-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
********************************************************************
Title: Microsoft Security Bulletin Summary for December 2006
Issued: December 12, 2006
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=79710
********************************************************************
Summary:
========
This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.
Critical Security Bulletins
===========================
MS06-072 - Cumulative Security Update for Internet Explorer (925454)
- Affected Software:
- Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service
Pack 4
- Internet Explorer 6 Service Pack 1 on Windows 2000 Service
Pack 4
- Internet Explorer 6 for Windows XP Service Pack 2
- Internet Explorer 6 for Windows XP Professional x64 Edition
- Internet Explorer 6 for Windows Server 2003 and Windows
Server 2003 Service Pack 1
- Internet Explorer 6 for Windows Server 2003 for Itanium-based
Systems and Windows Server 2003 with SP1 for Itanium-based
Systems
- Internet Explorer 6 for Windows Server 2003 x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-073 - Vulnerability in Visual Studio 2005
Could Allow Remote Code Execution (925674)
- Affected Software:
- Microsoft Visual Studio 2005
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-078 - Vulnerability in Windows Media Format
Could Allow Remote Code Execution (923689)
- Affected Software:
- Microsoft Windows Media Format 7.1 through 9.5 Series Runtime
on the following operating system versions:
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 or Microsoft Windows Server
2003 Service Pack 1
- Microsoft Windows Server 2003 x64 Edition
- Microsoft Windows Media Format 9.5 Series Runtime x64 Edition
on the following operating system versions:
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 x64 Edition
- Microsoft Windows Media Player 6.4
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 or on Microsoft Windows
Server 2003 Service Pack 1
- Microsoft Windows Server 2003 x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
Important Security Bulletins
============================
MS06-074 - Vulnerability in SNMP
Could Allow Remote Code Execution (926247)
- Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows Server 2003 with SP1
for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-075 - Vulnerability in Windows
Could Allow Elevation of Privilege (926255)
- Affected Software:
- Microsoft Windows XP Service Pack 2
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
- Impact: Elevation of Privilege
- Version Number: 1.0
MS06-076 - Cumulative Security Update for Outlook Express (923694)
- Affected Software:
- Outlook Express 5.5 Service Pack 2 on Windows 2000 Service
Pack 4
- Outlook Express 6 Service Pack 1 on Windows 2000 Service
Pack 4
- Outlook Express 6 on Windows XP Service Pack 2
- Outlook Express 6 on Windows XP Professional x64 Edition
- Outlook Express 6 on Windows Server 2003 and Windows
Server 2003 Service Pack 1
- Outlook Express 6 on Windows Server 2003 for Itanium-based
Systems and Windows Server 2003 with SP1 for Itanium-based
Systems
- Outlook Express 6 on Windows Server 2003 x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-077 - Vulnerability in Remote Installation Service
Could Allow Remote Code Execution (926121)
- Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=79710
Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates.
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx
Microsoft Support Lifecycle for Business and Developer Software ===============================================================
The Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time that the product is released. Under this policy, Microsoft will offer a minimum of ten years of support. This includes five years of Mainstream Support and five years of Extended Support for Business and Developer products. Microsoft will continue to provide security update support, at a supported Service Pack level, for a minimum of ten years through the Extended support phase. For more information about the Microsoft Support Lifecycle, visit http://support.microsoft.com/lifecycle/ or contact your Technical Account Manager.
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:
http://www.microsoft.com/technet/security/secnews/default.mspx
* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:
http://www.microsoft.com/technet/security/bulletin/notify.mspx
* Join Microsoft's webcast for a live discussion of the technical
details of these security bulletins and steps you can take
to protect your environment. Details about the live webcast
can be found at:
www.microsoft.com/technet/security/bulletin/summary.mspx
The on-demand version of the webcast will be available 24 hours
after the live webcast at:
www.microsoft.com/technet/security/bulletin/summary.mspx
* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx
Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:
* Jakob Balle and Carsten Eiram of Secunia Research
(http://secunia.com)
for reporting an issue described in MS06-072
* Sam Thomas, working with TippingPoint
(http://www.tippingpoint.com) and the
Zero Day Initiative
(http://www.zerodayinitiative.com),
for reporting an issue described in MS06-072
* Yorick Koster of ITsec Security Services
(http://www.itsec-ss.nl)
for reporting an issue described in MS06-072
* TippingPoint (http://www.tippingpoint.com) and the
Zero Day Initiative (http://www.zerodayinitiative.com)
for reporting an issue described in MS06-073
* Kostya Kortchinsky of Immunity, Inc.
