PDA

View Full Version : Critical Microsoft Security Patches



aabhisheksirohi
August 16th, 2006, 01:04 PM
Microsoft has released the following security bulletins for newly discovered vulnerabilities:
* Critical MS06-040 Microsoft Windows Remote Code Execution
* Critical MS06-041 Microsoft Windows Remote Code Execution
* Critical MS06-042 Microsoft Windows Remote Code Execution
* Critical MS06-043 Microsoft Windows Remote Code Execution
* Critical MS06-044 MS Windows 2000 Remote Code Execution
* Important MS06-045 Microsoft Windows Remote Code Execution
* Critical MS06-046 Microsoft Windows Remote Code Execution
* Critical MS06-047 Microsoft Office Applications or Applications
that use Visual Basic for Applications Remote Code Execution
* Critical MS06-048 Microsoft PowerPoint Remote Code Execution
* Important MS06-049 Microsoft Windows Elevation of Privilege
* Important MS06-050 Microsoft Windows Remote Code Execution
* Critical MS06-051 Microsoft Windows Remote Code Execution
Kindly Update the same on an urgent basis.
================================================
Security Bulletin Details
================================================
MS06-040
Title: Vulnerability in Server Service Could Allow Remote Code Execution (KB921883)
Executive Summary:
This update resolves a privately disclosed vulnerability as well as additional issues discovered through internal investigations. An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft strongly recommends that customers apply this update immediately. If customers will be delayed in installing MS06-040, Microsoft recommends that they implement the workarounds discussed in the MS06-040 bulletin.
Affected Software:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: You must restart your system after you apply this security update.

http://www.microsoft.com/technet/security/bulletin/MS06-040.mspx
************************************************** ****************
MS06-041
Title: Vulnerability in DNS Resolution Could Allow Remote Code Execution (KB920683)
Executive Summary:
This update resolves several newly discovered, privately reported, vulnerabilities. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Software:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical

http://www.microsoft.com/technet/security/bulletin/MS06-041.mspx

aabhisheksirohi
August 16th, 2006, 01:11 PM
MS06-042
Title: Cumulative Security Update for Internet Explorer (KB918899)
Executive Summary:
This update resolves several newly discovered, publicly and privately reported vulnerabilities. If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights
Affected Software:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Affected Components:
* Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
* Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
* Internet Explorer 6 for Microsoft Windows XP Service Pack 2
* Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
* Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
* Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical

http://www.microsoft.com/technet/security/bulletin/MS06-042.mspx (http://www.microsoft.com/technet/security/bulletin/MS06-042.mspx)
MS06-043
Title: Vulnerability in Microsoft Windows Could Allow Remote Code Execution (KB920214)
Executive Summary:
This update resolves a newly-discovered, publicly-reported vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Affected Software:
* Microsoft Windows XP Service Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 Service Pack 1
* Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Affected Components:
* Outlook Express 6 on Microsoft Windows XP Service Pack 2
* Outlook Express 6 on Microsoft Windows XP Professional x64 Edition
* Outlook Express 6 on Microsoft Windows Server 2003 Service Pack 1
* Outlook Express 6 on Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Outlook Express 6 on Microsoft Windows Server 2003 x64 Edition
Non-Affected Software:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1
* Microsoft Windows Server 2003
* Microsoft Windows Server 2003 for Itanium-based Systems
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical

http://www.microsoft.com/technet/security/bulletin/MS06-043.mspx (http://www.microsoft.com/technet/security/bulletin/MS06-043.mspx) (http://www.microsoft.com/technet/security/bulletin/MS06-044.mspx)

aabhisheksirohi
August 16th, 2006, 01:13 PM
MS06-044
Title: Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (KB917008)
Executive Summary:
This update resolves a newly discovered, privately reported vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Software:
* Microsoft Windows 2000 Service Pack 4
Non-Affected Software:
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical

http://www.microsoft.com/technet/security/bulletin/MS06-044.mspx
************************************************** ****************
MS06-045
Title: Vulnerability in Windows Explorer Could Allow Remote Code Execution (KB921398)
Executive Summary:
This update resolves a newly-discovered, publicly-reported vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Affected Software:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important

