Please see details below regarding this months security bulleting release.

What is this alert?

 

This alert is to provide you with an overview of Security Bulletins released on 10 October 2006.

 

================================================

New Security Bulletins

================================================

 

Microsoft is releasing the following security bulletins for newly discovered vulnerabilities:

 

MAXIMUM SEVERITY

BULLETIN NUMBER

PRODUCTS AFFECTED

IMPACT

Moderate

MS06-056

Microsoft Windows .NET Framework 2.0

Information Disclosure

Critical

MS06-057

Microsoft Windows

Remote Code Execution

Critical

MS06-058

Microsoft Office

Remote Code Execution

Critical

MS06-059

Microsoft Office

Remote Code Execution

Critical

MS06-060

Microsoft Office

Remote Code Execution

Critical

MS06-061

Microsoft Windows or Office

Remote Code Execution

Critical

MS06-062

Microsoft Office

Remote Code Execution

Important

MS06-063

Microsoft Windows

Denial of Service

Low

MS06-064

Microsoft Windows

Denial of Service

Important

MS06-065

Microsoft Windows

Remote Code Execution

 

Summaries for these new bulletins may be found here.

 

Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable.

 

================================================

Microsoft Windows Malicious Software Removal Tool

================================================

 

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here:

 

 

================================================

High-Priority Non-Security Updates on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS)

================================================

 

Microsoft is today also making the following High-Priority NON-SECURITY updates available on WU, MU, SUS and WSUS:

 

KB NUMBER

TITLE

Available via:

912580

Update for Outlook 2003 Junk E-Mail Filter

MU

923097

Update for Office 2003

MU

 

================================================

TechNet Webcast: Information about Microsoft August 2006 Security Bulletins

================================================

 

Information about Microsoft October 2006 Security Bulletins (Level 200)

 

Wednesday, 11 October 2006 11:00 AM (GMT-08:00) Pacific Time (US & Canada) Click here

 

The on-demand version of the webcast will be available 24 hours after the live webcast here:

 

 

================================================

Security Bulletin Details

================================================

 

MS06-056

 

Title:  Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770)

 

Affected Software:

Microsoft .NET Framework 2.0 for the following operating system versions:

·         Microsoft Windows 2000 Service Pack 4

·         Microsoft Windows XP Service Pack 1 or Windows XP Service Pack 2

·         Microsoft Windows XP Professional x64 Edition

·         Microsoft Windows XP Tablet PC Edition

·         Microsoft Windows XP Media Center Edition

·         Microsoft Windows Server 2003 or Microsoft Windows Server 2003 Service Pack 1

·         Microsoft Windows Server 2003 for Itanium-based Systems or Windows Server 2003 with SP1 for Itanium-based Systems

·         Microsoft Windows Server 2003 x64 Edition

 

Affected Components:

·         Microsoft .NET Framework 2.0

 

Non-Affected Software:

·         Microsoft .NET Framework 1.0

·         Microsoft .NET Framework 1.1

 

Impact of Vulnerability:  Information Disclosure

 

Maximum Severity Rating:  Moderate

 

Restart Requirement:  This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

 

To help reduce the chance that a reboot will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012.

 

Update Can Be Uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel.

 

More information on this vulnerability is available  here

 

******************************************************************

 

MS06-057

 

Title:  Vulnerability in Windows Explorer Could Allow Remote Execution (923191)

 

Affected Software:

·         Microsoft Windows 2000 Service Pack 4

·         Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

·         Microsoft Windows XP Professional x64 Edition

·         Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

·         Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

·         Microsoft Windows Server 2003 x64 Edition

 

Impact of Vulnerability:  Remote Code Execution

 

Maximum Severity Rating:  Critical

 

Restart Requirement:  You must restart your system after you apply this security update.

 

Update Can Be Uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel.

 

More information on this vulnerability is available here:

 

******************************************************************

MS06-058

 

Title:  Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)

 

Affected Software:

·         Microsoft Office 2000 Service Pack 3

·         Microsoft PowerPoint 2000

·         Microsoft Office XP Service Pack 3

·         Microsoft PowerPoint 2002

·         Microsoft Office 2003 Service Pack 1 or Service Pack 2

·         Microsoft Office PowerPoint 2003

·         Microsoft Office 2004 for Mac

·         Microsoft PowerPoint 2004 for Mac

·         Microsoft Office v. X for Mac

·         Microsoft PowerPoint v. X for Mac

 

Non-Affected Software:

·         Microsoft PowerPoint 2003 Viewer

 

Impact of Vulnerability:  Remote Code Execution

 

Maximum Severity Rating:  Critical

 

Restart Requirement:  Varies depending on which update is being installed (Office version, Operating System). See the Security Bulletin - linked below for more details.

