Welcome to Blaisdell's Little Corner of the Web
Freeware | Freeware From A-Z | Security | Virus Information |
Welcome to
|
Office Index II | Office Index I
|
| This site was Updated on 08/12/2006 | |
Plugging the
holes
Make quick work of fixing the holes in your Microsoft-based systems and
workstations with the help of these patches.
Warning!
Microsoft doesn't send patches to it's software through email.
Go to the Windows
Update Center for that.
If you receive an e-mail that claims to be distributing a Microsoft security patch, it is a hoax that may be distributing a virus. Microsoft does not distribute security patches via e-mail. You can learn more about Microsoft's software distribution policies here: http://www.microsoft.com/technet/security/topics/policy/swdist.mspx
Stamp out the pests that infect computing!
Microsoft
Security Bulliten Web Site
Bo's Security Updates by the Month
Errors after install a hotfix
or Security Update
You
cannot access HTML Help functionality on some Web sites after installing
security update MS05-001
Microsoft
Security Bulletin Summary for December 2005
Last Updated on Saturday, August 12, 2006
Title: Microsoft Security Bulletin Summary for August, 2006 Issued: August 8, 2006 Version Number: 1.0 Bulletin: http://go.microsoft.com/fwlink/?LinkId=70983 NOTE: The DOT is advising all Windows users to install bulletin MS06-040 ASAP! ******************************************************************** Summary: ======== This advisory contains information about all security updates released this month. It is broken down by security bulletin severity. Critical Security Bulletins ===========================
NOTE: The DOT is advising all Windows users to install bulletin MS06-040 BB ASAP!
MS06-040 - Vulnerability in Server Service Could Allow Remote Code
Execution (921883)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-041 - Vulnerability in DNS Resolution Could Allow Remote Code
Execution (920683)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-042 - Cumulative Security Update for Internet Explorer (918899)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-043 - Vulnerability in Microsoft Windows Could Allow Remote
Code Execution (920214)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-044 - Vulnerability in Microsoft Management Console Could Allow
Remote Code Execution (917008)
- Affected Software:
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-046 - Vulnerability in HTML Help Could Allow Remote Code
Execution (922616)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-047 - Vulnerability in Microsoft Visual Basic for Applications
Could Allow Remote Code Execution (921645)
- Affected Software:
- Office XP Service Pack 3
- Project 2002 Service Pack 1
- Visio 2002 Service Pack 2
- Office 2000 Service Pack 3
- Access 2000 Runtime Service Pack 3
- Project 2000 Service Release 1
- Works Suite 2006
- Works Suite 2005
- Works Suite 2004
- Microsoft Visual Basic for Applications SDK 6.4
- Microsoft Visual Basic for Applications SDK 6.3
- Microsoft Visual Basic for Applications SDK 6.2
- Microsoft Visual Basic for Applications SDK 6.0
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-048 - Vulnerabilities in Microsoft Office Could Allow Remote
Code Execution (922968)
- Affected Software:
- Office 2003 Service Pack 2
- Office 2003 Service Pack 1
- Office XP Service Pack 3
- Office 2000 Service Pack 3
- Office v. X for Mac
- Office 2004 for Mac
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-051 - Vulnerability in Windows Kernel Could Result in Remote
Code Execution (917422)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
Important Security Bulletins
============================
MS06-045 - Vulnerability in Windows Explorer Could Allow Remote Code
Execution (921398)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-049 - Vulnerability in Windows Kernel Could Result in Elevation
of Privilege (920958)
- Affected Software:
- Windows 2000 Service Pack 4
- Impact: Elevation of Privilege
- Version Number: 1.0
MS06-050 - Vulnerabilities in Microsoft Windows Hyperlink Object
Library Could Allow Remote Code Execution (920670)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions,
and Update Deployment Information please read
the Microsoft Security Bulletin Summary for this
month at:
http://go.microsoft.com/fwlink/?LinkId=70983
July Patch Tuesday Update
Title: Microsoft Security Bulletin Summary for July 2006
Issued: July 11, 2006
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=69768
********************************************************************
Summary:
========
This advisory contains information about all security updates
released this month. It is broken down by security bulletin severity.
