Microsoft Security Bulletin Summary for August, 2006

Critical (9)

Bulletin Identifier Microsoft Security Bulletin MS06-040
Vulnerability in Server Service Could Allow Remote Code Execution 921883
http://www.microsoft.com/technet/security/Bulletin/MS06-040.mspx


Bulletin Identifier Bulletin Identifier Microsoft Security Bulletin MS06-041
Vulnerability in DNS Resolution Could Allow Remote Code Execution 920683
http://www.microsoft.com/technet/security/Bulletin/MS06-041.mspx

Bulletin Identifier Microsoft Security Bulletin MS06-042
Cumulative Security Update for Internet Explorer 918899
http://www.microsoft.com/technet/security/Bulletin/MS06-042.mspx

Bulletin Identifier Microsoft Security Bulletin MS06-043
Vulnerability in Microsoft Windows Could Allow Remote Code Execution 920214
http://www.microsoft.com/technet/security/Bulletin/MS06-044.mspx

Bulletin Identifier Microsoft Security Bulletin MS06-044
Vulnerability in Microsoft Management Console Could Allow Remote Code Execution 917008
http://www.microsoft.com/technet/security/Bulletin/MS06-045.mspx

Bulletin Identifier Microsoft Security Bulletin MS06-045
Vulnerability in Windows Explorer Could Allow Remote Code Execution 921398
http://www.microsoft.com/technet/security/Bulletin/MS06-045.mspx

Bulletin Identifier Microsoft Security Bulletin MS06-046
Vulnerability in HTML Help Could Allow Remote Code Execution 922616
http://www.microsoft.com/technet/security/Bulletin/MS06-046.mspx

Bulletin Identifier Microsoft Security Bulletin MS06-047
Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution 921645
http://www.microsoft.com/technet/security/Bulletin/MS06-047.mspx

Bulletin Identifier Microsoft Security Bulletin MS06-048
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution 922968
http://www.microsoft.com/technet/security/Bulletin/MS06-048.mspx

Bulletin Identifier Microsoft Security Bulletin MS06-051
Vulnerability in Windows Kernel Could Result in Remote Code Execution 917422
http://www.microsoft.com/technet/security/Bulletin/MS06-051.mspx

Important (3)
Bulletin Identifier Microsoft Security Bulletin MS06-045
Vulnerability in Windows Explorer Could Allow Remote Code Execution 921398
http://go.microsoft.com/fwlink/?LinkId=69730

Bulletin Identifier Microsoft Security Bulletin MS06-049
Vulnerability in Windows Kernel Could Result in Elevation of Privilege 920958
http://www.microsoft.com/technet/security/Bulletin/MS06-049.mspx

Bulletin Identifier Microsoft Security Bulletin MS06-050
Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution 920670
http://www.microsoft.com/technet/security/Bulletin/MS06-050.mspx

Re-Released Bulletins:
ASP.NET Path Validation Vulnerability (887219)
http://www.microsoft.com/technet/security/Bulletin/ms05-004.mspx

Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)
http://www.microsoft.com/technet/security/Bulletin/ms06-039.mspx

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Webcast:
Microsoft will host a webcast tomorrow. The webcast focuses on addressing your questions and concerns about the security bulletins. Therefore, most of the live webcast is aimed at giving you the opportunity to ask questions and get answers from their security experts.

Start Time: Wednesday, August 09, 2006 11:00 AM Pacific Time (US & Canada)
End Time: Wednesday, August 09, 2006 12:00 PM Pacific Time (US & Canada)

Presenter: Christopher Budd, CISA, CISM, CISSP, ISSMP Security Program Manager, PSS Security, Microsoft Corporation and Mike Reavey, Lead Security Program Manager, Microsoft Corporation

Security Tool:
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft® Windows® Malicious Software Removal Tool (KB890830)

The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Server 2003, Windows XP, or Windows 2000
View products that this article applies to.
Article ID : 890830
Last Review : August 8, 2006
Revision : 23.0
http://support.microsoft.com/?kbid=890830

Families Cleaned by the Malicious Software Removal Tool
Additions Are Made Each Month to Address the Latest Threats
Published: April 12, 2005 | Updated: August 8, 2006


Run the tool from the Microsoft.com Web site, or download the tool and run it locally on your computer.