(http://www.immunityinc.com) and
Clement Seguy of the
European Aeronautic Defence and Space Company
(http://www.eads.com)
for reporting an issue described in MS06-074
* Nicolas Ruff for reporting an issue described in MS06-077
********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQIVAwUBRX8SB4lDklrxMhdPAQIrcxAAmJzXLRELxcXO17VbBJBrAl2H9EL5TsKU
HuUIrBp9+245Hsi8sNMoeYjxkPDfu8fth4yMLZ4J86674nfkhWDkTLMr6Ge571oM
2dee8fURvu4WAT6FIAc3Q+6fgHjTQhdhH4rut5GDt2hWiBPS9VsNdGc4jaPASHYd
+VOl4Zqf2KD0CaxAidI0YQRZE9szqP5Bs39lrCqCpXNVJC886ov+5h8Dm8V+99QE
e+vJaKgc7gn8w+VbZRWlSbEs0fGnMb4jx5K9vLCAdgJxB23ih+57+k3rm6CA+Sn8
zlELG3+Jcw4FWll6/eWjtXQ+HaRYdIRHsH4zZEHKPt+icFYxWvo7zrqilT+dtcEr
e/MoazAqZfSdlLcxxqrU5gKh5xliA+rhb15nNBmS2BZkDXHr5mpuO8ReLAE0LUSy
G6SnweTdnNCExnLRxto9Z2s12Z7qtIrNkN3zN2bzZXxHqD4ptbgHJkWDRrCPFYbS
D/PPGK9Gnca3q7syGyUigIpgAwJUZDwA+O6jWSf3vYDuLEHxT4P5krQQSDzdXpC1
vXMcod12CNKFvC9apkR5WCh9FmUSp13R5bdAKLleR3Maae0nVU+FYxNm50fsscFw
dqPRi78DF/kShVRykp93kdsr1nLKdnrP1DoV3lsg8nckVpn7xYkZ1f0srguFzcia
07ZYXYVh6V8=
=oG59
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
********************************************************************
Title: Microsoft Security Bulletin Summary for November 2006
Issued: November 14, 2006
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=77959
********************************************************************
Summary:
========
This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.
Critical Security Bulletins
===========================
MS06-067 - Cumulative Security Update for Internet Explorer (922760)
- Affected Software:
- Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service
Pack 4
- Internet Explorer 6 Service Pack 1 on Windows 2000 Service
Pack 4
- Internet Explorer 6 for Windows XP Service Pack 2
- Internet Explorer 6 for Windows XP Professional x64 Edition
- Internet Explorer 6 for Windows Server 2003 and Windows
Server 2003 Service Pack 1
- Internet Explorer 6 for Windows Server 2003 for Itanium-based
Systems and Windows Server 2003 with SP1 for Itanium-based
Systems
- Internet Explorer 6 for Windows Server 2003 x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-068 - Vulnerability in Microsoft Agent
Could Allow Remote Code Execution (920213)
- Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows Server 2003 with SP1
for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-069 - Vulnerabilities in Macromedia Flash Player from Adobe
Could Allow Remote Code Execution (923789)
- Affected Software:
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-070 - Vulnerability in Workstation Service
Could Allow Remote Code Execution (924270)
- Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 2
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-071 - Vulnerability in Microsoft XML Core Services
Could Allow Remote Code Execution (928088)
- Affected Software:
- Microsoft XML Core Services 4.0
- Microsoft XML Core Services 6.0
- Impact: Remote Code Execution
- Version Number: 1.0
Important Security Bulletins
============================
MS06-066 - Vulnerabilities in Client Service for NetWare
Could Allow Remote Code Execution (923980)
- Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 2
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 Service Pack 1
- Impact: Remote Code Execution
- Version Number: 1.0
Update Availability:
Updates are available to address these issues.
For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=77959
Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates.
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx
Microsoft Support Lifecycle for Business and Developer Software ===============================================================
The Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time that the product is released. Under this policy, Microsoft will offer a minimum of ten years of support. This includes five years of Mainstream Support and five years of Extended Support for Business and Developer products. Microsoft will continue to provide security update support, at a supported Service Pack level, for a minimum of ten years through the Extended support phase. For more information about the Microsoft Support Lifecycle, visit http://support.microsoft.com/lifecycle/ or contact your Technical Account Manager.
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:
http://www.microsoft.com/technet/security/secnews/default.mspx
* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:
http://www.microsoft.com/technet/security/bulletin/notify.mspx
* Join Microsoft's webcast for a live discussion of the technical
details of these security bulletins and steps you can take
to protect your environment. Details about the live webcast
can be found at:
www.microsoft.com/technet/security/bulletin/summary.mspx
The on-demand version of the webcast will be available 24 hours
after the live webcast at:
www.microsoft.com/technet/security/bulletin/summary.mspx
* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx
Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:
* Peter Winter-Smith of NGS Software (http://www.ngssoftware.com)
for reporting an issue described in MS06-066.
* Sam Arun Raj of McAfee (http://www.mcafee.com)
for reporting an issue described in MS06-066.
* Sam Thomas, working with Tipping Point
(http://www.tippingpoint.com) and
Zero Day Initiative (ZDI)
(http://www.zerodayinitiative.com),
for reporting an issue described in MS06-067.
* Stuart Pearson of Computer Terrorism
(http://www.computerterrorism.com)
for working with us on an issue described in MS06-069.
