Microsoft Security Bulletin MS06-042

Discussion in 'other security issues & news' started by NICK ADSL UK, Nov 9, 2006.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS06-042
    Cumulative Security Update for Internet Explorer (918899)
    Published: August 8, 2006 | Updated: November 8, 2006


    Version: 3.1

    Summary
    Who should read this document: Customers who use Microsoft Windows

    Impact of Vulnerability: Remote Code Execution

    Maximum Severity Rating: Critical

    Recommendation: Customers should apply the update immediately.

    Security Update Replacement: This bulletin replaces several prior security updates. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

    Caveats: On September 12, 2006, this Security Bulletin and Internet Explorer 6 Service Pack 1, Internet Explorer 5.01 Service Pack 4, and Internet Explorer 6 for Microsoft Windows Server 2003 security updates were updated to address a vulnerability documented in the Vulnerability Details section as Long URL Buffer Overflow – CVE-2006-3873. Customers using these versions of Internet Explorer should apply the new update immediately.

    On August 24, 2006 this Security Bulletin and the Internet Explorer 6 Service Pack 1 security updates were updated to address an issue documented in Microsoft Knowledge Base Article 923762. This issue may lead to an additional buffer overrun condition only affecting Internet Explorer 6 Service Pack 1 customers that have applied the original version of that update released August 8th, 2006. The security issue is documented in the Vulnerability Details section as Long URL Buffer Overflow – CVE-2006-3869. Internet Explorer 6 Service Pack 1 Customers should apply the new update immediately.

    Microsoft Knowledge Base Article 918899 documents this and any other currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 918899.

    Tested Software and Security Update Download Locations:

    Affected Software:

    • Microsoft Windows 2000 Service Pack 4

    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

    • Microsoft Windows XP Professional x64 Edition

    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

    • Microsoft Windows Server 2003 x64 Edition


    Tested Microsoft Windows Components:

    Affected Components:

    • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 — Download the update

    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1 — Download the update

    • Internet Explorer 6 for Microsoft Windows XP Service Pack 2 — Download the update

    • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 — Download the update

    • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems — Download the update

    • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition — Download the update

    • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition — Download the update


    The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site.

    Note The security updates for Microsoft Windows Server 2003, Windows Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also apply to Windows Server 2003 R2.

    http://www.microsoft.com/technet/security/bulletin/ms06-042.mspx
     
Loading...
Thread Status:
Not open for further replies.