The Microsoft Windows Malicious Software Removal Tool removes specific, prevalent malicious software families from computers running compatible versions of Windows. Microsoft releases a new version of the tool on the second Tuesday of every month, and as needed to respond to security incidents.

New Malicious Software
The following malicious software was added this release.

• Banker

• Jeefo

http://www.microsoft.com/security/malwareremove/families.mspx

Download>>>
http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

 

Microsoft August 2006 Security Releases ISO Image
August 2006 Security Releases ISO Image
Brief Description
These ISO-9660 CD image files contain the security updates for Windows released on Windows Update on August 8th, 2006.

Quick Details
Version: 913086
Security Bulletins: MS06-040 MS06-041 MS06-042 MS06-043 MS06-044 MS06-045 MS06-046 MS06-049 MS06-050 MS06-051
Knowledge Base (KB) Articles: KB921883 KB920683 KB918899 KB920214 KB917008 KB921398 KB922616 KB920958 KB920670 KB917422

Date Published: 8/7/2006
Language: English
Download Size: 243.4 MB - 1360.5 MB*
*Download size depends on selected download components.

Overview
These ISO-9660 CD image files contain the security updates for Windows released on Windows Update on August 8th, 2006. They do not contain security updates for other Microsoft products.

These CD images are intended for corporate administrators who manage large multinational organizations, who need to download multiple individual language versions of each security update, and who do not use an automated solution such as WSUS. Use these images to download multiple updates in all languages at the same time.

Caution:
Be sure to check the individual security bulletins at http://www.microsoft.com/technet/security prior to deployment of these updates to ensure that the files have not been updated at a later date.

http://www.microsoft.com/downloads/...84-73be-4e7e-a310-d7a979cc0c98&DisplayLang=en

 

Microsoft Security Advisory (922437)

Exploit Code Published Affecting the Server Service
Published: August 11, 2006 | Updated: August 13, 2006

Microsoft is aware of public reports regarding an attack known as Win32/Graweg exploiting the vulnerability addressed by security update MS06-040.
http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx

Microsoft’s initial investigation of Win32/Graweg verified that it only affects users running Windows 2000 that have not applied the update detailed in MS06-040. Microsoft has activated its emergency response process and is continuing to investigate this issue.

The Microsoft Security Response Alliance partners as well as our own internal teams have determined that there is not widespread customer impact and have rated Win32/Graweb as a Low threat. At this time it does not appear to be a self-replicating internet-wide worm.

Microsoft continues to recommend that customers apply the August updates as soon as possible with additional urgency and consideration given to the update detailed in MS06-040. Customers can ensure that the updates are being installed by enabling the Automatic Updates feature in Windows or by using their deployment infrastructure in their enterprise or small business.

Customers who believe that they are infected or are not sure whether they are infected by Win32/Graweb should visit Safety.live.com and choose "Protection Scan." Additionally, Windows Live OneCare from Microsoft provides detection against Win32/Graweb and its known variants.

Customers who believe they have been attacked should contact their local FBI office or report their situation to www.ic3.gov. Customers outside the U.S. should contact the national law enforcement agency in their country

Customers who believe they are affected can contact Product Support Services. Contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1866-PCSAFETY) and international customers by using any method found at this location: http://support.microsoft.com/security.


Mitigating Factors:

• Customers who have installed the MS06-040 security update are not affected by this vulnerability.

