[ExchangeList] Product Support Services - Critical Product Vulnerability - June 2006 Microsoft Security Bulletin Release

  • From: "Mark Fugatt" <markfu@xxxxxxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 13 Jun 2006 19:35:03 +0100

http://www.msexchange.org
-------------------------------------------------------The purpose of this 
update is to provide you with a summary of the
Microsoft June 2006 Security Bulletin release. 

========================
New Security Bulletins
========================

Microsoft is releasing the following security bulletins for newly
discovered vulnerabilities:

* Critical      MS06-021        Microsoft Windows               Remote
Code Execution
* Critical      MS06-022        Microsoft Windows               Remote
Code Execution
* Critical      MS06-023        Microsoft Windows               Remote
Code Execution
* Critical      MS06-024        Windows Media Player            Remote
Code Execution
* Critical      MS06-025        Microsoft Windows               Remote
Code Execution
* Critical      MS06-026        Microsoft Windows               Remote
Code Execution
* Critical      MS06-027        Microsoft Word                  Remote
Code Execution
* Critical      MS06-028        Microsoft PowerPoint            Remote
Code Execution
* Important     MS06-029        Microsoft Exchange+ OWA Remote Code
Execution
* Important     MS06-030        Microsoft Windows
Elevation of Privilege
* Moderate      MS06-031        Microsoft Windows               Spoofing
* Important     MS06-032        Microsoft Windows               Remote
Code Execution

The Summary for these new bulletins may be found at the following page:

* http://www.microsoft.com/technet/security/bulletin/ms06-Jun.mspx

========================
Re-released Bulletins
========================

In addition, Microsoft is re-releasing the following security bulletin:

* Important     MS06-011        Microsoft Windows       Elevation of
Privilege

Information on this re-released bulletin may be found at the following
page:

* http://www.microsoft.com/technet/security/Bulletin/MS06-011.mspx

Customers are advised to review the information in the bulletins, test
and deploy the updates immediately in their environments, if applicable.

========================
Microsoft Windows Malicious Software Removal Tool
========================

Microsoft is releasing an updated version of the Microsoft Windows
Malicious Software Removal Tool on Windows Server Update Services
(WSUS), Windows Update (WU) and the Download Center. Note that this tool
will NOT be distributed using Software Update Services (SUS).
Information on the Microsoft Windows Malicious Software Removal Tool can
be located here:

* http://go.microsoft.com/fwlink/?LinkId=40573

========================
High-Priority Non-Security Updates on Microsoft Update (MU), Windows
Update (WU), Windows Server Update Services (WSUS) and Software Update
Services (SUS)
========================

Microsoft is today also making the following High-Priority NON-SECURITY
updates available on WU, MU, SUS and/or WSUS:

* 914784        Update to improve Kernel patch protection
WU/MU
* 917149        Update for Outlook 2003 Junk E-Mail Filter      MU/WSUS

========================
TechNet Webcast: Information about Microsoft June 2006 Security
Bulletins
========================

* Wednesday, 14 June 2006 11:00 AM (GMT-08:00) Pacific Time (US &
Canada)
*
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US
&EventID=1032297371

The on-demand version of the Webcast will be available 24 hours after
the live Webcast at: 

*
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US
&EventID=1032297371

========================
Security Bulletin Details
========================

MS06-021

Title:  Cumulative Security Update for Internet Explorer (916281)

Affected Software: 
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service
Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003
Service Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me) - Review the FAQ section of
this bulletin for details about these operating systems.

Affected Components:
* Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000
Service Pack 4
* Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service
Pack 4 or on Microsoft Windows XP Service Pack 1 
* Internet Explorer 6 for Microsoft Windows XP Service Pack 2 
* Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft
Windows Server 2003 Service Pack 1 
* Internet Explorer 6 for Microsoft Windows Server 2003 for
Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for
Itanium-based Systems 
* Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition 
* Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition 
* Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on
Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition -
Review the FAQ section of this bulletin for details about this version.

