PDA

View Full Version : Microsoft Security Bulletins 14 February 2006

NICK ADSL UK
February 14th, 2006, 01:28 PM
This security bulletin courtesy of Ms. Donna Buenaventura [MVP]

Microsoft released this month's security bulletins affecting Windows and Microsoft Office. Also affecting Windows Media Player and Internet Explorer (components in Windows):

Bulletins:

2 Critical Bulletins
MS06-004 (http://www.microsoft.com/technet/security/bulletin/MS06-004.mspx) - Cumulative Security Update for Internet Explorer (910620)
MS06-005 (http://www.microsoft.com/technet/security/bulletin/MS06-005.mspx) - Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)
5 Important Bulletins
MS06-006 (http://www.microsoft.com/technet/security/bulletin/MS06-006.mspx) - Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)
MS06-007 (http://www.microsoft.com/technet/security/bulletin/MS06-007.mspx) - Vulnerability in TCP/IP Could Allow Denial of Service (913446)
MS06-008 (http://www.microsoft.com/technet/security/bulletin/MS06-008.mspx) - Vulnerability in Web Client Service Could Allow Remote Code Execution (911927)
MS06-009 (http://www.microsoft.com/technet/security/bulletin/MS06-009.mspx) - Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)
MS06-010 (http://www.microsoft.com/technet/security/bulletin/MS06-010.mspx) - Vulnerability in PowerPoint 2000 Could Allow Information Disclosure (889167)

Summary:
View the Bulletin Summary (http://www.microsoft.com/technet/security/bulletin/ms06-feb.mspx) in Microsoft website.

Reminder:
As always, download the updates only from the vendors website - visit Windows Update (http://www.windowsupdate.com/) and Office Update (http://office.microsoft.com/OfficeUpdate/) or Microsoft Update (http://update.microsoft.com/microsoftupdate) websites. You may also get the updates thru Automatic Updates (http://www.microsoft.com/athome/security/update/bulletins/automaticupdates.mspx) functionality in Windows system.

Webcast:
Microsoft will host a webcast (http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032288940&EventCategory=4&culture=en-US&CountryCode=US) on the above security bulletins. The webcast focuses on addressing your questions and concerns about the security bulletins. Therefore, most of the live webcast is aimed at giving you the opportunity to ask questions and get answers from their security experts.

Start Time: Wednesday, February 15, 2006 11:00 AM (GMT-08:00) Pacific Time (US & Canada)
End Time: Wednesday, February 15, 2006 12:00 PM (GMT-08:00) Pacific Time (US & Canada)

Security Tool:
Find out if you are missing important Microsoft product updates by using MBSA (http://www.microsoft.com/technet/security/tools/mbsahome.mspx)
NICK ADSL UK
February 14th, 2006, 02:17 PM
Re: Microsoft Security Bulletins 14 February 2006
http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
NICK ADSL UK
February 14th, 2006, 04:11 PM
MS06-007 - Vulnerability in TCP/IP Could Allow Denial of Service (913446)

It has been reported that the MS06-007 - Vulnerability in TCP/IP Could Allow Denial of Service (913446) failed to install using AU or MU.

Microsoft is now aware and investigating the issue.

If this should happen and you receive a failed install then please update and install MS06-007 update manually.

http://www.microsoft.com/technet/security/bulletin/ms06-007.mspx
chachazz
February 14th, 2006, 04:27 PM
Microsoft® Windows® Malicious Software Removal Tool (KB890830)
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found.

File Name: Windows-KB890830-V1.13.exe
Version: 1.13
Knowledge Base (KB) Articles:KB890830
Date Published: 2/14/2006
Language: English
Download Size: 1.4 MB

Download: Microsoft Malicious Software Tool» (http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en)

Families Cleaned by the Malicious Software Removal Tool
The following malicious software was added this release.
•Alcan
•Badtrans
•Eyeveg
•Magistr
View Complete List» (http://www.microsoft.com/security/malwareremove/families.mspx)
NICK ADSL UK
February 15th, 2006, 04:14 AM
Microsoft Security Bulletin Minor Revisions

