Microsoft Security Bulletin Summary for July, 2006

Discussion in 'other security issues & news' started by NICK ADSL UK, Jul 11, 2006.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Summary for July, 2006
    Published: July 11, 2006 | Updated: July 11, 2006


    Bulletin Summary:
    http://www.microsoft.com/technet/security/Bulletin/ms06-Jul.mspx


    Critical (5)

    Bulletin Identifier Microsoft Security Bulletin MS06-035
    Bulletin Title
    Vulnerability in Server Service Could Allow Remote Code Execution (917159)
    Executive Summary
    This update resolves two vulnerabilities in the Server service, the most serious of which could allow remote code execution
    http://www.microsoft.com/technet/security/Bulletin/ms06-035.mspx

    Bulletin Identifier Microsoft Security Bulletin MS06-036
    Bulletin Title
    Vulnerability in DHCP Client Service Could Allow Remote Code Execution 914388
    Executive Summary
    This update resolves a vulnerability in the DHCP Client service that could allow remote code execution
    http://www.microsoft.com/technet/security/Bulletin/ms06-036.mspx

    Bulletin Identifier Microsoft Security Bulletin MS06-037
    Bulletin Title
    Vulnerability in Microsoft Excel Could Allow Remote Code Execution (917285)
    Executive Summary
    This update resolves several vulnerabilities in Excel, the most serious of which could allow remote code execution.
    http://www.microsoft.com/technet/security/Bulletin/ms06-037.mspx

    Bulletin Identifier Microsoft Security Bulletin MS06-038
    Bulletin Title
    Vulnerability in Microsoft Office Could Allow Remote Code Execution (915384)
    Executive Summary
    This update resolves two vulnerabilities in Office, the most serious of which could allow remote code execution.
    http://www.microsoft.com/technet/security/Bulletin/ms06-038.mspx

    Bulletin Identifier Microsoft Security Bulletin MS06-039
    Bulletin Title
    Vulnerability in Microsoft Office Could Allow Remote Code Execution (915384)
    Executive Summary
    This update resolves two vulnerabilities in Office, the most serious of which could allow remote code execution.
    http://www.microsoft.com/technet/security/Bulletin/ms06-038.mspx


    Important (1)
    Bulletin Identifier Microsoft Security Bulletin MS06-033
    Bulletin Title
    Vulnerability in ASP.NET Could Allow Information Disclosure (917283)
    Executive Summary
    This vulnerability could allow an attacker to bypass ASP.Net security and gain unauthorized access to objects in the Application folder explicitly by name. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system.
    http://www.microsoft.com/technet/security/Bulletin/ms06-033.mspx


    Moderate Bulletins:

    Bulletin Identifier Microsoft Security Bulletin MS06-034
    Bulletin Title
    Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)
    Executive Summary
    This vulnerability could allow an attacker to take complete control of an affected system. Note that the attacker must have valid logon credentials, but if a server has been purposely configured to allow users, either anonymous or authenticated, to upload web content such as .ASP pages to web sites, the server could be exploited by this vulnerability.
    http://www.microsoft.com/technet/security/Bulletin/ms06-034.mspx

    This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338 International customers should contact their local subsidiary.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    The updated version of Windows Malicious Software Removal Tool is also available. You may download from Microsoft Download center.

    File Name: Windows-KB890830-V1.18.exe
    Version: 1.18
    Knowledge Base (KB) Articles: KB890830
    Date Published: 7/11/2006
    Language: English


    Please review KB890830 for the list of malicious software that the current version of the tool is capable of removing as well as usage instructions. Also, please be aware that this tool reports anonymous information back to Microsoft in the event that an infection is found or an error is encountered. The above KB article contains information on how to disable this functionality and what specific information is sent to Microsoft.
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions



    The following bulletins have undergone a minor revision increment. Please see the appropriate bulletin for more details.

    * MS06-039 * MS06-038 * MS06-037 * MS06-035 * MS06-034 * MS06-027

    * MS06-039

    - http://www.microsoft.com/technet/security/bulletin/ms06-039.mspx

    - Reason for Revision: Bulletin updated to provide clarity around the " Client Installation File Information" and "Administrative Installation File Information" for Office 2003 in the " Security Update Section" .

    - Originally posted: July 11, 2006 - Updated: July 12, 2006 - Bulletin Severity Rating: Critical - Version: 1.1

    * MS06-038

    - http://www.microsoft.com/technet/security/bulletin/ms06-038.mspx

    - Reason for Revision: Bulletin updated to provide clarity around the "Administrative Installation File Information" for Office 2000 in the "Security Update Section".

    - Originally posted: July 11, 2006 - Updated: July 12, 2006 - Bulletin Severity Rating: Critical - Version: 1.1

    * MS06-037

    - http://www.microsoft.com/technet/security/bulletin/ms06-037.mspx

    - Reason for Revision: Bulletin updated the "Client Installation File Information " and "Administrative Installation File Information" for Excel 2003 in the "Security Update Section".

    - Originally posted: July 11, 2006 - Updated: July 12, 2006 - Bulletin Severity Rating: Critical - Version: 1.1

    * MS06-035

    - http://www.microsoft.com/technet/security/bulletin/ms06-035.mspx

    - Reason for Revision: Bulletin published

    - Originally posted: July 11, 2006 - Updated: July 12, 2006 - Bulletin Severity Rating: Critical - Version: 1.1

    * MS06-034

    - http://www.microsoft.com/technet/security/bulletin/ms06-034.mspx

    - Reason for Revision: Bulletin updated to provide clarity around the "File Information" for Windows XP in the "Security Update Section".

    - Originally posted: July 11, 2006 - Updated: July 12, 2006 - Bulletin Severity Rating: Important - Version: 1.1

    * MS06-027

    - http://www.microsoft.com/technet/security/bulletin/ms06-027.mspx

    - Reason for Revision: Bulletin updated the "What updates does this release replace?" regarding MS05-023 for Word 2003.

    - Originally posted: June 13, 2006 - Updated: July 12, 2006 - Bulletin Severity Rating: Critical - Version: 1.3
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions for July

    The following bulletins have undergone a minor revision increment.

    * MS06-038
    - Reason for Revision: Bulletin updated the "What updates does this release replace?" regarding MS05-005 for Office XP.

    Originally posted: July 11, 2006 - Updated: July 19, 2006 - Bulletin Severity Rating: Critical - Version: 1.2
    http://www.microsoft.com/technet/security/bulletin/ms06-038.mspx

    * MS06-034
    Reason for Revision: Bulletin updated "Caveats" Section.

    - Originally posted: July 11, 2006 - Updated: July 19, 2006 - Bulletin Severity Rating: Important - Version: 1.2
    http://www.microsoft.com/technet/security/bulletin/ms06-034.mspx

    MS06-033
    Reason for Revision: Bulletin updated "Caveats" Section. Provided additional clarity around "Prerequisites" and "nstallation Information" for "The Microsoft .NET Framework version 2.0" under the "Security Update Information" Section.

    - Originally posted: July 11, 2006 - Updated: July 19, 2006 - Bulletin Severity Rating: Important - Version: 1.2
    http://www.microsoft.com/technet/security/bulletin/ms06-033.mspx

    MS06-024
    Reason for Revision: Bulletin revised "Registry Key Verification" for Windows Media Player 10 on Windows Server 2003.

    - Originally posted: June 13, 2006 - Updated: July 19, 2006 - Bulletin Severity Rating: Critical - Version: 1.3
    http://www.microsoft.com/technet/security/bulletin/ms06-024.mspx
     
Loading...
Thread Status:
Not open for further replies.