Note: The software in this list has been tested to determine whether the
versions are affected. Other versions either no longer include security
update support or may not be affected. To determine the support life
cycle for your product and version, visit the Microsoft Support
Lifecycle Web site:
http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle 

Note: The security updates for Microsoft Windows Server 2003, Windows
Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also
apply to Windows Server 2003 R2. 

Impact of Vulnerability:  Remote Code Execution

Maximum Severity Rating:  Critical

Restart requirement:  You must restart your system after you apply this
security update.

Update can be uninstalled: Yes. To remove this security update, use the
Add or Remove Programs tool in Control Panel. System administrators can
also use the Spuninst.exe utility to remove this security update.

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-021.mspx

******************************************************************

MS06-022

Title:  Vulnerability in ART Image Rendering Could Allow Remote Code
Execution (918439)

Affected Software: 
* Microsoft Windows XP Service Pack 1 
* Microsoft Windows XP Service Pack 2 
* Microsoft Windows XP Professional x64 Edition 
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003
Service Pack 1 
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems 
* Microsoft Windows Server 2003 x64 Edition 
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me) - Review the FAQ section of
this bulletin for details about these operating systems.
 
Affected Components:

* Windows 2000 with the Windows 2000 AOL Image Support Update installed:
* Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000
Service Pack 4
* Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service
Pack 4
 
Note: The software in this list has been tested to determine whether the
versions are affected. Other versions either no longer include security
update support or may not be affected. To determine the support life
cycle for your product and version, visit the Microsoft Support
Lifecycle Web site:
http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle.

Note: The security updates for Microsoft Windows Server 2003, Windows
Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also
apply to Windows Server 2003 R2. 
 
Impact of Vulnerability:  Remote Code Execution

Maximum Severity Rating:  Critical

Restart requirement:  In some cases, this update does not require a
restart. If the required files are being used, this update will require
a restart. If this behavior occurs, a message appears that advises you
to restart. To help reduce the chance that a reboot will be required,
stop all affected services and close all applications that may use the
affected files prior to installing the security update. For more
information about the reasons why you may be prompted to restart your
computer, see Microsoft Knowledge Base Article 887012:
http://support.microsoft.com/kb/887012.

Update can be uninstalled: Yes. To remove this security update, use the
Add or Remove Programs tool in Control Panel. System administrators can
also use the Spuninst.exe utility to remove this security update. 

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-022.mspx

******************************************************************

MS06-023

Title:  Vulnerability in Microsoft JScript Could Allow Remote Code
Execution (917344)

Affected Software: 
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service
Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003
Service Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me) - Review the FAQ section of
this bulletin for details about these operating systems.

Affected Components: 
* Microsoft JScript 5.1 on Microsoft Windows 2000 Service Pack 4 
* Microsoft JScript 5.6 and 5.5 when installed on Windows 2000 Service
Pack 4 
* Microsoft JScript 5.6 on Microsoft Windows XP Service Pack 1 and
Microsoft Windows XP Service Pack 2 
* Microsoft JScript 5.6 on Microsoft Windows XP Professional x64 Edition

* Microsoft JScript 5.6 on Microsoft Windows Server 2003 and Microsoft
Windows Server 2003 Service Pack 1 
* Microsoft JScript 5.6 on Microsoft Windows Server 2003 for
Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for
Itanium-based Systems 
* Microsoft JScript 5.6 on Microsoft Windows Server 2003 x64 Edition
* Microsoft JScript 5.6 on Microsoft Windows 98, Microsoft Windows 98
Second Edition (SE), and Microsoft Windows Millennium Edition (Me) -
Review the FAQ section of this bulletin for details about these
operating systems.

Note: The software in this list has been tested to determine whether the
versions are affected. Other versions either no longer include security
update support or may not be affected. To determine the support life
cycle for your product and version, visit the Microsoft Support
Lifecycle Web site:
http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle.

Note: The security updates for Microsoft Windows Server 2003, Windows
Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also
apply to Windows Server 2003 R2. 