Critical Security Bulletins
===========================
MS06-035 - Vulnerability in Server Service Could Allow Remote Code Execution
(917159)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Professional Service Pack 2
- Windows XP Professional Service Pack 1
- Windows XP Professional x64 Edition
- Windows XP Home Service Pack 2
- Windows XP Home Service Pack 1
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-036 - Vulnerability in DHCP Client Service Could Allow Remote Code
Execution (914388)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Professional Service Pack 2
- Windows XP Professional Service Pack 1
- Windows XP Professional x64 Edition
- Windows XP Home Service Pack 2
- Windows XP Home Service Pack 1
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-037 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
(917285)
- Affected Software:
- Excel 2003
- Excel Viewer 2003
- Excel 2002
- Excel 2000
- Excel v.X for Mac
- Excel 2004 for Mac
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-038 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
(917284)
- Affected Software:
- Office 2003 Service Pack 2
- Office 2003 Service Pack 1
- Office XP Service Pack 3
- Office 2000 Service Pack 3
- Office v.X for Mac
- Office 2004 for Mac
- Project 2002
- Project 2000
- Visio 2002
- Works Suite 2006
- Works Suite 2005
- Works Suite 2004
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-039 - Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution
(915384)
- Affected Software:
- Office 2003 Service Pack 2
- Office 2003 Service Pack 1
- Office XP Service Pack 3
- Office 2000 Service Pack 3
- Project 2002
- Project 2000
- Works Suite 2006
- Works Suite 2005
- Works Suite 2004
- Impact: Remote Code Execution
- Version Number: 1.0
Important Security Bulletins
============================
MS06-033 - Vulnerability in ASP.NET Could Allow Information Disclosure (917283)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Professional Service Pack 2
- Windows XP Professional Service Pack 1
- Windows XP Professional x64 Edition
- Windows XP Home Service Pack 2
- Windows XP Home Service Pack 1
- Windows 2000 Service Pack 4
- .NET Framework 2.0
- Impact: Information Disclosure
- Version Number: 1.0
MS06-034 - Vulnerability in Microsoft Internet Information Services using Active
Server Pages Could Allow Remote Code Execution (917537)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Professional Service Pack 2
- Windows XP Professional Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
Update Availability:
===================
Updates are available to address these issues. For additional information, including
Technical Details, Workarounds, answers to Frequently Asked Questions, and Update
Deployment Information please read the Microsoft Security Bulletin Summary for this
month at: http://go.microsoft.com/fwlink/?LinkId=69768
Title: Microsoft Security Bulletin Summary for June 2006
Issued: June 13, 2006
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=68324
********************************************************************
Summary:
========
This advisory contains information about all security updates
released this month. It is broken down by security bulletin severity.
Critical Security Bulletins
===========================
MS06-021 - Cumulative Security Update for Internet Explorer (916281)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Review the FAQ section of bulletin MS06-021 for information
about these operating systems:
- Windows Millennium Edition (ME)
- Windows 98 Second Edition (SE)
- Windows 98
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-022 - Vulnerability in ART Image Rendering Could Allow Remote
Code Execution (918439)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4 with the Windows 2000 AOL Image
Support Update
- Review the FAQ section of bulletin MS06-022 for information
about these operating systems:
- Windows Millennium Edition (ME)
- Windows 98 Second Edition (SE)
- Windows 98
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-023 - Vulnerability in Microsoft JScript Could Allow Remote
Code Execution (917344)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Review the FAQ section of bulletin MS06-023 for information
about these operating systems:
- Windows Millennium Edition (ME)
- Windows 98 Second Edition (SE)
- Windows 98
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-024 - Vulnerability in Windows Media Player Could Allow Remote
Code Execution (917734)
- Affected Software:
- Windows Media Player 10
- Windows Media Player 9
- Windows Media Player for XP
- Windows Media Player 7.1
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-025 - Vulnerability in Routing and Remote Access Could Allow
Remote Code Execution (911280)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-026 - Vulnerability in Graphics Rendering Engine Could Allow
Remote Code Execution (918547)
- Affected Software:
- Windows Millennium Edition (ME)
- Windows 98 Second Edition (SE)
- Windows 98
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-027 - Vulnerability in Microsoft Word Could Allow Remote Code
Execution (917336)