http://www.microsoft.com/technet/security/bulletin/MS06-045.mspx

aabhisheksirohi
August 16th, 2006, 01:14 PM
MS06-046
Title: Vulnerability in HTML Help Could Allow Remote Code Execution (KB922616)
Executive Summary:
This update resolves a newly discovered, publicly reported vulnerability as well as additional issues discovered through internal investigations. On vulnerable versions of Windows, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Affected Software:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical

http://www.microsoft.com/technet/security/bulletin/MS06-046.mspx
************************************************** ****************
MS06-047
Title: Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (KB921645)
Executive Summary:
This update resolves a newly discovered, privately reported vulnerability. On vulnerable versions of Office or Microsoft Visual Basic for Applications, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Affected Software:
* Microsoft Office 2000 Service Pack 3
* Microsoft Project 2000 Service Release 1
* Microsoft Access 2000 Runtime Service Pack 3
* Microsoft Office XP Service Pack 3
* Microsoft Project 2002 Service Pack 1
* Microsoft Visio 2002 Service Pack 2
* Microsoft Works Suites:
* Microsoft Works Suite 2004
* Microsoft Works Suite 2005
* Microsoft Works Suite 2006
* Microsoft Visual Basic for Applications SDK 6.0
* Microsoft Visual Basic for Applications SDK 6.2
* Microsoft Visual Basic for Applications SDK 6.3
* Microsoft Visual Basic for Applications SDK 6.4
Non-Affected Software:
* Microsoft Office 2003 Service Pack 1 and Microsoft Office 2003 Service Pack 2
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical

http://www.microsoft.com/technet/security/bulletin/MS06-047.mspx

aabhisheksirohi
August 16th, 2006, 01:17 PM
MS06-048
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (KB922968)
Executive Summary:
This update resolves two newly discovered privately reported and public vulnerabilities. When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Affected Software:
* Microsoft Office 2000 Service Pack 3
* Microsoft PowerPoint 2000
* Microsoft Office XP Service Pack 3
* Microsoft PowerPoint 2002
* Microsoft Office 2003 Service Pack 1 or Service Pack 2
* Microsoft Office PowerPoint 2003
* Microsoft Office 2004 for Mac
* PowerPoint 2004 for Mac
* Microsoft Office v. X for Mac
* PowerPoint 2004 v. X for Mac
Non-Affected Software:
* Microsoft PowerPoint 2003 Viewer
* Microsoft Works Suites:
* Microsoft Works Suite 2004
* Microsoft Works Suite 2005
* Microsoft Works Suite 2006
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical

http://www.microsoft.com/technet/security/bulletin/MS06-048.mspx
MS06-049
Title: Vulnerability in Windows Kernel Could Result in Elevation of Privilege (KB920958)
Executive Summary:
This update resolves a newly discovered, publicly reported vulnerability and additional issues discovered through internal investigations. An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Software:
* Microsoft Windows 2000 Service Pack 4
Non-Affected Software:
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Impact of Vulnerability: Elevation of Privilege
Maximum Severity Rating: Important

http://www.microsoft.com/technet/security/bulletin/MS06-049.mspx

aabhisheksirohi
August 16th, 2006, 01:18 PM
MS06-050
Title: Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (KB920670)
Executive Summary:
This update resolves two newly discovered vulnerabilities. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required for an attacker to exploit these vulnerabilities.
Affected Software:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important

http://www.microsoft.com/technet/security/bulletin/MS06-050.mspx (http://www.microsoft.com/technet/security/bulletin/MS06-050.mspx)
MS06-051
Title: Vulnerability in Windows Kernel Could Result in Remote Code Execution (KB917422)
Executive Summary:
This update resolves newly discovered, privately reported vulnerabilities and additional issues discovered through internal investigations. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Software:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical

http://www.microsoft.com/technet/security/bulletin/MS06-051.mspx (http://www.microsoft.com/technet/security/bulletin/MS06-051.mspx)
MS05-004 (Re-release)
Title: ASP.NET Path Validation Vulnerability (KB887219)
Reason for Re-release:
* Added Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 x64 Edition for .NET Framework 1.1 Service Pack 1 as affected software.
* Users of these versions should apply newly released updates
* Users who previously applied the update do not need to take any further action
Impact of Vulnerability: Information Disclosure, possible Elevation of Privilege
http://www.microsoft.com/technet/security/bulletin/MS05-004.mspx