Microsoft Security Bulletin Summary for August, 2006

Discussion in 'Software' started by NICK ADSL UK, Aug 8, 2006.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Critical (9)

    Bulletin Identifier Microsoft Security Bulletin MS06-040
    Vulnerability in Server Service Could Allow Remote Code Execution 921883
    http://www.microsoft.com/technet/security/Bulletin/MS06-040.mspx


    Bulletin Identifier Bulletin Identifier Microsoft Security Bulletin MS06-041
    Vulnerability in DNS Resolution Could Allow Remote Code Execution 920683
    http://www.microsoft.com/technet/security/Bulletin/MS06-041.mspx

    Bulletin Identifier Microsoft Security Bulletin MS06-042
    Cumulative Security Update for Internet Explorer 918899
    http://www.microsoft.com/technet/security/Bulletin/MS06-042.mspx

    Bulletin Identifier Microsoft Security Bulletin MS06-043
    Vulnerability in Microsoft Windows Could Allow Remote Code Execution 920214
    http://www.microsoft.com/technet/security/Bulletin/MS06-044.mspx

    Bulletin Identifier Microsoft Security Bulletin MS06-044
    Vulnerability in Microsoft Management Console Could Allow Remote Code Execution 917008
    http://www.microsoft.com/technet/security/Bulletin/MS06-045.mspx

    Bulletin Identifier Microsoft Security Bulletin MS06-045
    Vulnerability in Windows Explorer Could Allow Remote Code Execution 921398
    http://www.microsoft.com/technet/security/Bulletin/MS06-045.mspx

    Bulletin Identifier Microsoft Security Bulletin MS06-046
    Vulnerability in HTML Help Could Allow Remote Code Execution 922616
    http://www.microsoft.com/technet/security/Bulletin/MS06-046.mspx

    Bulletin Identifier Microsoft Security Bulletin MS06-047
    Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution 921645
    http://www.microsoft.com/technet/security/Bulletin/MS06-047.mspx

    Bulletin Identifier Microsoft Security Bulletin MS06-048
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution 922968
    http://www.microsoft.com/technet/security/Bulletin/MS06-048.mspx

    Bulletin Identifier Microsoft Security Bulletin MS06-051
    Vulnerability in Windows Kernel Could Result in Remote Code Execution 917422
    http://www.microsoft.com/technet/security/Bulletin/MS06-051.mspx

    Important (3)
    Bulletin Identifier Microsoft Security Bulletin MS06-045
    Vulnerability in Windows Explorer Could Allow Remote Code Execution 921398
    http://go.microsoft.com/fwlink/?LinkId=69730

    Bulletin Identifier Microsoft Security Bulletin MS06-049
    Vulnerability in Windows Kernel Could Result in Elevation of Privilege 920958
    http://www.microsoft.com/technet/security/Bulletin/MS06-049.mspx

    Bulletin Identifier Microsoft Security Bulletin MS06-050
    Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution 920670
    http://www.microsoft.com/technet/security/Bulletin/MS06-050.mspx

    Re-Released Bulletins:
    ASP.NET Path Validation Vulnerability (887219)
    http://www.microsoft.com/technet/security/Bulletin/ms05-004.mspx

    Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)
    http://www.microsoft.com/technet/security/Bulletin/ms06-039.mspx

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Webcast:
    Microsoft will host a webcast tomorrow. The webcast focuses on addressing your questions and concerns about the security bulletins. Therefore, most of the live webcast is aimed at giving you the opportunity to ask questions and get answers from their security experts.

    Start Time: Wednesday, August 09, 2006 11:00 AM Pacific Time (US & Canada)
    End Time: Wednesday, August 09, 2006 12:00 PM Pacific Time (US & Canada)

    Presenter: Christopher Budd, CISA, CISM, CISSP, ISSMP Security Program Manager, PSS Security, Microsoft Corporation and Mike Reavey, Lead Security Program Manager, Microsoft Corporation

    Security Tool:
    Find out if you are missing important Microsoft product updates by using MBSA.
     
    Last edited: Aug 8, 2006
  2. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft® Windows® Malicious Software Removal Tool (KB890830)

    The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Server 2003, Windows XP, or Windows 2000
    View products that this article applies to.
    Article ID : 890830
    Last Review : August 8, 2006
    Revision : 23.0
    http://support.microsoft.com/?kbid=890830

    Families Cleaned by the Malicious Software Removal Tool
    Additions Are Made Each Month to Address the Latest Threats
    Published: April 12, 2005 | Updated: August 8, 2006


    Run the tool from the Microsoft.com Web site, or download the tool and run it locally on your computer.

    The Microsoft Windows Malicious Software Removal Tool removes specific, prevalent malicious software families from computers running compatible versions of Windows. Microsoft releases a new version of the tool on the second Tuesday of every month, and as needed to respond to security incidents.

    New Malicious Software
    The following malicious software was added this release.

    • Banker

    • Jeefo

    http://www.microsoft.com/security/malwareremove/families.mspx

    Download>>>
    http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
     
  3. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Security Advisory (922437)

    Exploit Code Published Affecting the Server Service
    Published: August 11, 2006 | Updated: August 13, 2006


    Microsoft is aware of public reports regarding an attack known as Win32/Graweg exploiting the vulnerability addressed by security update MS06-040.
    http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx

    Microsoft’s initial investigation of Win32/Graweg verified that it only affects users running Windows 2000 that have not applied the update detailed in MS06-040. Microsoft has activated its emergency response process and is continuing to investigate this issue.

    The Microsoft Security Response Alliance partners as well as our own internal teams have determined that there is not widespread customer impact and have rated Win32/Graweb as a Low threat. At this time it does not appear to be a self-replicating internet-wide worm.

    Microsoft continues to recommend that customers apply the August updates as soon as possible with additional urgency and consideration given to the update detailed in MS06-040. Customers can ensure that the updates are being installed by enabling the Automatic Updates feature in Windows or by using their deployment infrastructure in their enterprise or small business.

    Customers who believe that they are infected or are not sure whether they are infected by Win32/Graweb should visit Safety.live.com and choose "Protection Scan." Additionally, Windows Live OneCare from Microsoft provides detection against Win32/Graweb and its known variants.

    Customers who believe they have been attacked should contact their local FBI office or report their situation to www.ic3.gov. Customers outside the U.S. should contact the national law enforcement agency in their country

    Customers who believe they are affected can contact Product Support Services. Contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1866-PCSAFETY) and international customers by using any method found at this location: http://support.microsoft.com/security.


    Mitigating Factors:

    • Customers who have installed the MS06-040 security update are not affected by this vulnerability.

    • While installation of the update is the recommended action, customers who have applied the mitigations as identified in MS06-040 will have minimized their exposure and potential exploitability against an attack.

    http://www.microsoft.com/technet/security/advisory/922437.mspx
     
Thread Status:
Not open for further replies.

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds