Microsoft Security Bulletin Summary for July, 2006

Microsoft Security Bulletin Summary for July, 2006
Published: July 11, 2006 | Updated: July 11, 2006

Bulletin Summary:
http://www.microsoft.com/technet/security/Bulletin/ms06-Jul.mspx


Critical (5)
Bulletin Identifier Microsoft Security Bulletin MS06-035
Bulletin Title
Vulnerability in Server Service Could Allow Remote Code Execution (917159)
Executive Summary
This update resolves two vulnerabilities in the Server service, the most serious of which could allow remote code execution
http://www.microsoft.com/technet/security/Bulletin/ms06-035.mspx

Bulletin Identifier Microsoft Security Bulletin MS06-036
Bulletin Title
Vulnerability in DHCP Client Service Could Allow Remote Code Execution 914388
Executive Summary
This update resolves a vulnerability in the DHCP Client service that could allow remote code execution
http://www.microsoft.com/technet/security/Bulletin/ms06-036.mspx

Bulletin Identifier Microsoft Security Bulletin MS06-037
Bulletin Title
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (917285)
Executive Summary
This update resolves several vulnerabilities in Excel, the most serious of which could allow remote code execution.
http://www.microsoft.com/technet/security/Bulletin/ms06-037.mspx

Bulletin Identifier Microsoft Security Bulletin MS06-038
Bulletin Title
Vulnerability in Microsoft Office Could Allow Remote Code Execution (915384)
Executive Summary
This update resolves two vulnerabilities in Office, the most serious of which could allow remote code execution.
http://www.microsoft.com/technet/security/Bulletin/ms06-038.mspx

Bulletin Identifier Microsoft Security Bulletin MS06-039
Bulletin Title
Vulnerability in Microsoft Office Could Allow Remote Code Execution (915384)
Executive Summary
This update resolves two vulnerabilities in Office, the most serious of which could allow remote code execution.
http://www.microsoft.com/technet/security/Bulletin/ms06-038.mspx


Important (1)
Bulletin Identifier Microsoft Security Bulletin MS06-033
Bulletin Title
Vulnerability in ASP.NET Could Allow Information Disclosure (917283)
Executive Summary
This vulnerability could allow an attacker to bypass ASP.Net security and gain unauthorized access to objects in the Application folder explicitly by name. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system.
http://www.microsoft.com/technet/security/Bulletin/ms06-033.mspx


Moderate Bulletins:
Bulletin Identifier Microsoft Security Bulletin MS06-034
Bulletin Title
Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)
Executive Summary
This vulnerability could allow an attacker to take complete control of an affected system. Note that the attacker must have valid logon credentials, but if a server has been purposely configured to allow users, either anonymous or authenticated, to upload web content such as .ASP pages to web sites, the server could be exploited by this vulnerability.
http://www.microsoft.com/technet/security/Bulletin/ms06-034.mspx

This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338 International customers should contact their local subsidiary.

 

The updated version of Windows Malicious Software Removal Tool is also available. You may download from Microsoft Download center.

File Name: Windows-KB890830-V1.18.exe
Version: 1.18
Knowledge Base (KB) Articles: KB890830
Date Published: 7/11/2006
Language: English


Please review KB890830 for the list of malicious software that the current version of the tool is capable of removing as well as usage instructions. Also, please be aware that this tool reports anonymous information back to Microsoft in the event that an infection is found or an error is encountered. The above KB article contains information on how to disable this functionality and what specific information is sent to Microsoft.

 

Microsoft Security Bulletin Minor Revisions



The following bulletins have undergone a minor revision increment. Please see the appropriate bulletin for more details.

* MS06-039 * MS06-038 * MS06-037 * MS06-035 * MS06-034 * MS06-027

* MS06-039

- http://www.microsoft.com/technet/security/bulletin/ms06-039.mspx

- Reason for Revision: Bulletin updated to provide clarity around the " Client Installation File Information" and "Administrative Installation File Information" for Office 2003 in the " Security Update Section" .

- Originally posted: July 11, 2006 - Updated: July 12, 2006 - Bulletin Severity Rating: Critical - Version: 1.1

* MS06-038

- http://www.microsoft.com/technet/security/bulletin/ms06-038.mspx

- Reason for Revision: Bulletin updated to provide clarity around the "Administrative Installation File Information" for Office 2000 in the "Security Update Section".

- Originally posted: July 11, 2006 - Updated: July 12, 2006 - Bulletin Severity Rating: Critical - Version: 1.1

* MS06-037

- http://www.microsoft.com/technet/security/bulletin/ms06-037.mspx

- Reason for Revision: Bulletin updated the "Client Installation File Information " and "Administrative Installation File Information" for Excel 2003 in the "Security Update Section".

- Originally posted: July 11, 2006 - Updated: July 12, 2006 - Bulletin Severity Rating: Critical - Version: 1.1

* MS06-035

- http://www.microsoft.com/technet/security/bulletin/ms06-035.mspx

- Reason for Revision: Bulletin published

- Originally posted: July 11, 2006 - Updated: July 12, 2006 - Bulletin Severity Rating: Critical - Version: 1.1

* MS06-034

- http://www.microsoft.com/technet/security/bulletin/ms06-034.mspx

- Reason for Revision: Bulletin updated to provide clarity around the "File Information" for Windows XP in the "Security Update Section".

- Originally posted: July 11, 2006 - Updated: July 12, 2006 - Bulletin Severity Rating: Important - Version: 1.1

* MS06-027

- http://www.microsoft.com/technet/security/bulletin/ms06-027.mspx

- Reason for Revision: Bulletin updated the "What updates does this release replace?" regarding MS05-023 for Word 2003.

- Originally posted: June 13, 2006 - Updated: July 12, 2006 - Bulletin Severity Rating: Critical - Version: 1.3

 

Microsoft Security Bulletin Minor Revisions for July

The following bulletins have undergone a minor revision increment.

* MS06-038
- Reason for Revision: Bulletin updated the "What updates does this release replace?" regarding MS05-005 for Office XP.

Originally posted: July 11, 2006 - Updated: July 19, 2006 - Bulletin Severity Rating: Critical - Version: 1.2
http://www.microsoft.com/technet/security/bulletin/ms06-038.mspx

* MS06-034
Reason for Revision: Bulletin updated "Caveats" Section.

- Originally posted: July 11, 2006 - Updated: July 19, 2006 - Bulletin Severity Rating: Important - Version: 1.2
http://www.microsoft.com/technet/security/bulletin/ms06-034.mspx

MS06-033
Reason for Revision: Bulletin updated "Caveats" Section. Provided additional clarity around "Prerequisites" and "nstallation Information" for "The Microsoft .NET Framework version 2.0" under the "Security Update Information" Section.

- Originally posted: July 11, 2006 - Updated: July 19, 2006 - Bulletin Severity Rating: Important - Version: 1.2
http://www.microsoft.com/technet/security/bulletin/ms06-033.mspx

MS06-024
Reason for Revision: Bulletin revised "Registry Key Verification" for Windows Media Player 10 on Windows Server 2003.

- Originally posted: June 13, 2006 - Updated: July 19, 2006 - Bulletin Severity Rating: Critical - Version: 1.3
http://www.microsoft.com/technet/security/bulletin/ms06-024.mspx