Microsoft Monthly Update

[Corrine]

Microsoft Security Bulletin Summary for June, 20068 Critical Bulletins:

• MS06-021 - Cumulative Security Update for Internet Explorer (916281)
• MS06-022 - Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)
• MS06-023 - Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)
• MS06-024 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)
• MS06-025 - Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)
• MS06-026 - Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (918547)
• MS06-027 - Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)
• MS06-028 - Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)

3 Important Bulletins:

• MS06-029 - Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)
• MS06-030 - Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)
• MS06-032 - Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)

1 Moderate Bulletin:

• MS06-031 - Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736)

[Peachy]

Thanks, Corrine, for updating the list. Didn't get a chance to yet.

[striker]

Thanks folks!

[Gary]

Thanks folks!

[Corrine]

Microsoft has released today the following security bulletins:Critical

• Microsoft Security Bulletin MS06-035Vulnerability in Server Service Could Allow Remote Code Execution (917159)This update resolves two vulnerabilities in the Server service, the most serious of which could allow remote code execution.
• Microsoft Security Bulletin MS06-036Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)This update resolves a vulnerability in the DHCP Client service that could allow remote code execution.
• Microsoft Security Bulletin MS06-037Vulnerability in Microsoft Excel Could Allow Remote Code Execution (917285)This update resolves several vulnerabilities in Excel, the most serious of which could allow remote code execution.
• Microsoft Security Bulletin MS06-038Vulnerability in Microsoft Office Could Allow Remote Code Execution (915384)This update resolves two vulnerabilities in Office, the most serious of which could allow remote code execution.
• Microsoft Security Bulletin MS06-039Vulnerability in Microsoft Office Could Allow Remote Code Execution (915384)This update resolves two vulnerabilities in Office, the most serious of which could allow remote code execution.

Important:

• Microsoft Security Bulletin MS06-033Vulnerability in ASP.NET Could Allow Information Disclosure (917283)This vulnerability could allow an attacker to bypass ASP.Net security and gain unauthorized access to objects in the Application folder explicitly by name. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system.
• Microsoft Security Bulletin MS06-034Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)This vulnerability could allow an attacker to take complete control of an affected system. Note that the attacker must have valid logon credentials, but if a server has been purposely configured to allow users, either anonymous or authenticated, to upload web content such as .ASP pages to web sites, the server could be exploited by this vulnerability.

View the summary and all the details here

[Corrine]

As compiled by Donna of COU:Microsoft has released today the following security bulletins:MS06-040 - Vulnerability in Server Service Could Allow Remote Code Execution (921883) (Note: Addresses a critical security problem)MS06-041 - Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683)MS06-042 - Cumulative Security Update for Internet Explorer (918899)MS06-043 - Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)MS06-044 - Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008)MS06-045 - Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)MS06-046 - Vulnerability in HTML Help Could Allow Remote Code Execution (922616)MS06-047 - Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645)MS06-048 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968)MS06-049 - Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958)MS06-050 - Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)MS06-051 - Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422)View the summary and all the details here

[Rons]

Thanks - I had heard itwas going to be a rather large update. This confirms it.

[Corrine]

Microsoft Security Bulletins - September 2006Microsoft released 3 new bulletins (1 critical, 1 important and 1 moderate), 2 re-released bulletins and 2 security advisories today. For more detailed information see this month’s bulletin summary . Critical: MS06-054 -- Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729)Important: MS06-052 -- Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007)Moderate: MS06-053 -- Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685)Re-Released Bulletins:MS06-040 -- Vulnerability in Server Service Could Allow Remote Code Execution (921883)MS06-042 -- Cumulative Security Update for Internet Explorer (918899)

[Corrine]

Additionally note that Microsoft issued two security advisories today: * Microsoft Security Advisory (922582) -- announces the availability of an update that addresses errors trying to update a computer that has a minifilter-based application installed. * Microsoft Security Advisory (925143) -- provides awareness of Adobe Security Bulletin: APSB06-11. This bulletin provides guidance to users of Macromedia Flash Player from Adobe - version 8.0.24.0 and earlier which is redistributed with Microsoft Windows XP Service Pack 1, Windows XP Service Pack 2, and Windows XP Professional x64 Edition.

[Corrine]

Sorry I'm a bit late with this posting. REMINDER: Today ends support for XP SP1 and SP1a. Update information is here: http://www.microsoft.com/windowsxp/sp2/default.mspxMicrosoft is releasing the following security bulletins for newly discovered vulnerabilities:Critical:MS06-057 - Windows - http://www.microsoft.com/technet/security/...n/ms06-057.mspxMS06-058 - Office - http://www.microsoft.com/technet/security/...n/ms06-058.mspxMS06-059 - Office - http://www.microsoft.com/technet/security/...n/ms06-059.mspxMS06-060 - Office - http://www.microsoft.com/technet/security/...n/ms06-060.mspxMS06-061 - Windows/Office - http://www.microsoft.com/technet/security/...n/ms06-061.mspxMS06-062 - Office - http://www.microsoft.com/technet/security/...n/ms06-062.mspxImportant:MS06-063 - Windows - http://www.microsoft.com/technet/security/...n/ms06-063.mspxModerate:MS06-056 - .NET Framework 2.0 - http://www.microsoft.com/technet/security/...n/ms06-056.mspxMS06-065 - Windows - http://www.microsoft.com/technet/security/...n/ms06-065.mspxLow:MS06-064 - Windows - http://www.microsoft.com/technet/security/...n/ms06-064.mspxSummaries for these new bulletins may be found at the following pages:http://www.microsoft.com/technet/security/...n/ms06-oct.mspxNote: There were network issues earlier today. As a result, the updates didn't get pushed out to the various locations until late. The updates are available individually for download from the links posted above.

