NICK ADSL UK
Microsoft Security Bulletin Summary for December, 2006
Published: December 12, 2006
Version: 1.0
http://www.microsoft.com/technet/security/...n/ms06-dec.mspx
Critical (3)
Bulletin Identifier Microsoft Security Bulletin MS06-072
Bulletin Title
Cumulative Security Update for Internet Explorer (925454)
Executive Summary
This update resolves vulnerabilities in Internet Explorer that could allow remote code execution.
http://go.microsoft.com/fwlink/?LinkId=77563
Bulletin Identifier Microsoft Security Bulletin MS06-073
Bulletin Title
Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674)
Executive Summary
This update resolves a vulnerability in Visual Studio 2005 that could allow remote code execution.
http://go.microsoft.com/fwlink/?LinkId=79426
Bulletin Identifier Microsoft Security Bulletin MS06-078
Bulletin Title
Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)
Executive Summary
This update resolves a vulnerability in Windows Media Player that could allow remote code execution.
http://go.microsoft.com/fwlink/?LinkId=76487
Important (4)
Bulletin Identifier Microsoft Security Bulletin MS06-074
Bulletin Title
Vulnerability in SNMP Could Allow Remote Code Execution (926247)
Executive Summary
This update resolves a vulnerability in Simple Network Management Protocol (SNMP) that could allow remote code execution. The SNMP service is not installed by default in any supported version of Windows.
http://go.microsoft.com/fwlink/?LinkId=78533
Bulletin Identifier Microsoft Security Bulletin MS06-075
Bulletin Title
Vulnerability in Windows Could Allow Elevation of Privilege (926255)
Executive Summary
A vulnerability exists in Windows that could allow elevation of privilege on an affected system. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
http://go.microsoft.com/fwlink/?LinkId=77797
Bulletin Identifier Microsoft Security Bulletin MS06-076
Bulletin Title
Cumulative Security Update for Outlook Express (923694)
Executive Summary
This update resolves a vulnerability in Outlook Express that could allow remote code execution. User interaction is required for an attacker to exploit this vulnerability.
http://go.microsoft.com/fwlink/?LinkId=73835
Bulletin Identifier Microsoft Security Bulletin MS06-077
Bulletin Title
Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)
Executive Summary
This update resolves a vulnerability in Remote Installation Service (RIS) that could allow remote code execution. RIS is not installed by default.
http://go.microsoft.com/fwlink/?LinkId=78537
Acknowledgments
Microsoft thanks the following for working with us to help protect customers:
• Jakob Balle and Carsten Eiram of Secunia Research for reporting an issue described in MS06-072
• Sam Thomas, working with TippingPoint and the Zero Day Initiative, for reporting an issue described in MS06-072
• Yorick Koster of ITsec Security Services for reporting an issue described in MS06-072
• TippingPoint and the Zero Day Initiative for reporting an issue described in MS06-073
• Kostya Kortchinsky of Immunity, Inc. and Clement Seguy of the European Aeronautic Defence and Space Company for reporting an issue described in MS06-074
• Nicolas Ruff for reporting an issue described in MS06-077
This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.
As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.
Webcast
Microsoft will host a webcast tomorrow. The webcast focuses on addressing your questions and concerns about the security bulletins. Therefore, most of the live webcast is aimed at giving you the opportunity to ask questions and get answers from their security experts.
Start Time: Wednesday, December 13th, 2006 11:00 AM Pacific Time (US & Canada)
End Time: Wednesday, December 13th, 2006 12:00 PM Pacific Time (US & Canada)
Presenter: Christopher Budd, CISA, CISM, CISSP, ISSMP Security Program Manager, PSS Security, Microsoft Corporation and Mike Reavey, Lead Security Program Manager, Microsoft Corporation
Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.
Published: December 12, 2006
Version: 1.0
http://www.microsoft.com/technet/security/...n/ms06-dec.mspx
Critical (3)
Bulletin Identifier Microsoft Security Bulletin MS06-072
Bulletin Title
Cumulative Security Update for Internet Explorer (925454)
Executive Summary
This update resolves vulnerabilities in Internet Explorer that could allow remote code execution.
http://go.microsoft.com/fwlink/?LinkId=77563
Bulletin Identifier Microsoft Security Bulletin MS06-073
Bulletin Title
Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674)
Executive Summary
This update resolves a vulnerability in Visual Studio 2005 that could allow remote code execution.
http://go.microsoft.com/fwlink/?LinkId=79426
Bulletin Identifier Microsoft Security Bulletin MS06-078
Bulletin Title
Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)
Executive Summary
This update resolves a vulnerability in Windows Media Player that could allow remote code execution.
http://go.microsoft.com/fwlink/?LinkId=76487
Important (4)
Bulletin Identifier Microsoft Security Bulletin MS06-074
Bulletin Title
Vulnerability in SNMP Could Allow Remote Code Execution (926247)
Executive Summary
This update resolves a vulnerability in Simple Network Management Protocol (SNMP) that could allow remote code execution. The SNMP service is not installed by default in any supported version of Windows.
http://go.microsoft.com/fwlink/?LinkId=78533
Bulletin Identifier Microsoft Security Bulletin MS06-075
Bulletin Title
Vulnerability in Windows Could Allow Elevation of Privilege (926255)
Executive Summary
A vulnerability exists in Windows that could allow elevation of privilege on an affected system. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
http://go.microsoft.com/fwlink/?LinkId=77797
Bulletin Identifier Microsoft Security Bulletin MS06-076
Bulletin Title
Cumulative Security Update for Outlook Express (923694)
Executive Summary
This update resolves a vulnerability in Outlook Express that could allow remote code execution. User interaction is required for an attacker to exploit this vulnerability.
http://go.microsoft.com/fwlink/?LinkId=73835
Bulletin Identifier Microsoft Security Bulletin MS06-077
Bulletin Title
Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)
Executive Summary
This update resolves a vulnerability in Remote Installation Service (RIS) that could allow remote code execution. RIS is not installed by default.
http://go.microsoft.com/fwlink/?LinkId=78537
Acknowledgments
Microsoft thanks the following for working with us to help protect customers:
• Jakob Balle and Carsten Eiram of Secunia Research for reporting an issue described in MS06-072
• Sam Thomas, working with TippingPoint and the Zero Day Initiative, for reporting an issue described in MS06-072
• Yorick Koster of ITsec Security Services for reporting an issue described in MS06-072
• TippingPoint and the Zero Day Initiative for reporting an issue described in MS06-073
• Kostya Kortchinsky of Immunity, Inc. and Clement Seguy of the European Aeronautic Defence and Space Company for reporting an issue described in MS06-074
• Nicolas Ruff for reporting an issue described in MS06-077
This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.
As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.
Webcast
Microsoft will host a webcast tomorrow. The webcast focuses on addressing your questions and concerns about the security bulletins. Therefore, most of the live webcast is aimed at giving you the opportunity to ask questions and get answers from their security experts.
Start Time: Wednesday, December 13th, 2006 11:00 AM Pacific Time (US & Canada)
End Time: Wednesday, December 13th, 2006 12:00 PM Pacific Time (US & Canada)
Presenter: Christopher Budd, CISA, CISM, CISSP, ISSMP Security Program Manager, PSS Security, Microsoft Corporation and Mike Reavey, Lead Security Program Manager, Microsoft Corporation
Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.
Participate on our website and join the conversation
You have already an account on our website? Use the link below to login.
Login
Create a new user account. Registration is free and takes only a few seconds.
Register
This topic is archived. New comments cannot be posted and votes cannot be cast.