 

Update Can Be Uninstalled: Varies depending on which update is being installed (Office version, Operating System). See the Security Bulletin - linked below for more details.

 

More information on this vulnerability is available here:

 

******************************************************************

 

MS06-059

 

Title:  Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164)

 

Affected Software:

·         Microsoft Office 2000 Service Pack 3

·         Microsoft Excel 2000

·         Microsoft Office XP Service Pack 3

·         Microsoft Excel 2002

·         Microsoft Office 2003 Service Pack 1 or Service Pack 2

·         Microsoft Office Excel 2003

·         Microsoft Office Excel Viewer 2003

·         Microsoft Office 2004 for Mac

·         Microsoft Excel 2004 for Mac

·         Microsoft Office v. X for Mac

·         Microsoft Excel v. X for Mac

·         Microsoft Works Suites:

·         Microsoft Works Suite 2004

·         Microsoft Works Suite 2005

·         Microsoft Works Suite 2006

 

Impact of Vulnerability:  Remote Code Execution

 

Maximum Severity Rating:  Critical

 

Restart Requirement:  Varies depending on which update is being installed (Office version, Operating System). See the Security Bulletin - linked below for more details.

 

Update Can Be Uninstalled: Varies depending on which update is being installed (Office version, Operating System). See the Security Bulletin - linked below for more details.

 

More information on this vulnerability is available here:

 

******************************************************************

 

MS06-060

 

Title:  Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)

 

Affected Software:

·         Microsoft Office 2000 Service Pack 3

·         Microsoft Word 2000

·         Microsoft Office XP Service Pack 3

·         Microsoft Word 2002

·         Microsoft Office 2003 Service Pack 1 or Service Pack 2

·         Microsoft Office Word 2003

·         Microsoft Office Word 2003 Viewer

·         Microsoft Works Suites:

·         Microsoft Works Suite 2004

·         Microsoft Works Suite 2005

·         Microsoft Works Suite 2006

·         Microsoft Office 2004 for Mac

·         Microsoft Office v. X for Mac

 

Impact of Vulnerability:  Remote Code Execution

 

Maximum Severity Rating:  Critical

 

Restart Requirement:  Varies depending on which update is being installed (Office version, Operating System). See the Security Bulletin - linked below for more details.

 

Update Can Be Uninstalled: Varies depending on which update is being installed (Office version, Operating System). See the Security Bulletin - linked below for more details.

 

More information on this vulnerability is available here:

 

******************************************************************

 

MS06-061

 

Title:  Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191)

 

Affected Software:

·         Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Windows 2000 Service Pack 4

·         Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Service Pack 1

·         Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Service Pack 2

·         Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Professional x64 Edition

·         Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003

·         Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 Service Pack 1

·         Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

·         Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 x64 Edition

·         Microsoft Office 2003 Service Pack 1 or Service Pack 2 with Microsoft XML Core Services 5.0 Service Pack 1

 

Non-Affected Software:

·         Windows 2000 Service Pack 4 running Microsoft XML Core Services 2.5

·         Microsoft Windows XP Service Pack 1 running Microsoft XML Core Services 2.5

·         Microsoft Windows XP Service Pack 2 running Microsoft XML Core Services 2.5

·         Microsoft Windows Server 2003 running Microsoft XML Core Services 2.5

·         Microsoft Windows Server 2003 Service Pack 1 running Microsoft XML Core Services 2.5

 

Affected Components:

·         Microsoft XML Core Services 4.0 when installed on Windows 2000 Service Pack 4

·         Microsoft XML Core Services 4.0 when installed on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

·         Microsoft XML Core Services 4.0 when installed on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

·         Microsoft XML Core Services 6.0 when installed on Windows 2000 Service Pack 4

·         Microsoft XML Core Services 6.0 when installed on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

·         Microsoft XML Core Services 6.0 when installed on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

 

Impact of Vulnerability:  Remote Code Execution

 

Maximum Severity Rating:  Critical

 

Restart Requirement:  You must restart your system after you apply this security update.