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS06-007

Bulletin Information:
=====================

* MS06-007

http://www.microsoft.com/technet/security/bulletin/MS06-007.mspx

- Reason for revision: Security Update FAQ Section updated to reflect an issue, now resolved, that affected the deployment of this update through Automatic Update, Windows Update, Microsoft Update, Windows Server Update Services and Systems Management Server 2003 when using the Inventory Tool for Microsoft Updates.
- Originally posted: February 14, 2006
- Updated: February 14, 2006
- Bulletin Severity Rating: Important
- Version: 1.1
NICK ADSL UK
February 17th, 2006, 12:58 PM
Microsoft Security Bulletin Advance Notification (http://www.microsoft.com/technet/security/bulletin/advance.mspx)
Updated: February 14, 2006

-{ Quote: "The next Security Bulletin Advance Notification is scheduled for March 9, 2006, and will outline information for the March 14, 2006 security bulletin release." }-

Register for the webcast:

http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032290677&EventCategory=4&culture=en-US&CountryCode=US

Microsoft will host on March 15 (the day after releasing the scheduled security bulletin) the security bulletins. The webcast focuses on addressing your questions and concerns about the security bulletins. Therefore, most of the live webcast is aimed at giving you the opportunity to ask questions and get answers from their security experts.

Start Time: Wednesday, March 15, 2006 11:00 AM (GMT-08:00) Pacific Time (US & Canada)
End Time: Wednesday, March 15, 2006 12:00 PM (GMT-08:00) Pacific Time (US & Canada)

Presenter: Christopher Budd, CISA, CISM, CISSP, ISSMP Security Program Manager, PSS Security, Microsoft Corporation and Stephen Toulouse, Security Program Manager, Microsoft Corporation
NICK ADSL UK
February 23rd, 2006, 07:58 AM
Update for Windows XP KB913538

Update for Windows XP KB913538 Genuine Windows download
Brief Description
Install this update to prevent Windows Management Instrumentation enumerations from being canceled before the client computer can finish using the enumerations.

Overview
Install this update to prevent Windows Management Instrumentation enumerations from being canceled before the client computer can finish using the enumerations. After you install this item, you may have to restart your computer.

http://www.microsoft.com/downloads/details.aspx?FamilyID=abbd10a1-855d-4555-8c0e-eb67c93cfc27&DisplayLang=en
NICK ADSL UK
March 10th, 2006, 03:55 AM
The following bulletins have undergone a minor revision increment.

Please see the appropriate bulletin for more details.

* MS06-009
* MS06-005
* MS05-054
* MS05-013

Bulletin Information:
=====================

* MS06-009
- http://www.microsoft.com/technet/security/...n/MS06-009.mspx (http://www.microsoft.com/technet/security/bulletin/MS06-009.mspx)
- Reason for revision: Bulletin revised: Executive Summary updated to clarify the criteria for a successful attack, updated the workarounds section to provide clarity for TCP port 4125.
- Originally posted: February 14,2006
- Updated: March 8,2006
- Bulletin Severity Rating: Important
- Version: 1.1

* MS06-005
- http://www.microsoft.com/technet/security/...n/MS06-005.mspx (http://www.microsoft.com/technet/security/bulletin/MS06-005.mspx)
- Reason for revision: Bulletin revised: "Caveats" section updated due to new issues discovered with the security update.Users may experience issues when they try to seek,fast rewind,or fast forward in Windows Media Player 10.
- Originally posted: February 14,2006
- Updated: March 8,2006
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS05-054
- http://www.microsoft.com/technet/security/...n/MS05-054.mspx (http://www.microsoft.com/technet/security/bulletin/MS05-054.mspx)
- Reason for revision: Bulletin revised to add acknowledgment for CAN-2005-1790.
- Originally posted: December 13,2005
- Updated: March 8,2006
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS05-013
- http://www.microsoft.com/technet/security/...n/MS05-013.mspx (http://www.microsoft.com/technet/security/bulletin/MS05-013.mspx)
- Reason for revision: Bulletin revised due to new issues discovered with the security update: "Microsoft Knowledge Base Article 906216: The Dhtmled.ocx ActiveX control does not work as expected after a program changes the Visible property of the Dhtmled.ocx control."
- Originally posted: February 8,2005
- Updated: March 8,2006
- Bulletin Severity Rating: Critical
- Version: 1.2