* eEye (http://www.eeye.com)
for reporting an issue described in MS06-070.
* Robert Freeman of ISS (http://www.iss.net)
for working with us on an issue described in MS06-071.
* Dror Shalev and Moti Jospeh of Check Point
(http://www.checkpoint.com)
for working with us on an issue described in MS06-071.
********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQIVAwUBRVoTVhCvwTv3q93mAQLsug//dCgaNz2ts7pWj25efMjdogY4kdT6SzJu
xPxZmuT5uBR6zQG8mBa2PlulOau2plsrTgpJLy/A5AJFh00C6DHvOSa58hUWwtY8
f/fHIlXzOO9noQl992vk0ueR6U7uMyS9e4DSDtDB+wilbB5lUUyoibrnPc779cQ/
sb2Ddin6/5h3AHhrqlHAEh4XCdFzHkLHmqzrRFL3wYmMYuuERfD1Zxs03BxdYgU8
hSsCIXHVe41JTE4rGtQF/HqVe7BYGTS3lq8d0VqK2XqydfWQlI1RIAem93D4nri7
7E2CYcQx3iZKu3jSrsBugIhZcp2NXoWgAIsSmNU4C7knu1bPINVKcWPTX510HDAq
8EFnw2Ccy19bkdOEENBvP9Olww1QC/JmOBkHBRrdDYLZRdSYDiR+lGk1vHzQldc/
bb596UlrCsX4j4xJM8YyL5jxslSVuRzMfFOaiGFUeeqRSa6UZjyiZb1UGXfaMQrm
ZxPwi7XsAX2XDPjl0wHoHafOZuEuKDAmZms+Mij/nwWIh8cvj0039QGoOE/M3FU2
Po2oTJqMewkO/ZPw0jMrTjg0cE/eGoSmwIyLfsZKILr21fvnrKHNmcl+CVV1WsAc
uTTWNcwozRPK8wBDfARyclmmn+sJOFAuY+ZTPsTSCMPhTVkjO3d+bnv6hx8VlkNB
vlqPX+PGFeI=
=Jk4Z
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: October 19, 2006
********************************************************************
Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.
* MS06-061
Bulletin Information:
=====================
* MS06-061
- http://www.microsoft.com/technet/security/bulletin/ms06-061.mspx
- Reason for Revision: Bulletin Updated: This bulletin has been
re-released to re-offer the security update to customers with
Windows 2000 Service Pack 4. The security update previously
did not correctly set the kill bit for Microsoft XML Parser
2.6. Additional information has also been included for
customers wishing to remove the security update for Microsoft
XML Core Services 4.0 and Microsoft XML Core Services 6.0.
- Originally posted:
- Updated: October 19, 2006
- Bulletin Severity Rating: Critical
- Version: 2.0
********************************************************************
Support:
========
Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx
Microsoft Support Lifecycle for Business and Developer Software ===============================================================
The Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time that the product is released. Under this policy, Microsoft will offer a minimum of ten years of support. This includes five years of Mainstream Support and five years of Extended Support for Business and Developer products. Microsoft will continue to provide security update support, at a supported Service Pack level, for a minimum of ten years through the Extended support phase. For more information about the Microsoft Support Lifecycle, visit http://support.microsoft.com/lifecycle/ or contact your Technical Account Manager.
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:
http://www.microsoft.com/technet/security/secnews/default.mspx
* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:
http://www.microsoft.com/technet/security/bulletin/notify.mspx
* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx
********************************************************************
THE INFORMATION PROVIDED IN THE THIS EMAIL IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQIVAwUBRTey/hCvwTv3q93mAQIczg/6A4wrgVajDFqbjaLjcUlaJnit6r/P6n15
Dh2Jy95oVUyj4K5tzhdJmS1TICkdFPvj3Bg2qitgJGoGAY+FLj1Vaqv7i5VI2Pd/
k93hi8YuJWP9gtBj3nLT+01s3vUb4tRvjamzl3nZYJpWV3SUOdjUT4nxjxbnaMHz
GoobuBrA26YkozPguIATEnYA1ob7zinFpko+eQjrdFzRzDeSBV4PJphZ88ZT31m5
hAqptaQdkkgUhMeFlDo9o1OFZRY1P+bIGbr+8pwqRvAwMVCFqYdfMAhrf/fubnjw
DAU9iQlScrqU0bEB90Wm5LhMGJOrY/8ny3bCfTixfYEo4xDiK7FwhaDLsW/O4fmg
2wksBhDO3RwfVbWSNnnSaVyFEarH4L6aJ/o9Gs7BEjqKFuUWB6RR8Vrpcugxb5hH
theRg1hkbg5PfOynDucVtvzygttDzbiGXXs4GcTo5J3XLdWm3YDRTrj+XHCFaiaN
JkCGetleZDqCujZWIQLQ/yQgtgg9cUoSsTaHX7J1yK+Q1XXjoP4vAKB2rWChr0r3
pLl5TqStBUTsy/u22wAfNF/Hp70jpnmvuI/gm+y+mgX5mPvHQuboCZrGR2NRZIzz
heOZbKE1onUIHQ45usrBBLnrhQHZsy/OAwZ50j8YhTkZWeU99ndOcsbnPSgW37XL
zauJgZzRKo8=
=0Xvh
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
********************************************************************
Title: Microsoft Security Bulletin Summary for October 10, 2006
Issued: October 10, 2006
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=75077
********************************************************************
Summary:
========
This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.
Critical Security Bulletins
===========================
MS06-057 - Vulnerability in Windows Explorer Could Allow Remote
Code Execution (923191)
- Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows Server 2003 with SP1
for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-058 - Vulnerability in Microsoft PowerPoint Could Allow Remote
Code Execution (924163)
- Affected Software:
- Microsoft PowerPoint 2000
- Microsoft PowerPoint 2002
- Microsoft PowerPoint 2003
- Microsoft Excel 2004 for Mac
- Microsoft Excel v.X for Mac
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-059 - Vulnerability in Microsoft Excel Could Allow Remote
Code Execution (924164)
- Affected Software:
- Microsoft Excel 2000
- Microsoft Excel 2002
- Microsoft Excel 2003
- Microsoft Excel Viewer 2003
- Microsoft Excel 2004 for Mac
- Microsoft Excel v.X for Mac
- Microsoft Works Suite 2004
- Microsoft Works Suite 2005
- Microsoft Works Suite 2006
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-060 - Vulnerability in Microsoft Word Could Allow Remote
Code Execution (924554)
- Affected Software:
- Microsoft Word 2000
- Microsoft Word 2002
- Microsoft Office Word 2003
- Microsoft Office Word Viewer 2003
- Microsoft Works Suite 2004
- Microsoft Works Suite 2005
- Microsoft Works Suite 2006
- Microsoft Word 2004 for Mac
- Microsoft Word v.X for Mac
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-061 - Vulnerability in Microsoft XML Core Services Could
Allow Remote Code Execution (924191)
- Affected Software:
- Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows Server 2003 with SP1
for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
- Microsoft Office 2003 Service Pack 1
- Microsoft Office 2003 Service Pack 2
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-062 - Vulnerability in Microsoft Office Could Allow Remote
Code Execution (922581)
- Affected Software:
- Microsoft Office 2000 Service Pack 3
- Microsoft Office XP Service Pack 3
- Microsoft Office 2003 Service Pack 1
- Microsoft Office 2003 Service Pack 2
- Microsoft Project 2000
- Microsoft Project 2002
- Microsoft Visio 2002
- Microsoft Office 2004 for Mac
- Microsoft Office v.X for Mac
- Impact: Remote Code Execution
- Version Number: 1.0
Important Security Bulletins
============================
MS06-063 - Vulnerability in Server Service Could Allow
Denial of Service (923414)
- Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows Server 2003 with SP1
for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
- Impact: Denial of Service
- Version Number: 1.0
Moderate Security Bulletins
===========================
MS06-056 - Vulnerability in ASP.NET 2.0 Could Allow
Information Disclosure (922770)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Home Service Pack 1
- Windows XP Home Service Pack 2
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows XP Tablet PC Edition
- Microsoft Windows XP Media Center Edition
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows Server 2003 with SP1
for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
- Affected Components:
- Microsoft .NET Framework 2.0
- Impact: Information Disclosure
- Version Number: 1.0
MS06-065 - Vulnerability in Windows Object Packager
Could Allow Remote Execution (924496)
- Affected Software:
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows Server 2003 with SP1
for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
Low Security Bulletins
===========================
MS06-064 - Vulnerabilities in TCP/IP IPv6 Could Allow
Denial of Service (922819)
- Affected Software:
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows Server 2003 with SP1
for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
- Impact: Denial of Service
- Version Number: 1.0
Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=73525
Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates.
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx
Microsoft Support Lifecycle for Business and Developer Software ===============================================================
The Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time that the product is released. Under this policy, Microsoft will offer a minimum of ten years of support. This includes five years of Mainstream Support and five years of Extended Support for Business and Developer products. Microsoft will continue to provide security update support, at a supported Service Pack level, for a minimum of ten years through the Extended support phase. For more information about the Microsoft Support Lifecycle, visit http://support.microsoft.com/lifecycle/ or contact your Technical Account Manager.
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:
http://www.microsoft.com/technet/security/secnews/default.mspx
* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:
http://www.microsoft.com/technet/security/bulletin/notify.mspx
* Join Microsoft's webcast for a live discussion of the technical
details of these security bulletins and steps you can take
to protect your environment. Details about the live webcast
can be found at:
www.microsoft.com/technet/security/bulletin/summary.mspx
The on-demand version of the webcast will be available 24 hours
after the live webcast at:
www.microsoft.com/technet/security/bulletin/summary.mspx
* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx
Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:
* Jaswinder Hayre
for reporting the issue described in MS06-056.