Impact of Vulnerability:  Remote Code Execution

Maximum Severity Rating:  Critical

Restart requirement:  In some cases, this update does not require a
restart. If the required files are being used, this update will require
a restart. If this behavior occurs, a message appears that advises you
to restart. To help reduce the chance that a restart will be required,
stop all affected services and close all applications that may use the
affected files prior to installing the security update. For more
information about the reasons why you may be prompted to restart your
computer, see Microsoft Knowledge Base Article 887012:
http://support.microsoft.com/kb/887012.

Update can be uninstalled: Yes. To remove this security update, use the
Add or Remove Programs tool in Control Panel. System administrators can
also use the Spuninst.exe utility to remove this security update.

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-023.mspx

******************************************************************

MS06-024

Title:  Vulnerability in Windows Media Player Could Allow Remote Code
Execution (917734)

Affected Software: 
* Windows Media Player for XP on Microsoft Windows XP Service Pack 1 
* Windows Media Player 9 on Microsoft Windows XP Service Pack 2 
* Windows Media Player 10 on Microsoft Windows XP Professional x64
Edition 
* Windows Media Player 9 on Microsoft Windows Server 2003 
* Windows Media Player 10 on Microsoft Windows Server 2003 Service Pack
1
* Windows Media Player 10 on Microsoft Windows Server 2003 x64 Edition 
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me) - Review the FAQ section of
this bulletin for details about these operating systems.

Affected Components: 
* Microsoft Windows Media Player 7.1 when installed on Windows 2000
Service Pack 4 
* Microsoft Windows Media Player 9 when installed on Windows 2000
Service Pack 4 or Windows XP Service Pack 1 
* Microsoft Windows Media Player 10 when installed on Windows XP Service
Pack 1 or Windows XP Service Pack 2 

Non-Affected Software: 
* Windows Media Player 6.4 on all Microsoft Windows operating systems
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems

Note: The "Affected Software" section applies to Windows Media Player
that shipped with a Microsoft Windows operating system. The "Affected
Components" section applies to Windows Media Player that was downloaded
and installed onto Microsoft Windows.

Note: The software in this list has been tested to determine whether the
versions are affected. Other versions either no longer include security
update support or may not be affected. To determine the support life
cycle for your product and version, visit the Microsoft Support
Lifecycle Web site:
http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle.

Note: The security updates for Microsoft Windows Server 2003, Windows
Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also
apply to Windows Server 2003 R2. 

Impact of Vulnerability:  Remote Code Execution

Maximum Severity Rating:  Critical

Restart requirement:  This update does not require a restart. The
installer stops the required services, applies the update, and then
restarts the services. However, if the required services cannot be
stopped for any reason, or if required files are being used, this update
will require a restart. If this behavior occurs, a message appears that
advises you to restart. For more information about the reasons why you
may be prompted to restart your computer, see Microsoft Knowledge Base
Article 887012: http://support.microsoft.com/kb/887012.

Update can be uninstalled: Yes. To remove this security update, use the
Add or Remove Programs tool in Control Panel. System administrators can
also use the Spuninst.exe utility to remove this security update.

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-024.mspx

******************************************************************

MS06-025

Title:  Vulnerability in Routing and Remote Access Could Allow Remote
Code Execution (911280)

Affected Software: 
* Microsoft Windows 2000 Service Pack 4 
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service
Pack 2 
* Microsoft Windows XP Professional x64 Edition 
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003
Service Pack 1 
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems 
* Microsoft Windows Server 2003 x64 Edition 

Non-Affected Software: 
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me).

Note: The software in this list has been tested to determine whether the
versions are affected. Other versions either no longer include security
update support or may not be affected. To determine the support life
cycle for your product and version, visit the Microsoft Support
Lifecycle Web site:
http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle.

Note: The security updates for Microsoft Windows Server 2003, Windows
Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also
apply to Windows Server 2003 R2. 

Impact of Vulnerability:  Remote Code Execution

Maximum Severity Rating:  Critical

Restart requirement:  You must restart your system after you apply this
security update. 

