Microsoft Security Bulletin Summary for September, 2006

Discussion in 'other security issues & news' started by NICK ADSL UK, Sep 12, 2006.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletins for September 2006
    Download the September security updates for Microsoft Windows and Microsoft Office.
    Posted on Tue, 12 Sep 2006



    Bulletin Summary:
    http://www.microsoft.com/technet/security/Bulletin/ms06-Sep.mspx


    Critical (1)
    Bulletin Identifier Microsoft Security Bulletin MS06-054
    Bulletin Title
    Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729)
    Executive Summary
    This update resolves a vulnerability in Publisher that could allow remote code execution.
    http://www.microsoft.com/technet/security/Bulletin/ms06-054.mspx



    Important (1)

    Bulletin Identifier Microsoft Security Bulletin MS06-052
    Bulletin Title
    Vulnerability in Reliable Multicast Program (PGM) Could Result in Denial of Service (919007)
    Executive Summary
    This update resolves a vulnerability in Reliable Multicast Program (PGM) that could cause a denial of service condition.
    http://www.microsoft.com/technet/security/Bulletin/ms06-052.mspx


    Moderate (1)
    Bulletin Identifier Microsoft Security Bulletin MS06-053
    Bulletin Title
    Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685)
    Executive Summary
    This update resolves a vulnerability in the Indexing Service that could allow information disclosure
    http://www.microsoft.com/technet/security/Bulletin/ms06-053.mspx


    Re-Released Bulletins:
    Vulnerability in Server Service Could Allow Remote Code Execution (921883)
    http://www.microsoft.com/technet/security/Bulletin/ms06-040.mspx


    Cumulative Security Update for Internet Explorer (918899)
    http://www.microsoft.com/technet/security/Bulletin/ms06-042.mspx


    Security Advisories:
    Microsoft Security Advisory (922582)

    Update for Windows
    http://www.microsoft.com/technet/security/advisory/922582.mspx


    Microsoft Security Advisory (925143)
    Adobe Security Bulletin: APSB06-11 Flash Player Update to Address Security Vulnerabilities

    http://www.microsoft.com/technet/security/advisory/925143.mspx

    This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Webcast:
    Microsoft will host a webcast tomorrow. The webcast focuses on addressing your questions and concerns about the security bulletins. Therefore, most of the live webcast is aimed at giving you the opportunity to ask questions and get answers from their security experts.

    Start Time: Wednesday, september 13th, 2006 11:00 AM Pacific Time (US & Canada)
    End Time: Wednesday, september 13th, 2006 12:00 PM Pacific Time (US & Canada)


    Presenter: Christopher Budd, CISA, CISM, CISSP, ISSMP Security Program Manager, PSS Security, Microsoft Corporation and Mike Reavey, Lead Security Program Manager, Microsoft Corporation

    Security Tool:
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft® Windows® Malicious Software Removal Tool (KB890830)
    Brief Description

    This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

    Quick Details
    File Name: Windows-KB890830-V1.20.exe
    Version: 1.20
    Knowledge Base (KB) Articles: KB890830
    Date Published: 9/12/2006
    Language: English
    Download Size: 3.7 MB

    Overview
    The Microsoft Windows Malicious Software Removal Tool checks Windows XP, Windows 2000, and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed. The tool creates a log file named mrt.log in the %WINDIR%\debug folder.

    Please review 890830KB890830 for the list of malicious software that the current version of the tool is capable of removing as well as usage instructions. Also, please be aware that this tool reports anonymous information back to Microsoft in the event that an infection is found or an error is encountered. The above KB article contains information on how to disable this functionality and what specific information is sent to Microsoft.

    This tool is not a replacement for an anti-virus product. To help protect your computer, you should use an anti-virus product.

    Microsoft will release an updated version of this tool on the second Tuesday of each month. New versions will be made available through this web page, Windows Update, and the Malicious Software Removal Tool Web site on Microsoft.com.


    The user must be an administrator to run this tool. This tool will not run on any version of Windows 98, Windows ME, or Windows NT 4.0.

    Note that this download is now a multi-lingual tool. For all supported languages, the same tool will show the correct language depending on the language of the operating system.

    http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    TechNet Webcast: Information About Microsoft October Security Bulletins (Level 200)

    Start Time: Wednesday, October 11, 2006 11:00 AM Pacific Time (US & Canada)
    End Time: Wednesday, October 11, 2006 12:00 PM Pacific Time (US & Canada)

    Event Description
    Products: Security.

    Recommended Audience: IT Professional.

    Language: English-American

    Description: On October 10, 2006, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the October security bulletins. The intent of this webcast is to address your concerns. Therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from our security experts.

    Presenter: Christopher Budd, CISA, CISM, CISSP, ISSMP Security Program Manager, PSS Security, Microsoft Corporation and Mike Reavey, Lead Security Program Manager, Microsoft Corporation


    http://msevents.microsoft.com/CUI/W...&EventCategory=4&culture=en-US&CountryCode=US
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Security Update for Windows XP (KB925486)

    Date last published: 9/26/2006
    Typical download size: 250 KB
    A security issue has been identified in the way Vector Markup Language (VML) is handled that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.
    System Requirements
    Recommended CPU: Not specified.
    Recommended memory: Not specified.
    Recommended hard disk space: Not specified.
    How to Uninstall
    This software update can be removed via Add or Remove Programs in Control Panel.

    This update is now available from the Microsoft update website
    http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Advance Notification
    Updated: October 5, 2006

    As part of the monthly security bulletin release cycle, Microsoft provides advance notification to our customers on the number of new security updates being released, the products affected, the aggregate maximum severity and information about detection tools relevant to the update. This is intended to help our customers plan for the deployment of these security updates more effectively.

    In addition, to help customers prioritize monthly security updates with any non-security updates released on Microsoft Update, Windows Update, Windows Server Update Services and Software Update Services on the same day as the monthly security bulletins, we also provide:

    • Information about the release of updated versions of the Microsoft Windows Malicious Software Removal Tool.

    • Information about the release of NON-SECURITY, High Priority updates on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS).


    Note that this information will pertain ONLY to updates on Microsoft Update, Windows Update, Windows Server Update Services and Software Update Services and only about High Priority, non-security updates being released on the same day as security updates. Information will NOT be provided about Non-security updates released on other days.

    On 10 October 2006 Microsoft is planning to release:

    Security Updates


    • Six Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. Some of these updates will require a restart.

    • Four Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.

    • One Microsoft Security Bulletin affecting Microsoft .NET Framework. The highest Maximum Severity rating for this is Moderate. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates may require a restart.


    Microsoft Windows Malicious Software Removal Tool

    • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.


    Note that this tool will NOT be distributed using Software Update Services (SUS).

    Non-security High Priority updates on MU, WU, WSUS and SUS

    • Microsoft will release No NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).

    • Microsoft will release two NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).


    Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released.

    Microsoft will host a webcast next week to address customer questions on these bulletins. For more information on this webcast please see below:

    • TechNet Webcast: Information about Microsoft's Security Bulletins

    • Wednesday, October 11, 2006 11:00 AM Pacific Time (US & Canada)
    http://msevents.microsoft.com/CUI/W...&EventCategory=4&culture=en-US&CountryCode=US


    At this time no additional information on these bulletins such as details regarding severity or details regarding the vulnerability will be made available until 10 October 2006.
     
Loading...
Thread Status:
Not open for further replies.