• While installation of the update is the recommended action, customers who have applied the mitigations as identified in MS06-040 will have minimized their exposure and potential exploitability against an attack.

http://www.microsoft.com/technet/security/advisory/922437.mspx

 

After people apply the MS06-042 update, rated "critical" by Microsoft,
IE may crash when certain Web sites are viewed, the company said in a notice on its customer support Web site. The problem affects IE 6 with Service Pack 1 on Windows XP and Windows 2000 systems, it said.

"Microsoft has identified an issue with the security update MS06-042," the company said in a statement Tuesday. It plans to re-release the bulletin and patch on Aug. 22 for all affected users.

The problem occurs when IE users view Web sites that use version 1.1 of HTTP alongside compression, according to Microsoft's notice. HTTP, or hypertext transfer protocol, is the standard protocol used to browse Web sites.

IE users on security mailing lists have reported browser crashes when using PeopleSoft applications that have Web-based interfaces. Others report running into problems when using other applications, including Microsoft's own customer relationship management, or CRM, tools.

Microsoft has a temporary fix available for the problems caused by MS06-042. However, this fix is not available for download; people have to call Microsoft's support line.
http://www.zdnetasia.com/news/security/0,39044215,39390633,00.htm

 

Microsoft Security Advisory (923762)
Microsoft Security Advisory (923762): Long URLs to sites using HTTP 1.1 and compression Could Cause Internet Explorer 6 Service Pack 1 to Unexpectedly Exit

Published: August 22, 2006

On August 15, 2006 Microsoft announced that it would be re-releasing MS06-042 Tuesday, August 22, 2006 to address an issue affecting Internet Explorer 6 Service Pack 1 customers discussed in Microsoft Knowledge Base Article 923762.
http://support.microsoft.com/kb/923762/

Due to an issue discovered in final testing, Microsoft will not be re-releasing MS06-042 today. This update will be re-released for Internet Explorer 6 Service Pack 1 when it meets an appropriate level of quality for broad distribution.

Microsoft is also aware of public reports that this issue can lead to a buffer overrun condition for Internet Explorer 6 Service Pack 1 customers that have applied MS06-042. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time. Microsoft is aggressively investigating the public reports. Only customers using Internet Explorer 6.0 SP1 are affected, all other customers should continue their deployments of MS06-042. Customers using Internet Explorer 6.0 SP 1 should continue their deployment of MS06-042 and follow the existing guidance provided in Knowledge Base article 923762
http://support.microsoft.com/kb/923762/
and the Suggested Actions section of this Security Advisory.

http://www.microsoft.com/technet/security/...ory/923762.mspx

 

Microsoft Security Bulletin MS06-042
Cumulative Security Update for Internet Explorer (918899)
Published: August 8, 2006 | Updated: August 24, 2006

Version: 2.0

Summary
Who should read this document: Customers who use Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: This bulletin replaces several prior security updates. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

Caveats: This Security Bulletin and the Internet Explorer 6 Service Pack 1 security updates have been updated to address an issue documented in Microsoft Knowledge Base Article 923762
Microsoft Knowledge Base Article 923762.

This issue may lead to an additional buffer overrun condition only affecting Internet Explorer 6 Service Pack 1 customers that have applied the original version of that update released August 8th, 2006. The security issue is documented in the Vulnerability Details section as Long URL Buffer Overflow – CVE-2006-3869. Internet Explorer 6 Service Pack 1 Customers should apply the new update immediately. Microsoft Knowledge Base Article 918899
Microsoft Knowledge Base Article 918899 .
documents this and any other currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues.

For more information, see Microsoft Knowledge Base Article 918899Microsoft Knowledge Base Article 918899..

Tested Software and Security Update Download Locations:and Affected Software:

• Microsoft Windows 2000 Service Pack 4

• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

• Microsoft Windows XP Professional x64 Edition

• Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

• Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

• Microsoft Windows Server 2003 x64 Edition

http://www.microsoft.com/technet/security/bulletin/ms06-042.mspx