Update can be uninstalled: Yes. To remove this security update, use the
Add or Remove Programs tool in Control Panel. System administrators can
also use the Spuninst.exe utility to remove this security update.

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-025.mspx

******************************************************************

MS06-026

Title:  Vulnerability in Graphics Rendering Engine Could Allow Remote
Code Execution (918547)

Affected Software: 
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me) 
* See "FAQ Related to This Security Update" section in the bulletin for
more information.

Non-Affected Software: 
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service
Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003
Service Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition

Note: The software in this list has been tested to determine whether the
versions are affected. Other versions either no longer include security
update support or may not be affected. To determine the support life
cycle for your product and version, visit the Microsoft Support
Lifecycle Web site:
http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle.

Impact of Vulnerability:  Remote Code Execution

Maximum Severity Rating:  Critical

Restart requirement:  You must restart your system after you apply this
security update.

Update can be uninstalled: Yes

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-026.mspx

******************************************************************

MS06-027

Title:  Vulnerability in Microsoft Word Could Allow Remote Code
Execution (917336)

Affected Software: 
* Microsoft Office 2000 Service Pack 3
    * Microsoft Word 2000 
* Microsoft Office XP Service Pack 3
    * Microsoft Word 2002 
* Microsoft Office 2003 Service Pack 1 or Service Pack 2
    * Microsoft Word 2003 
    * Microsoft Word Viewer 2003 
* Microsoft Works Suites:
    * Microsoft Works Suite 2000 
    * Microsoft Works Suite 2001 
    * Microsoft Works Suite 2002 
    * Microsoft Works Suite 2003 
    * Microsoft Works Suite 2004 
    * Microsoft Works Suite 2005 
    * Microsoft Works Suite 2006 

Non-Affected Software: 
* Microsoft Office v. X for Mac
    * Microsoft Word v. X for Mac
* Microsoft Word 2004 for Mac

Note: The software in this list has been tested to determine whether the
versions are affected. Other versions either no longer include security
update support or may not be affected. To determine the support life
cycle for your product and version, visit the Microsoft Support
Lifecycle Web site:
http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle.

Impact of Vulnerability:  Remote Code Execution

Maximum Severity Rating:  Critical

Restart requirement:  To help reduce the chance that a restart will be
required, stop all affected services and close all applications that may
use the affected files prior to installing the security update. For more
information about the reasons why you may be prompted to restart, see
Microsoft Knowledge Base Article 887012:
http://support.microsoft.com/kb/887012.
 
Update can be uninstalled: This depends on the target application being
updated. See the Bulletin for more details.

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-027.mspx

******************************************************************

MS06-028

Title:  Vulnerability in Microsoft PowerPoint Could Allow Remote Code
Execution (916768)

Affected Software: 
* Microsoft Office 2000 Service Pack 3
    * Microsoft PowerPoint 2000 
* Microsoft Office XP Service Pack 3
    * Microsoft PowerPoint 2002 
* Microsoft Office 2003 Service Pack 1 or Service Pack 2
    * Microsoft PowerPoint 2003 
* Microsoft Office 2004 for Mac
    * Microsoft PowerPoint 2004 for Mac 
* Microsoft Office v. X for Mac
    * Microsoft PowerPoint v. X for Mac

Note: The software in this list has been tested to determine whether the
versions are affected. Other versions either no longer include security
update support or may not be affected. To determine the support life
cycle for your product and version, visit the Microsoft Support
Lifecycle Web site:
http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle.

Impact of Vulnerability:  Remote Code Execution

Maximum Severity Rating:  Critical

Restart requirement:  To help reduce the chance that a restart will be
required, stop all affected services and close all applications that may
use the affected files prior to installing the security update. For more
information about the reasons why you may be prompted to restart, see
Microsoft Knowledge Base Article 887012:
http://support.microsoft.com/kb/887012.
 
Update can be uninstalled: This depends on the target application being
updated. See the Bulletin for more details.

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-028.mspx

******************************************************************

MS06-029

Title:  Vulnerability in Microsoft Exchange Server Running Outlook Web
Access Could Allow Script Injection (912442)

Affected Software: 
* Microsoft Exchange 2000 Server Pack 3 with the August 2004 Exchange
2000 Server Post-Service Pack 3 Update Rollup 
* Microsoft Exchange Server 2003 Service Pack 1
* Microsoft Exchange Server 2003 Service Pack 2

Note: The software in this list has been tested to determine whether the
versions are affected. Other versions either no longer include security
update support or may not be affected. To determine the support life
cycle for your product and version, visit the Microsoft Support
Lifecycle Web site:
http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle. 

Note: For more information about the August 2004 Exchange 2000 Server
Post-Service Pack 3 Update Rollup see Microsoft Knowledge Base Article
870540: http://support.microsoft.com/kb/870540.
 
Impact of Vulnerability:  Remote Code Execution

Maximum Severity Rating:  Important

Restart requirement:  This update does not require a restart. The
installer stops the required services, applies the update, and then
restarts the services. However, if the required services cannot be
stopped for any reason, or if required files are being used, this update
will require a restart. If this behavior occurs, a message appears that
advises you to restart. To help reduce the chance that a reboot will be
required, stop all affected services and close all applications that may
use the affected files prior to installing the security update. For more
information about the reasons why you may be prompted to restart your
computer, see Microsoft Knowledge Base Article 887012:
http://support.microsoft.com/kb/887012.

Update can be uninstalled: Yes. To remove this security update, use the
Add or Remove Programs tool in Control Panel. System administrators can
also use the Spuninst.exe utility to remove this security update.

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-029.mspx

******************************************************************

MS06-030

Title:  Vulnerability in Server Message Block Could Allow Elevation of
Privilege (914389)

Affected Software: 
* Microsoft Windows 2000 Service Pack 4 
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service
Pack 2 
* Microsoft Windows XP Professional x64 Edition 
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003
Service Pack 1 
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition 

Non-Affected Software: 
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me)

Note: The software in this list has been tested to determine whether the
versions are affected. Other versions either no longer include security
update support or may not be affected. To determine the support life
cycle for your product and version, visit the Microsoft Support
Lifecycle Web site:
http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle. 

Note: The security updates for Microsoft Windows Server 2003, Windows
Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also
apply to Windows Server 2003 R2. 

Impact of Vulnerability:  Elevation of Privilege

Maximum Severity Rating:  Important

Restart requirement:  You must restart your system after you apply this
security update.

Update can be uninstalled: Yes. To remove this security update, use the
Add or Remove Programs tool in Control Panel. System administrators can
also use the Spuninst.exe utility to remove this security update.

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-030.mspx

******************************************************************

MS06-031

Title:  Vulnerability in RPC Mutual Authentication Could Allow Spoofing
(917736)

Affected Software: 
* Microsoft Windows 2000 Service Pack 4

Affected Components: 
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service
Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003
Service Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me)

Note: The software in this list has been tested to determine whether the
versions are affected. Other versions either no longer include security
update support or may not be affected. To determine the support life
cycle for your product and version, visit the Microsoft Support
Lifecycle Web site:
http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle.

Impact of Vulnerability:  Spoofing

Maximum Severity Rating:  Moderate

Restart requirement:  You must restart your system after you apply this
security update.

Update can be uninstalled: Yes. To remove this security update, use the
Add or Remove Programs tool in Control Panel. System administrators can
also use the Spuninst.exe utility to remove this security update.

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-031.mspx

******************************************************************

MS06-032

Title:  Vulnerability in TCP/IP Could Allow Remote Code Execution
(917953)

Affected Software: 
* Microsoft Windows 2000 Service Pack 4 
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service
Pack 2 
* Microsoft Windows XP Professional x64 Edition 
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003
Service Pack 1 
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition 

Non-Affected Software: 
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me)

Note: The software in this list has been tested to determine whether the
versions are affected. Other versions either no longer include security
update support or may not be affected. To determine the support life
cycle for your product and version, visit the Microsoft Support
Lifecycle Web site:
http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle.