 

Update Can Be Uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel.

 

More information on this vulnerability is available here:

 

******************************************************************

 

MS06-062

 

Title:  Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)

 

Affected Software:

·         Microsoft Office 2000 Service Pack 3

·         Microsoft Access 2000

·         Microsoft Excel 2000

·         Microsoft FrontPage 2000

·         Microsoft Outlook 2000

·         Microsoft PowerPoint 2000

·         Microsoft Publisher 2000

·         Microsoft Word 2000

·         Microsoft Office XP Service Pack 3

·         Microsoft Access 2002

·         Microsoft Excel 2002

·         Microsoft FrontPage 2002

·         Microsoft Outlook 2002

·         Microsoft PowerPoint 2002

·         Microsoft Publisher 2002

·         Microsoft Visio 2002

·         Microsoft Word 2002

·         Microsoft Office 2003 Service Pack 1 or Service Pack 2

·         Microsoft Access 2003

·         Microsoft Excel 2003

·         Microsoft Excel 2003 Viewer

·         Microsoft FrontPage 2003

·         Microsoft InfoPath 2003

·         Microsoft OneNote 2003

·         Microsoft Outlook 2003

·         Microsoft PowerPoint 2003

·         Microsoft Project 2003

·         Microsoft Publisher 2003

·         Microsoft Visio 2003

·         Microsoft Word 2003

·         Microsoft Word 2003 Viewer

·         Microsoft Project 2000 Service Release 1

·         Microsoft Project 2002 Service Pack 2

·         Microsoft Visio 2002 Service Pack 2

·         Microsoft Office 2004 for Mac

·         Microsoft Office v. X for Mac

 

Non-Affected Software:

·         Microsoft PowerPoint 2003 Viewer

·         Microsoft Works Suites:

·         Microsoft Works Suite 2004

·         Microsoft Works Suite 2005

·         Microsoft Works Suite 2006

 

Impact of Vulnerability:  Remote Code Execution

 

Maximum Severity Rating:  Critical

 

Restart Requirement:  Varies depending on which update is being installed (Office version, Operating System). See the Security Bulletin - linked below for more details.

 

Update Can Be Uninstalled: Varies depending on which update is being installed (Office version, Operating System). See the Security Bulletin - linked below for more details.

 

More information on this vulnerability is available here:

 

******************************************************************

 

MS06-063

 

Title:  Vulnerability in Server Service Could Allow Denial of Service (923414)

 

Affected Software:

·         Microsoft Windows 2000 Service Pack 4

·         Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

·         Microsoft Windows XP Professional x64 Edition

·         Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

·         Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

·         Microsoft Windows Server 2003 x64 Edition

 

Impact of Vulnerability:  Denial of Service

 

Maximum Severity Rating:  Important

 

Restart Requirement:  You must restart your system after you apply this security update.

 

Update Can Be Uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel.

 

More information on this vulnerability is available here:

 

******************************************************************

 

MS06-064

 

Title:  Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819)

 

Affected Software:

·         Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

·         Microsoft Windows XP Professional x64 Edition

·         Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

·         Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

·         Microsoft Windows Server 2003 x64 Edition

 

Non-Affected Software:

·         Microsoft Windows 2000 Service Pack 4

 

Impact of Vulnerability:  Denial of Service

 

Maximum Severity Rating:  Low

 

Restart Requirement:  You must restart your system after you apply this security update.

 

Update Can Be Uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel.

 

More information on this vulnerability is available here:

 

******************************************************************

 

MS06-065

 

Title:  Vulnerability in Windows Object Packager Could Allow Remote Execution (924496)

 

Affected Software:

·         Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

·         Microsoft Windows XP Professional x64 Edition

·         Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

·         Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

·         Microsoft Windows Server 2003 x64 Edition

 

Non-Affected Software:

·         Microsoft Windows 2000 Service Pack 4

 

Impact of Vulnerability:  Remote Code Execution

 

Maximum Severity Rating:  Moderate

 

Restart Requirement:  You must restart your system after you apply this security update.

 

Update Can Be Uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel.

 

More information on this vulnerability is available here:

Cheers, Jeffa