* Arnaud Dovi
working with TippingPoint
(http://www.tippingpoint.com/) and
Zero Day Initiative (ZDI)
(http://www.zerodayinitiative.com/)
for reporting an issue described in MS06-058.
* Chris Ries of VigilantMinds Inc.
(http://www.vigilantminds.com)
for reporting an issue described in MS06-058.
* Dejun Meng of Fortinet Inc.
(http://www.fortinet.com/)
for reporting the issue described in MS06-058.
* NSFocus Security Team
for reporting the issue described in MS06-059.
* Manuel Santamarina Suarez
working with TippingPoint
(http://www.tippingpoint.com/) and
Zero Day Initiative (ZDI)
(http://www.zerodayinitiative.com/)
for reporting an issue described in MS06-059.
* Chen Xiaobo of McAfee Avert Labs
(http://www.avertlabs.com/MyAvert/)
for reporting the issue described in MS06-060.
* Cu Fang
reporting an issue described in MS06-060.
* Dejun Meng of Fortinet Inc.
(http://www.fortinet.com/)
reporting the issue described in MS06-062.
* Arnaud Dovi
working with TippingPoint
(http://www.tippingpoint.com/) and
Zero Day Initiative (ZDI)
(http://www.zerodayinitiative.com/)
for reporting an issue described in MS06-062.
* Sowhat of Nevis Labs
(http://www.nevisnetworks.com/)
for reporting an issue described in MS06-062.
* Ivan Acre of Core Impact
(http://www.coresecurity.com/)
for reporting an issue described in MS06-063.
* NS Focus
(http://www.nsfocus.com/)
for reporting the issue described in MS06-063.
* Fortinet
(http://www.fortinet.com/)
for reporting an issue described in MS06-063.
* Matthew Amdur of VMWare
(http://www.vmware.com/)
for reporting an issue described in MS06-063.
* Andreas Sandblad of Secunia Research
(http://secunia.com/)
for reporting the issue described in MS06-065.
********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQIVAwUBRSvl7BCvwTv3q93mAQIArQ/+K/3qG7G0vN9wh7JYKZ/d/ygHFsltet1V
ss/8wxCXebdXHrgwRh7xBYYcIqgw5zqSxK32VaMdE12QwoZ1Uub2ILMF4AXmIE1w
C/eo6aHGKFBVVvl2ROi5ZNRHjMfye7iFsggpUHy0xn7PL/ldH4blsUiK3a8Lrvk6
ybDjOIIKctoHTtCoLbvSQ+C29uKSAEKYOj8O+lseufymZxF7OICh0j7oZnVvU2ll
+ieE3qkYmjpVgmlZCFGRokl9eHZlpyvkB2J3Rq8FjiuafFUbGy3gW+mQN4KDMJG+
pmqBXVYIjV7cwjfe6BvewuOjqxbthb+s925WTFqekDVvdwdO53EJkQfdMpGOx2HG
cfvAzDKp7C12xqg6qnW9GWWhBwcuPh9VxYAuWjDNvR3fESk6iqOpqnmYzpMeQy4N
dkv+ShKwpaPkQRkia44je/Vpwpilse7Hn9rZmQh0QMMdWH93b8DcBCnQ6pCdEuLT
/BBsscZpArJqc6lwp+T/ui/YXxbCe5A40qz8qpvDeZpaeUJEyqPmiy99SfoaV5Q4
mGin53LGg8vA7/TCl8XSH4Ny2+GhGSxaVWet91JBunfhMGuQlZnErexpER682zYh
HreVdwRwm1b9LrM0Zh5bNeEVWkDQKZhZz32mF3DrtQY/BTRrkYn3yv6XiZ09uWDu
VK47b46Ahqs=
=kX1V
-----END PGP SIGNATURE-----
********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: September 26, 2006
********************************************************************
Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.
* MS06-049
Bulletin Information:
=====================
* MS06-049
- http://www.microsoft.com/technet/security/bulletin/ms06-049.mspx
- Reason for Revision: The update has been revised and re-released for Microsoft Windows 2000 Service Pack 4 to address issues identified in Microsoft Knowledge Base Article 920958.
- Originally posted: August 8, 2006
- Updated: September 26, 2006
- Bulletin Severity Rating: Important
- Version: 2.0
********************************************************************
Support:
========
Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx
Microsoft Support Lifecycle for Business and Developer Software ===============================================================
The Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time that the product is released. Under this policy, Microsoft will offer a minimum of ten years of support. This includes five years of Mainstream Support and five years of Extended Support for Business and Developer products. Microsoft will continue to provide security update support, at a supported Service Pack level, for a minimum of ten years through the Extended support phase. For more information about the Microsoft Support Lifecycle, visit http://support.microsoft.com/lifecycle/ or contact your Technical Account Manager.
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:
http://www.microsoft.com/technet/security/secnews/default.mspx
* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:
http://www.microsoft.com/technet/security/bulletin/notify.mspx
* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx
********************************************************************
THE INFORMATION PROVIDED IN THE THIS EMAIL IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************
********************************************************************
Title: Microsoft Security Bulletin Summary for September 26, 2006
Issued: September 26, 2006
Version Number: 2.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId= 73525
********************************************************************
Summary:
========
This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.
Critical Security Bulletins
===========================
MS06-054 - Vulnerability in Microsoft Publisher Could Allow Remote
Code Execution (910729)
- Affected Software:
- Office 2000 Service Pack 3
- Publisher 2000
- Office XP Service Pack 3
- Publisher 2002
- Office 2003 Service Pack 1 and/or 2
- Publisher 2003
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-055 - Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
Important Security Bulletins
============================
MS06-052 - Vulnerability in Pragmatic General Multicast (PGM) Could
Allow Remote Code Execution (919007)
- Affected Software:
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Impact: Remote Code Execution
- Version Number: 1.0
Moderate Security Bulletins
===========================
MS06-053 - Vulnerability in Indexing Service Could Allow
Cross-Site Scripting (920685)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Impact: Information Disclosure
- Version Number: 1.0
Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=73525
Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates.
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx
Microsoft Support Lifecycle for Business and Developer Software ===============================================================
The Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time that the product is released. Under this policy, Microsoft will offer a minimum of ten years of support. This includes five years of Mainstream Support and five years of Extended Support for Business and Developer products. Microsoft will continue to provide security update support, at a supported Service Pack level, for a minimum of ten years through the Extended support phase. For more information about the Microsoft Support Lifecycle, visit http://support.microsoft.com/lifecycle/ or contact your Technical Account Manager.
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:
http://www.microsoft.com/technet/security/secnews/default.mspx
* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:
http://www.microsoft.com/technet/security/bulletin/notify.mspx
* Join Microsoft's webcast for a live discussion of the technical
details of these security bulletins and steps you can take
to protect your environment. Details about the live webcast
can be found at:
www.microsoft.com/technet/security/bulletin/summary.mspx
The on-demand version of the webcast will be available 24 hours
after the live webcast at:
www.microsoft.com/technet/security/bulletin/summary.mspx
* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx
Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:
- David Warden of NuPaper Inc.
for reporting the issue described in MS06-052.
- Eiji James Yoshida
for reporting the issue described in MS06-053.
- Stuart Pearson of Computer Terrorism.
(http://www.computerterrorism.com/)
for reporting the issue described in MS06-054
- ISS X-Force
(http://www.iss.net/)
for working with us on an issue described in MS06-055.
- iDEFENSE
(http://www.idefense.com/)
for working with us on an issue described in MS06-055.
- Dan Hubbard of Websense Security Labs
(http://www.websense.com/securitylabs/)
for reporting an issue described in MS06-055.
********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
********************************************************************
Title: Microsoft Security Bulletin Summary for September 12, 2006
Issued: September 12, 2006
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId= 73525
********************************************************************
Summary:
========
This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.
Critical Security Bulletins
===========================
MS06-054 - Vulnerability in Microsoft Publisher Could Allow Remote
Code Execution (910729)
- Affected Software:
- Office 2000 Service Pack 3
- Publisher 2000
- Office XP Service Pack 3
- Publisher 2002
- Office 2003 Service Pack 1 and/or 2
- Publisher 2003
- Impact: Remote Code Execution
- Version Number: 1.0
Important Security Bulletins
============================
MS06-052 - Vulnerability in Pragmatic General Multicast (PGM) Could
Allow Remote Code Execution (919007)
- Affected Software:
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Impact: Remote Code Execution
- Version Number: 1.0
Moderate Security Bulletins
===========================
MS06-053 - Vulnerability in Indexing Service Could Allow
Cross-Site Scripting (920685)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Impact: Information Disclosure
- Version Number: 1.0
Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=73525
Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates.
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx
Microsoft Support Lifecycle for Business and Developer Software ===============================================================
The Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time that the product is released. Under this policy, Microsoft will offer a minimum of ten years of support. This includes five years of Mainstream Support and five years of Extended Support for Business and Developer products. Microsoft will continue to provide security update support, at a supported Service Pack level, for a minimum of ten years through the Extended support phase. For more information about the Microsoft Support Lifecycle, visit http://support.microsoft.com/lifecycle/ or contact your Technical Account Manager.
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:
http://www.microsoft.com/technet/security/secnews/default.mspx
* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:
http://www.microsoft.com/technet/security/bulletin/notify.mspx
* Join Microsoft's webcast for a live discussion of the technical
details of these security bulletins and steps you can take
to protect your environment. Details about the live webcast
can be found at:
www.microsoft.com/technet/security/bulletin/summary.mspx
The on-demand version of the webcast will be available 24 hours
after the live webcast at:
www.microsoft.com/technet/security/bulletin/summary.mspx
* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx
Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:
- - David Warden of NuPaper Inc.
for reporting the issue described in MS06-052.
- - Eiji James Yoshida
for reporting the issue described in MS06-053.
- - Stuart Pearson of Computer Terrorism.
(http://www.computerterrorism.com/)
for reporting the issue described in MS06-054
********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQIVAwUBRQcOnhCvwTv3q93mAQKmpg/+OVEtb6SqlDTlS2bdrlsrGKu4QvKSXB+7
zMMA9CwYgBfkqS5h0rQD9jBkshAfTfGjaeOcQA3gGEJdcsBOWPhsg7dSzhomi+pR
ND4xexTgOcoZbXbuEUGjp/9coinYsv60My2jSUrUnTnuS+PKrVX0S2oIbdc5q6s7
oHUNQ/flTtFH3RrojwNikjyO3s2Rj7UxIJGhilAu490Z1IqUfTAmCEUk9/68gNY6
Wjgf4naWuyBKGPuDmAtqM/tGtbtVprK6Z1chTHYovLNk/aA7ua0KvWtOCSVcNzen
X21mwSkpd2kslws0lMl0IiF37sFnPT2mQpnfB6MAQ0Ezm3usmT1gqaPfJAuUGol3
j3T+7FSlxMwMaZr89Zz/zbxGaaTMC6f1uBcAPF/e1vnqL9fLa27YS7/T/Patt0JF
br7IOMAW4fHRBvV93CVFcrQ6tPZpmzpVPrnIy5sEdH3QmFGcDZv+hbIVaMaqtcRL
UlWSknqoSEblq5vTr9qVGweTJ7e2YkvBWoJ//1z1lgrGGztubciXB3ICMOcZnr2x
cUejJsAN+R6bklNKhku+TIoFSZN7OHPfaAvGTnBffmHv5LHATuG29T08NjMMwpi7
DvpOWwVrfBTqa/eygHHTnHB6n+wN2LG1zrSiKKFULOzZPyyzwsGA3UoVV37jJgbH
Z3JZQT+cxSE=
=lb8v
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: September 12, 2006
********************************************************************
Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.
* MS06-042
* MS06-040
Bulletin Information:
=====================
* MS06-042
- http://www.microsoft.com/technet/security/bulletin/ms06-042.mspx
- Reason for Revision: This Security Bulletin and Internet Explorer
6 Service Pack 1, Internet Explorer 5.01 Service Pack 4, and
Internet Explorer 6 for Microsoft Windows Server 2003
security updates have been re-released to address a
vulnerability documented in the Vulnerability Details section
as Long URL Buffer Overflow - CVE-2006-3873. Customers using
these versions of Internet Explorer should apply the new
update immediately.
- Originally posted: August 8, 2006
- Updated: September 12, 2006
- Bulletin Severity Rating: Critical
- Version: 3.0
* MS06-040
- http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx
- Reason for Revision: The update has been revised and re-released
for Microsoft Windows 2003 and Microsoft Windows XP
Professional x64 Edition to address the issues identified in
Microsoft Knowledge Base Article 921883.
- Originally posted: August 8, 2006
- Updated: September 12, 2006
- Bulletin Severity Rating: Critical
- Version: 2.0
********************************************************************
Support:
========
Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx
Microsoft Support Lifecycle for Business and Developer Software ===============================================================
The Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time that the product is released. Under this policy, Microsoft will offer a minimum of ten years of support. This includes five years of Mainstream Support and five years of Extended Support for Business and Developer products. Microsoft will continue to provide security update support, at a supported Service Pack level, for a minimum of ten years through the Extended support phase. For more information about the Microsoft Support Lifecycle, visit http://support.microsoft.com/lifecycle/ or contact your Technical Account Manager.
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:
http://www.microsoft.com/technet/security/secnews/default.mspx
* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:
http://www.microsoft.com/technet/security/bulletin/notify.mspx
* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx
********************************************************************
THE INFORMATION PROVIDED IN THE THIS EMAIL IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQIVAwUBRQcN0xCvwTv3q93mAQKftRAAq/lJeAUDvpyDsUlgBjx0dAF5MN2bPDGw
NJH6X2/ytBMJJEehy+p4IxV1h2Q25RQYeu07MyfLqOFDGxzihteB/JNgyfQFF9w2
Uxsme4gjBHeOVSS0FspEexsLT07QORHJ1MjQByWZGW6idSs43dnpJ99ONA+NveCW
CINqZaCChi1pIABsTWUgd2f11LHBfOg07+WTgoELM2BKlaEbtkj8O2WspO2ikmi0
S50VQhw2QHLgBCnyg4VFnZaJqYWOA3qIkwI8NC2ogzadeY1wca5DQdYoRX6TwVpC
TwmQQL2aym68uXvLxeqFeRIZ2ik4uFWDX3tIm4+HQPjiozX9D/58DZ4OvHfKtfPH
xZxhdX8xE1McvKaYHwjXfAw09apwUoG0SRuZ9UD3cPQWANg4atz1MGNpyI1Th/DE
3bTNGQk8P7EetLjx1jE3BO3nRuVdPS03CJEjI/HeYz/yIHhWss/PZBZFky1cJFwl
B14seYmUjq+JF30G58kGVcr5ms5Q9N3Wiyc9JMsDaUKlfbBhW72JsLWEKrn2KfbW
UUPJTacXRG+C8d45cYUd+03rJpsSIcc2aKyk7whnKw/lNI3gdy0uXo7pBaMaL/EK
2OQCBFvNAplM4hqCaPXqgjHHd3YpCIXjpvN1t3BPs4F2mrDlG6BkwVk3uBip+fLn
cJhSVG08t/I=
=bHPM
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: August 24, 2006
********************************************************************
Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.