- Affected Software:
- Word 2003
- Word Viewer 2003
- Word 2002
- Word 2000
- Works Suite 2006
- Works Suite 2005
- Works Suite 2004
- Works Suite 2003
- Works Suite 2002
- Works Suite 2001
- Works Suite 2000
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-028 - Vulnerability in Microsoft PowerPoint Could Allow Remote
Code Execution (916768)
- Affected Software:
- PowerPoint 2003
- PowerPoint 2002
- PowerPoint 2000
- PowerPoint 2004 for Mac
- PowerPoint v.X for Mac
- Impact: Remote Code Execution
- Version Number: 1.0
Important Security Bulletins
============================
MS06-029 - Vulnerability in Microsoft Exchange Server Running
Outlook Web Access Could Allow Script Injection (912442)
- Affected Software:
- Exchange Server 2003 Service Pack 2
- Exchange Server 2003 Service Pack 1
- Exchange 2000 Server Pack 3 with the August 2004 Exchange 2000
Server Post-Service Pack 3 Update Rollup
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-030 - Vulnerability in Server Message Block Could Allow
Elevation of Privilege (914389)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Impact: Elevation of Privilege
- Version Number: 1.0
MS06-032 - Vulnerability in TCP/IP Could Allow Remote Code Execution
(917953)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
Moderate Security Bulletin
==========================
MS06-031 - Vulnerability in RPC Mutual Authentication Could Allow
Spoofing (917736)
- Affected Software:
- Windows 2000 Service Pack 4
- Impact: Spoofing
- Version Number: 1.0
Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions,
and Update Deployment Information please read
the Microsoft Security Bulletin Summary for this
month at: http://go.microsoft.com/fwlink/?LinkId=68324
Title: Microsoft Security Bulletin Re-Releases
Issued: June 13, 2006
Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.
* MS06-011
Bulletin Information:
=====================
* MS06-011
- http://www.microsoft.com/technet/security/bulletin/ms06-011.mspx
- Reason for Revision: This update has been revised to include
updated registry key values for the NetBT, RemoteAccess, and
TCPIP services. These values have been modified to be the
same as Windows XP Service Pack 2 on Windows XP Service Pack
1 systems, and the same as Windows 2003 Service Pack 1 on
Windows 2003 systems with no service pack applied. Customers
are encouraged to apply this revised update for additional
security from privilege elevation through the these services
as described in the Vulnerability Details section of this
security bulletin.
- Originally posted: March 14, 2006
- Updated: June 13, 2006
- Bulletin Severity Rating: Important
- Version: 2.0
Title: Microsoft Security Bulletin Summary for May 2006 Issued: May 9, 2006 Version Number: 1.0 Bulletin: http://go.microsoft.com/fwlink/?LinkId=66474
Summary:
========
This advisory contains information about all security updates
released this month. It is broken down by security bulletin severity.
Critical Security Bulletins
===========================
MS06-019 - Vulnerability in Microsoft Exchange Could Allow Remote
Code Execution (916803)
- Affected Software:
- Microsoft Exchange Server 2003 Service Pack 1
- Microsoft Exchange Server 2003 Service Pack 2
- Microsoft Exchange Server 2000 with the Exchange 2000
Post-Service Pack 3 Update Rollup of August 2004
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-020 - Vulnerabilities in Macromedia Flash Player from Adobe
Could Allow Remote Code Execution (913433)
- Affected Software:
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Review the FAQ section of bulletin MS06-O20 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)
- Impact: Remote Code Execution
- Version Number: 1.0
Moderate Security Bulletins
===========================
MS06-018 - Vulnerability in Microsoft Distributed Transaction
Coordinator Could Allow Denial of Service (913580)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems
- Impact: Denial of Service
- Version Number: 1.0
Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions,
and Update Deployment Information please read
the Microsoft Security Bulletin Summary for this
month at: http://go.microsoft.com/fwlink/?LinkId=64680
Microsoft Security Bulletin Re-Releases
Issued: April 25, 2006
Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.
* MS06-015
Bulletin Information:
=====================
* MS06-015
- http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx
- Reason for Revision: This bulletin has been re-released to
advise customers that revised versions of the security update
are available for all products listed in the "Affected Software"
section. Customers who have already applied the MS06-015 update
who are not experiencing the problem need take no action. For
additional information, see "Why did Microsoft reissue this
bulletin on April 25, 2006." in "Frequently asked questions
(FAQ) related to this security update" section.
- Originally posted: April 11, 2006
- Updated: April 25, 2006
- Bulletin Severity Rating: Critical
- Version: 2.0
Title: Microsoft Security Bulletin Re-Releases
Issued: April 11, 2006
Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.
