Microsoft Security Bulletin Summary for November 2006

Discussion in 'other security issues & news' started by NICK ADSL UK, Nov 14, 2006.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Summary for November, 2006
    http://www.microsoft.com/technet/security/bulletin/ms06-nov.mspx


    Critical (5)
    Bulletin Identifier Microsoft Security Bulletin MS06-067
    Bulletin Title
    Cumulative Security Update for Internet Explorer (922760)

    Executive Summary
    This update resolves vulnerabilities in Internet Explorer that could allow remote code execution.
    http://www.microsoft.com/technet/security/bulletin/ms06-067.mspx


    Bulletin Identifier Microsoft Security Bulletin MS06-068
    Bulletin Title
    Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213)

    Executive Summary
    This update resolves a vulnerability in Microsoft Agent that could allow remote code execution
    http://www.microsoft.com/technet/security/bulletin/ms06-068.mspx


    Bulletin Identifier Microsoft Security Bulletin MS06-069
    Bulletin Title
    Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)

    Executive Summary
    This update resolves vulnerabilities in Macromedia Flash Player, from Adobe, that could allow remote code execution.
    http://www.microsoft.com/technet/security/bulletin/ms06-069.mspx

    Bulletin Identifier Microsoft Security Bulletin MS06-070
    Bulletin Title
    Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)

    Executive Summary
    This update resolves a vulnerability in Workstation Service that could allow remote code execution.
    http://www.microsoft.com/technet/security/bulletin/ms06-070.mspx

    Bulletin Identifier Microsoft Security Bulletin MS06-071
    Bulletin Title
    Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution 928088

    Executive Summary
    This update resolves a vulnerability in Microsoft XML Core Services that could allow remote code execution.
    http://www.microsoft.com/technet/security/bulletin/ms06-071.mspx

    Important (1)

    Bulletin Identifier Microsoft Security Bulletin MS06-066
    Bulletin Title
    Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980)

    Executive Summary
    This update resolves vulnerabilities in the Client Service for NetWare that could allow remote code execution. The Client Service for NetWare is not installed by default on any affected operating system version.
    http://www.microsoft.com/technet/security/bulletin/ms06-066.mspx

    This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Webcast
    Microsoft will host a webcast tomorrow. The webcast focuses on addressing your questions and concerns about the security bulletins. Therefore, most of the live webcast is aimed at giving you the opportunity to ask questions and get answers from their security experts.

    Start Time: Wednesday, november 15th, 2006 11:00 AM Pacific Time (US & Canada)
    End Time: Wednesday, november 15th, 2006 12:00 PM Pacific Time (US & Canada)


    Presenter: Christopher Budd, CISA, CISM, CISSP, ISSMP Security Program Manager, PSS Security, Microsoft Corporation and Mike Reavey, Lead Security Program Manager, Microsoft Corporation

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Malicious Software Removal Tool
    Published: January 11, 2005 | Updated: November 14, 2006



    The Microsoft Windows Malicious Software Removal Tool checks computers running Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom—and helps remove any infection found. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed.

    Microsoft releases an updated version of this tool on the second Tuesday of each month, and as needed to respond to security incidents. The tool is available from Microsoft Update, Windows Update and the Microsoft Download Center.

    Note The version of the tool delivered by Microsoft Update and Windows Update runs in the background and then reports if an infection is found. If you would like to run this tool more than once a month, use the version on this Web page or install the version that is available in the Download Center.

    Because computers can appear to function normally when infected, Microsoft advises you to run this tool even if your computer seems to be fine. You should also use up-to-date antivirus software to help protect your computer from other malicious software.

    To download the latest version of this tool, please visit the Microsoft Download Center.
    http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us


    New Additions
    We have added detection and cleaning capabilities for the following malicious software:
    • Brontok

    http://go.microsoft.com/fwlink/?linkid=37020&name=Win32/Brontok
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    The following bulletins have undergone a minor revision increment.

    *MS06-020 *MS06-069 *MS06-071

    *MS06-020

    Reason for revision: Bulletin revised to call out Microsoft Windows XP Professional x64 Edition as affected software. - Updated: November 15, 2006 - Bulletin Severity Rating: Critical - Version: 1.1
    http://www.microsoft.com/technet/security/bulletin/ms06-020.mspx

    MS06-069
    Reason for revision: Bulletin revised to clarify that this security update installs Flash6.ocx version 6.0.88.0 and removes the version of Flash.ocx it is replacing.
    http://www.microsoft.com/technet/security/bulletin/ms06-069.mspx

    MS06-071
    Reason for revision: Executable name for msxml6 has been updated with correct name and log file has been updated with correct KB number. Additional clarification has also been added to clarify which components of the previous Bulletin this update replaces.
    - Updated: November 15, 2006 - Bulletin Severity Rating: Critical - Version: 1.1
    http://www.microsoft.com/technet/security/bulletin/ms06-071.mspx
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    MS06-071 Available Through SUS 1.0

     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Advance Notification
    http://www.microsoft.com/technet/security/...in/advance.mspx

    The next security bulletin advance notification is scheduled for December 7, 2006, and will outline information for the December 12, 2006 security bulletin release.


    December Security Bulletin Webcast
    http://msevents.microsoft.com/CUI/WebCastE...;CountryCode=US

    Microsoft will host a webcast on December 13, 2006 (after Patch Tuesday) to address your concerns. The webcast is devoted to attendees asking questions about the bulletins and getting answers from their security experts.
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    On 12 December 2006 Microsoft is planning to release:

    Security Updates


    Five Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart.


    One Microsoft Security Bulletins affecting Microsoft Visual Studio. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates may require a restart.

    Microsoft Windows Malicious Software Removal Tool


    Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.

    Note that this tool will NOT be distributed using Software Update Services (SUS).

    Non-security High Priority updates on MU, WU, WSUS and SUS


    Microsoft will release four NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).


    Microsoft will release 10 NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

    Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released.

    Microsoft will host a webcast next week to address customer questions on these bulletins. For more information on this webcast please see below:


    TechNet Webcast: Information about Microsoft's Security Bulletins


    Wednesday, December 13, 2006 11:00 AM Pacific Time (US & Canada)
    http://msevents.microsoft.com/CUI/W...&EventCategory=4&culture=en-US&CountryCode=US

    At this time no additional information on these bulletins such as details regarding severity or details regarding the vulnerability will be made available until 12 December 2006.
     
Loading...
Thread Status:
Not open for further replies.