[Peachy]

Patch Tuesday for November:5 CriticalMicrosoft Security Bulletin MS06-067Cumulative Security Update for Internet Explorer (922760)This update resolves vulnerabilities in Internet Explorer that could allow remote code execution.Microsoft Security Bulletin MS06-068Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213)This update resolves a vulnerability in Microsoft Agent that could allow remote code execution.Microsoft Security Bulletin MS06-069Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)This update resolves vulnerabilities in Macromedia Flash Player, from Adobe, that could allow remote code execution.Microsoft Security Bulletin MS06-070Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)This update resolves a vulnerability in Workstation Service that could allow remote code execution.Microsoft Security Bulletin MS06-071Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088)This update resolves a vulnerability in Microsoft XML Core Services that could allow remote code execution.1 important (for NetWare clients)Microsoft Security Bulletin MS06-066Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980)This update resolves vulnerabilities in the Client Service for NetWare that could allow remote code execution. The Client Service for NetWare is not installed by default on any affected operating system version.

[Guitar Man]

re Microsoft Security Bulletin MS06-069, if users have upgraded their Flash versions religiously (to version 9.0), they're not vulnerable.

This bulletin is for customers using Macromedia Flash Player version 6 from Adobe. Customers that have followed the guidance in Adobe Security Bulletin APSB06-11, issued September 12, 2006, are not at risk from these vulnerabilities.

There is however, a version upgrade to 9,0,28,0 announced on this page, which tells you what version you presently have, and the link to upgrade if necessary.I found out myself yesterday. And the same version applies to FF users.

[Peachy]

Super Patch Tuesday today!Microsoft Security Bulletin MS06-072Cumulative Security Update for Internet Explorer (925454)http://www.microsoft.com/technet/security/...n/MS06-072.mspxMicrosoft Security Bulletin MS06-073Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674)http://www.microsoft.com/technet/security/...n/MS06-073.mspxMicrosoft Security Bulletin MS06-074Vulnerability in SNMP Could Allow Remote Code Execution (926247)http://www.microsoft.com/technet/security/...n/MS06-074.mspxMicrosoft Security Bulletin MS06-075Vulnerability in Windows Could Allow Elevation of Privilege (926255)http://www.microsoft.com/technet/security/...n/MS06-075.mspxMicrosoft Security Bulletin MS06-076Cumulative Security Update for Outlook Express (923694)http://www.microsoft.com/technet/security/...n/MS06-076.mspxMicrosoft Security Bulletin MS06-077Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)http://www.microsoft.com/technet/security/...n/MS06-077.mspxMicrosoft Security Bulletin MS06-078Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)http://www.microsoft.com/technet/security/...n/MS06-078.mspx

[NICK ADSL UK]

Microsoft Security Bulletin Summary for July 2007Microsoft Security Bulletin(s) for 10/07/2007http://www.microsoft.com/technet/security/...n/ms07-Jul.mspxJuly 10 2007Today Microsoft released the following Security Bulletin(s). Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.Bulletin Summary:http://www.microsoft.com/technet/security/...n/ms07-Jul.mspxCritical Bulletins:Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542)http://www.microsoft.com/technet/security/...n/ms07-036.mspxVulnerability in Windows Active Directory Could Allow Remote Code Execution (926122)http://www.microsoft.com/technet/security/...n/ms07-039.mspxVulnerabilities in .NET Framework Could Allow Remote Code Execution (931212)http://www.microsoft.com/technet/security/...n/ms07-040.mspxImportant Bulletins:Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution 936548http://www.microsoft.com/technet/security/...n/ms07-037.mspxVulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373)http://www.microsoft.com/technet/security/...n/ms07-041.mspxModerate Bulletins:Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)http://www.microsoft.com/technet/security/...n/ms07-038.mspxRe-Released Bulletins:Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)http://www.microsoft.com/technet/security/...n/ms06-078.mspxThis represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so. If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338 International customers should contact their local subsidiaryAs always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.Security ToolFind out if you are missing important Microsoft product updates by using MBSA.

[NICK ADSL UK]

Microsoft Security Bulletin(s) for January 2008 Note: There may be latency issues due to replication, if the page does not display keep refreshingToday Microsoft released the following Security Bulletin(s).Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.Bulletin Summary:http://www.microsoft.com/technet/security/...n/ms08-jan.mspxCritical (1)Microsoft Security Bulletin MS08-001Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)http://go.microsoft.com/fwlink/?LinkId=104919Important (1)Microsoft Security Bulletin MS08-002Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)http://go.microsoft.com/fwlink/?LinkID=104921Non-Security, High-Priority Updates on MU, WU, and WSUSFor this month:• Microsoft has released five non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS). • Microsoft has released two non-security, high-priority updates for Windows on Windows Update (WU) and WSUS. Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days.This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiaryAs always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.Security ToolFind out if you are missing important Microsoft product updates by using MBSA.