MS06-005
Bulletin Information:
=====================
MS06-005
- http://www.microsoft.com/technet/security/bulletin/ms06-005.mspx
- Reason for Revision: Microsoft updated this bulletin today to
advise customers that revised versions of the security update
are available for Microsoft Windows Media Player 10 when
installed on Windows XP Service Pack 1 or Windows XP Service
Pack 2, listed in the "Affected Components" section. For more
information, see on "What are the known issues that customers
may experience when they install this security update?"
We revised this update to report an issue when a user tries to
seek, fast rewind, or fast forward when using Windows Media
Player 10
- Originally posted: February 14, 2006
- Updated: April 11, 2006
- Bulletin Severity Rating: Critical
- Version: 2.0
Title: Microsoft Security Bulletin Summary for April 2006
Issued: April 11, 2006
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=64680
Summary:
========
This advisory contains information about all security updates
released this month. It is broken down by security bulletin severity.
Critical Security Bulletins
===========================
MS06-013 - Cumulative Security Update for Internet Explorer (912812)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Review the FAQ section of bulletin MS06-O15 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-014 - Vulnerability in the Microsoft Data Access Components
(MDAC) Function Could Allow Code Execution (911562)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Review the FAQ section of bulletin MS06-O15 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-015 - Cumulative Security Update for Internet Explorer (912812)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Review the FAQ section of bulletin MS06-O15 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)
- Impact: Remote Code Execution
- Version Number: 1.0
Important Security Bulletins
============================
MS06-016 - Cumulative Security Update for Outlook Express (911567)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Review the FAQ section of bulletin MS0X-OYZ for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)
- Impact: Remote Code Execution
- Version Number: 1.0
Moderate Security Bulletins
===========================
MS06-017 - Vulnerability in Microsoft FrontPage Server Extensions
Could Allow Cross-Site Scripting (917627)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Microsoft SharePoint Team Service
- Review the FAQ section of bulletin MS0X-OYZ for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)
- Impact: Remote Code Execution
- Version Number: 1.0
Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details,Workarounds, answers to
Frequently Asked Questions, and Update Deployment Information please read
the Microsoft Security Bulletin Summary for this month at:
http://go.microsoft.com/fwlink/?LinkId=64680
Title: Microsoft Security Bulletin Summary
for March 2006
Issued: March 14, 2006
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=63209
Summary:
========
This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.
Critical Security Bulletins
===========================
Affected Software:
Important Security Bulletins
============================
MS06-011 - Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798)
Update Availability:
===================
Updates are available to address these issues. For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=63209
Title: Microsoft Security Bulletin Re-Release
for January 2006
Issued: January 10, 2006
Version Number: 2.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=58872
Summary:
========
This advisory contains information about additional security updates released
this month. It is broken down by security bulletin severity.
Critical Security Bulletins
===========================
MS06-001 - Vulnerability in Graphics Rendering Engine Could Allow Remote
Code Execution (912919)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 x64 Edition
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Review the FAQ section of bulletin MS06-001 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-002 - Vulnerability in Embedded Web Fonts Could Allow Remote Code
Execution (908519)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 x64 Edition
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Review the FAQ section of bulletin MS06-002 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-003 - Vulnerability in TNEF Decoding in Microsoft Outlook and
Microsoft Exchange Could Allow Remote Code Execution (902412)
- Affected Software:
- Microsoft Office 2000 Service Pack 3
- Windows Microsoft Office XP Service Pack 3
- Microsoft Office 2003 Service Pack 1
- Microsoft Office 2003 Service Pack 2
- Microsoft Exchange Server 5.0 Service Pack 2
- Microsoft Exchange Server 5.5 Service Pack 4
- Microsoft Exchange 2000 Server Pack 3 with the Exchange
2000
Post-Service Pack 3 Update Rollup of August 2004
- Impact: Remote Code Execution
- Version Number: 1.0
Update Availability:
===================
An updates are available to address these issues. For additional information,
including Technical Details, Workarounds, answers to Frequently Asked Questions,
and Update Deployment Information please read the Microsoft Security Bulletin
Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=58872
Title: Microsoft Security Bulletin Re-Release for
January 2006
Issued: January 10, 2006
Version Number: 2.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=58872
Summary:
========
This advisory contains information about additional security updates released
this month. It is broken down by security bulletin severity.
