

    - Review the FAQ section of bulletin MS06-001 for information about these operating systems:
        - Windows 98
        - Windows 98 Second Edition (SE)
        - Windows Millennium Edition (ME)

    - Impact: Remote Code Execution
    - Version Number: 1.0

MS06-002 - Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)

  - Affected Software:
    - Windows 2000 Service Pack 4
    - Windows XP Service Pack 1
    - Windows XP Service Pack 2
    - Windows XP Professional x64 Edition
    - Windows Server 2003
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003 x64 Edition
    - Windows Server 2003 for Itanium-based Systems
    - Windows Server 2003 with SP1 for Itanium-based Systems

    - Review the FAQ section of bulletin MS06-002 for information about these operating systems:
        - Windows 98
        - Windows 98 Second Edition (SE)
        - Windows Millennium Edition (ME)

    - Impact: Remote Code Execution
    - Version Number: 1.0

MS06-003 - Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)

  - Affected Software:
    - Microsoft Office 2000 Service Pack 3
    - Windows Microsoft Office XP Service Pack 3
    - Microsoft Office 2003 Service Pack 1
    - Microsoft Office 2003 Service Pack 2
    - Microsoft Exchange Server 5.0 Service Pack 2
    - Microsoft Exchange Server 5.5 Service Pack 4
    - Microsoft Exchange 2000 Server Pack 3 with the Exchange 2000
      Post-Service Pack 3 Update Rollup of August 2004

    - Impact: Remote Code Execution
    - Version Number: 1.0

Update Availability:
===================
An updates are available to address these issues. For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=58872


Title: Microsoft Security Bulletin Summary for January 2006
Issued: January 05, 2006
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=58471
********************************************************************

Summary:
========
This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS06-001 - Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)

  - Affected Software:
    - Windows 2000 Service Pack 4
    - Windows XP Service Pack 1
    - Windows XP Service Pack 2
    - Windows XP Professional x64 Edition
    - Windows Server 2003
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003 x64 Edition
    - Windows Server 2003 for Itanium-based Systems
    - Windows Server 2003 with SP1 for Itanium-based Systems

    - Review the FAQ section of bulletin MS06-O1 for information
      about these operating systems:
        - Windows 98
        - Windows 98 Second Edition (SE)
        - Windows Millennium Edition (ME)

    - Impact: Remote Code Execution
    - Version Number: 1.0 

Update Availability:
===================
An update is available to address these issues. For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=58471


Microsoft Windows WMF "SETABORTPROC" Arbitrary Code Execution

Release Date: 2005-12-28
Last Update: 2005-12-29
Critical:
Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched See Also: Microsoft Security Advisory (912840)
OS: Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Description:
A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error in the handling of Windows Metafile files (".wmf") containing specially crafted SETABORTPROC "Escape" records. Such records allow arbitrary user-defined function to be executed when the rendering of a WMF file fails. This can be exploited to execute arbitrary code by tricking a user into opening a malicious ".wmf" file in "Windows Picture and Fax Viewer" or previewing a malicious ".wmf" file in explorer (i.e. opening a folder containing a malicious image file).

The vulnerability can also be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer.

NOTE: Exploit code is publicly available. This is being exploited in the wild. The vulnerability can also be triggered from explorer if the malicious file has been saved to a folder and renamed to other image file extensions like ".jpg", ".gif, ".tif", and ".png" etc.

The vulnerability has been confirmed on a fully patched system running Microsoft Windows XP SP2. Microsoft Windows XP SP1 and Microsoft Windows Server 2003 SP0 / SP1 are reportedly also affected. Other platforms may also be affected.

Solution:
Do not save, open or preview untrusted image files from email or other sources, or open untrusted folders and network shares in explorer.

Set security level to "High" in Microsoft Internet Explorer to prevent automatic exploitation.

The risks can be mitigated by unregistering "Shimgvw.dll" (See Bo Explains the Regsvr32 tool).  However, this will disable certain functionalities. BLCOW dose not recommend the use of this workaround on production systems until it has been thoroughly tested.

New arrivals:


Bo's Microsoft Security Bulletin Updates by the Month

Plus, check out these other great update notices. Never go without a fix again.

Did you miss an update or security patch? That just will not due will it? View the bug fixes by the month.
Not to sure if you need a cerain fix, patch, or update? Use the MBSA Tool to scan your computer for security misconfigurations, vulnerabilities, and missing hotfixes.

Go to past bulletins

Check out these other tools from Microsoft:

TechNet IT Download Resources & downloads

Hotfixes

For additional information about the steps Microsoft has taken to improve the security bulletin release process, read the white paper or register for the webcast.

“Many of life’s failures are people who did not realize how close they were to success when they gave up.” – Thomas Edison

Go to past bulletins