Microsoft Security Bulletins 14 February 2006

This security bulletin courtesy of Ms. Donna Buenaventura [MVP]​

Microsoft released this month's security bulletins affecting Windows and Microsoft Office. Also affecting Windows Media Player and Internet Explorer (components in Windows):

Bulletins:

2 Critical Bulletins

• MS06-004 - Cumulative Security Update for Internet Explorer (910620)
• MS06-005 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)

5 Important Bulletins

• MS06-006 - Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)
• MS06-007 - Vulnerability in TCP/IP Could Allow Denial of Service (913446)
• MS06-008 - Vulnerability in Web Client Service Could Allow Remote Code Execution (911927)
• MS06-009 - Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)
• MS06-010 - Vulnerability in PowerPoint 2000 Could Allow Information Disclosure (889167)

Summary:
View the Bulletin Summary in Microsoft website.

Reminder:
As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Webcast:
Microsoft will host a webcast on the above security bulletins. The webcast focuses on addressing your questions and concerns about the security bulletins. Therefore, most of the live webcast is aimed at giving you the opportunity to ask questions and get answers from their security experts.

Start Time: Wednesday, February 15, 2006 11:00 AM (GMT-08:00) Pacific Time (US & Canada)
End Time: Wednesday, February 15, 2006 12:00 PM (GMT-08:00) Pacific Time (US & Canada)

Security Tool:
Find out if you are missing important Microsoft product updates by using MBSA

 

Re: Microsoft Security Bulletins 14 February 2006
http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us

 

MS06-007 - Vulnerability in TCP/IP Could Allow Denial of Service (913446)

It has been reported that the MS06-007 - Vulnerability in TCP/IP Could Allow Denial of Service (913446) failed to install using AU or MU.

Microsoft is now aware and investigating the issue.

If this should happen and you receive a failed install then please update and install MS06-007 update manually.

http://www.microsoft.com/technet/security/bulletin/ms06-007.mspx

 

Microsoft Security Bulletin Minor Revisions

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS06-007

Bulletin Information:
=====================

* MS06-007

http://www.microsoft.com/technet/security/bulletin/MS06-007.mspx

- Reason for revision: Security Update FAQ Section updated to reflect an issue, now resolved, that affected the deployment of this update through Automatic Update, Windows Update, Microsoft Update, Windows Server Update Services and Systems Management Server 2003 when using the Inventory Tool for Microsoft Updates.
- Originally posted: February 14, 2006
- Updated: February 14, 2006
- Bulletin Severity Rating: Important
- Version: 1.1

 

Microsoft Security Bulletin Advance Notification
Updated: February 14, 2006

Register for the webcast:

http://msevents.microsoft.com/CUI/W...&EventCategory=4&culture=en-US&CountryCode=US

Microsoft will host on March 15 (the day after releasing the scheduled security bulletin) the security bulletins. The webcast focuses on addressing your questions and concerns about the security bulletins. Therefore, most of the live webcast is aimed at giving you the opportunity to ask questions and get answers from their security experts.

Start Time: Wednesday, March 15, 2006 11:00 AM (GMT-08:00) Pacific Time (US & Canada)
End Time: Wednesday, March 15, 2006 12:00 PM (GMT-08:00) Pacific Time (US & Canada)

Presenter: Christopher Budd, CISA, CISM, CISSP, ISSMP Security Program Manager, PSS Security, Microsoft Corporation and Stephen Toulouse, Security Program Manager, Microsoft Corporation

 

Update for Windows XP KB913538

Update for Windows XP KB913538 Genuine Windows download
Brief Description
Install this update to prevent Windows Management Instrumentation enumerations from being canceled before the client computer can finish using the enumerations.

Overview
Install this update to prevent Windows Management Instrumentation enumerations from being canceled before the client computer can finish using the enumerations. After you install this item, you may have to restart your computer.

http://www.microsoft.com/downloads/...a1-855d-4555-8c0e-eb67c93cfc27&DisplayLang=en

 

The following bulletins have undergone a minor revision increment.

Please see the appropriate bulletin for more details.

* MS06-009
* MS06-005
* MS05-054
* MS05-013

Bulletin Information:
=====================

* MS06-009
- http://www.microsoft.com/technet/security/...n/MS06-009.mspx
- Reason for revision: Bulletin revised: Executive Summary updated to clarify the criteria for a successful attack, updated the workarounds section to provide clarity for TCP port 4125.
- Originally posted: February 14,2006
- Updated: March 8,2006
- Bulletin Severity Rating: Important
- Version: 1.1

* MS06-005
- http://www.microsoft.com/technet/security/...n/MS06-005.mspx
- Reason for revision: Bulletin revised: "Caveats" section updated due to new issues discovered with the security update.Users may experience issues when they try to seek,fast rewind,or fast forward in Windows Media Player 10.
- Originally posted: February 14,2006
- Updated: March 8,2006
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS05-054
- http://www.microsoft.com/technet/security/...n/MS05-054.mspx
- Reason for revision: Bulletin revised to add acknowledgment for CAN-2005-1790.
- Originally posted: December 13,2005
- Updated: March 8,2006
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS05-013
- http://www.microsoft.com/technet/security/...n/MS05-013.mspx
- Reason for revision: Bulletin revised due to new issues discovered with the security update: "Microsoft Knowledge Base Article 906216: The Dhtmled.ocx ActiveX control does not work as expected after a program changes the Visible property of the Dhtmled.ocx control."
- Originally posted: February 8,2005
- Updated: March 8,2006
- Bulletin Severity Rating: Critical
- Version: 1.2