Note: The security updates for Microsoft Windows Server 2003, Windows
Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also
apply to Windows Server 2003 R2. 

Impact of Vulnerability:  Remote Code Execution

Maximum Severity Rating:  Important

Restart requirement:  You must restart your system after you apply this
security update.

Update can be uninstalled: Yes. To remove this security update, use the
Add or Remove Programs tool in Control Panel. System administrators can
also use the Spuninst.exe utility to remove this security update.

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-032.mspx

******************************************************************

MS06-011

Title:  Vulnerabilities in Macromedia Flash Player from Adobe Could
Allow Remote Code Execution (913433)

Affected Software: 
* Microsoft Windows XP Service Pack 1 
* Microsoft Windows Server 2003 
* Microsoft Windows Server 2003 for Itanium-based Systems

Non-Affected Software: 
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (ME)
* Microsoft Windows XP Service Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 Service Pack 1
* Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based
Systems
* Microsoft Windows Server 2003 x64 Edition

Note: The software in this list has been tested to determine whether the
versions are affected. Other versions either no longer include security
update support or may not be affected. To determine the support life
cycle for your product and version, visit the Microsoft Support
Lifecycle Web site:
http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle.

Note: The security updates for Microsoft Windows Server 2003, Windows
Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also
apply to Windows Server 2003 R2. 

Impact of Vulnerability:  Elevation of Privilege

Maximum Severity Rating:  Important

Frequently Asked Questions: 

Q: Why did Microsoft reissue this bulletin on June 13, 2006?
A: Microsoft updated this bulletin and the associated security updates
to include updated registry key values for the NetBT, RemoteAccess, and
TCPIP services. These values have been modified to be the same as
Windows XP Service Pack 2 on Windows XP Service Pack 1 systems, and the
same as Windows 2003 Service Pack 1 on Windows 2003 systems with no
service pack applied. Customers are encouraged to apply this revised
update for additional security from privilege elevation through the
these services as described in the Vulnerability Details section of this
security bulletin. For more information, and the updated registry key
values, see Microsoft Knowledge Base Article 914798.

Q: What changes does the revised security update include?
A: The revised security update contains no changes to the binaries
included in the initial security update. During installation, the
revised security update will update the registry values for the NetBT,
RemoteAccess, and TCPIP services as indicated in Microsoft Knowledge
Base Article 914798.

Q: What are the known issues that customers may experience when they
install this security update?
A: Microsoft Knowledge Base Article 914798 documents the currently known
issues that customers may experience when they install this security
update. The article also documents recommended solutions for these
issues. 

Restart requirement:  This update does not require a restart. The
installer stops the required services, applies the update, and then
restarts the services. However, if the required services cannot be
stopped for any reason, or if required files are being used, this update
will require a restart. If this behavior occurs, a message appears that
advises you to restart. For more information about the reasons why you
may be prompted to restart your computer, see Microsoft Knowledge Base
Article 887012: http://support.microsoft.com/kb/887012.

Update can be uninstalled: This update cannot be removed. To learn more
about manually removing the changes made by this update, please see
Microsoft Knowledge Base Article 914798:
http://support.microsoft.com/kb/914798.

Note: As this update is only modifying system properties for the
identified services, no new binaries are applied to the system as a
result of the update installation.

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-011.mspx

******************************************************************

If you have any questions regarding the security updates or its
implementation after reading the above listed bulletin you should
contact Product Support Services in the United States at 1-866-PCSafety
(1-866-727-2338).  International customers should contact their local
subsidiary at the number located at
http://support.microsoft.com/security

Thank you,
Microsoft PSS Security Team
-------------------------------------------------------
List Archives: http://www.freelists.org/archives/exchangelist/
MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp
MSExchange Articles and Tutorials: http://www.msexchange.org/articles_tutorials/
MSExchange Blogs: http://blogs.msexchange.org/
-------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
-------------------------------------------------------
To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts:

  • » [ExchangeList] Product Support Services - Critical Product Vulnerability - June 2006 Microsoft Security Bulletin Release