Critical Security Bulletins
===========================
MS06-001 - Vulnerability in Graphics Rendering Engine Could Allow Remote
Code Execution (912919)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 x64 Edition
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Review the FAQ section of bulletin MS06-001 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-002 - Vulnerability in Embedded Web Fonts Could Allow Remote Code
Execution (908519)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 x64 Edition
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Review the FAQ section of bulletin MS06-002 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-003 - Vulnerability in TNEF Decoding in Microsoft Outlook and
Microsoft Exchange Could Allow Remote Code Execution (902412)
- Affected Software:
- Microsoft Office 2000 Service Pack 3
- Windows Microsoft Office XP Service Pack 3
- Microsoft Office 2003 Service Pack 1
- Microsoft Office 2003 Service Pack 2
- Microsoft Exchange Server 5.0 Service Pack 2
- Microsoft Exchange Server 5.5 Service Pack 4
- Microsoft Exchange 2000 Server Pack 3 with the Exchange
2000
Post-Service Pack 3 Update Rollup of August 2004
- Impact: Remote Code Execution
- Version Number: 1.0
Update Availability:
===================
An updates are available to address these issues. For additional information,
including Technical Details, Workarounds, answers to Frequently Asked Questions,
and Update Deployment Information please read the Microsoft Security Bulletin
Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=58872
Title: Microsoft Security Bulletin Summary for
January 2006
Issued: January 05, 2006
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=58471
********************************************************************
Summary:
========
This advisory contains information about all security updates released this
month. It is broken down by security bulletin severity.
Critical Security Bulletins
===========================
MS06-001 - Vulnerability in Graphics Rendering Engine Could Allow Remote Code
Execution (912919)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 x64 Edition
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Review the FAQ section of bulletin MS06-O1 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)
- Impact: Remote Code Execution
- Version Number: 1.0
Update Availability:
===================
An update is available to address these issues. For additional information,
including Technical Details, Workarounds, answers to Frequently Asked Questions,
and Update Deployment Information please read the Microsoft Security Bulletin
Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=58471
| Release Date: | 2005-12-28 |
| Last Update: | 2005-12-29 |
| Critical: |  Extremely critical |
| Impact: | System access |
| Where: | From remote |
| Solution Status: | Unpatched See
Also: Microsoft
Security Advisory (912840) |
| OS: | Microsoft Windows
Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows XP Home Edition Microsoft Windows XP Professional |
| Description: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of Windows Metafile files (".wmf") containing specially crafted SETABORTPROC "Escape" records. Such records allow arbitrary user-defined function to be executed when the rendering of a WMF file fails. This can be exploited to execute arbitrary code by tricking a user into opening a malicious ".wmf" file in "Windows Picture and Fax Viewer" or previewing a malicious ".wmf" file in explorer (i.e. opening a folder containing a malicious image file). The vulnerability can also be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer. NOTE: Exploit code is publicly available. This is being exploited in the wild. The vulnerability can also be triggered from explorer if the malicious file has been saved to a folder and renamed to other image file extensions like ".jpg", ".gif, ".tif", and ".png" etc. The vulnerability has been confirmed on a fully patched system running Microsoft Windows XP SP2. Microsoft Windows XP SP1 and Microsoft Windows Server 2003 SP0 / SP1 are reportedly also affected. Other platforms may also be affected. Solution: Do not save, open or preview untrusted image files from email or other sources, or open untrusted folders and network shares in explorer. Set security level to "High" in Microsoft Internet Explorer to prevent automatic exploitation. The risks can be mitigated by unregistering "Shimgvw.dll" (See 
Bo
Explains the Regsvr32 tool). However, this will disable
certain functionalities. BLCOW dose not recommend the use of this
workaround on production systems until it has been thoroughly tested. |
|
New arrivals:
Plus, check out these other great update notices. Never go without a fix again.
Did you miss an update or security patch? That just will not due will it? View the bug
fixes by the month.
Not to sure if you need a cerain fix, patch, or update? Use the MBSA
Tool to scan your computer for security misconfigurations, vulnerabilities, and
missing hotfixes.
Check out these other tools from Microsoft:
Hotfixes
For additional information about the steps Microsoft has taken to improve the security bulletin release process, read the white paper or register for the webcast.
“Many of life’s failures are people who did not realize how close they were to success when they gave up.” – Thomas Edison