* MS06-042
Bulletin Information:
=====================
* MS06-042
- http://www.microsoft.com/technet/security/bulletin/ms06-042.mspx
- Reason for Revision: Bulletin reissued and updated with
additional information and vulnerability details affecting
Internet Explorer 6 Service Pack 1 customers.
- Originally posted: August 8, 2006
- Updated: August 24, 2006
- Bulletin Severity Rating: Critical
- Version: 2.0
********************************************************************
Support:
========
Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx
Microsoft Support Lifecycle for Business and Developer Software ===============================================================
The Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time that the product is released. Under this policy, Microsoft will offer a minimum of ten years of support. This includes five years of Mainstream Support and five years of Extended Support for Business and Developer products. Microsoft will continue to provide security update support, at a supported Service Pack level, for a minimum of ten years through the Extended support phase. For more information about the Microsoft Support Lifecycle, visit http://support.microsoft.com/lifecycle/ or contact your Technical Account Manager.
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:
http://www.microsoft.com/technet/security/secnews/default.mspx
* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:
http://www.microsoft.com/technet/security/bulletin/notify.mspx
* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx
********************************************************************
THE INFORMATION PROVIDED IN THE THIS EMAIL IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQIVAwUBRO3+3xCvwTv3q93mAQJzgg/9Eh0TyZaMAYc8E2kK0OOWElmif2VBlSSL
1sxt6vAHHEredShDqSm9cFbbqy4ppGsPOV4tJvZv7g51oHAyz771Jh8qL6gupYf6
vv99hn9GqyS8GDC1UVTObomDE+P5WY+FZVHOyN7orJtVlXvGnfuGKzZ62oywzKHp
g4tt5DqYc8kslWXLdkoZvKwzONNjYADII1rx9H2ecu3BpoxMt777HM/RlIH/4zkJ
7gjjD7aVBnudFJ1HP2DCUox5K2sDHqnk0RGaEcuSKV3AYQzkVCN9vp9LqOWiv0EI
Rzafwl4ZX2zlFtjmeooExDSWDUltCrDw/uWtsq7E7o7XSGQeiTTQlxSvKYyjnzJ4
JMCPhF/zAC4+ZiPHBT/Tvge1HDOuxWDW2in5VN4qjAHBKrWlhJyuU+uhBOlKmELL
+rg4eZhvoA3ogc24tsiPOMp+zhBj+tjGaKtstFMBpyVjn8/byaC/QQ+TOiXc29TY
IlFizUO/paRZxICGLFsuIARB8AqXFhiwTwAlgKp8riJkJW5gGiMsq2/c/c+4UkGW
hfU0/VJ+tPKVyOEbUSUMOdDrK3BPAWwxHWt6XXQ/vcgheExUg6NEYWeEGOOEEhqL
qOl451uD0F37m5vzq6fyI5KNF0kYIdvOU+ZnzXZrfl7d45Tr0ns5yk8H4O3VQmtc
/Up+chexDHY=
=wEfz
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
********************************************************************
Title: Microsoft Security Bulletin Summary for August, 2006
Issued: August 8, 2006
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=70983
********************************************************************
Summary:
========
This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.
Critical Security Bulletins
===========================
MS06-040 - Vulnerability in Server Service Could Allow Remote Code
Execution (921883)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-041 - Vulnerability in DNS Resolution Could Allow Remote Code
Execution (920683)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-042 - Cumulative Security Update for Internet Explorer (918899)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-043 - Vulnerability in Microsoft Windows Could Allow Remote
Code Execution (920214)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-044 - Vulnerability in Microsoft Management Console Could Allow
Remote Code Execution (917008)
- Affected Software:
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-046 - Vulnerability in HTML Help Could Allow Remote Code
Execution (922616)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-047 - Vulnerability in Microsoft Visual Basic for Applications
Could Allow Remote Code Execution (921645)
- Affected Software:
- Office XP Service Pack 3
- Project 2002 Service Pack 1
- Visio 2002 Service Pack 2
- Office 2000 Service Pack 3
- Access 2000 Runtime Service Pack 3
- Project 2000 Service Release 1
- Works Suite 2006
- Works Suite 2005
- Works Suite 2004
- Microsoft Visual Basic for Applications SDK 6.4
- Microsoft Visual Basic for Applications SDK 6.3
- Microsoft Visual Basic for Applications SDK 6.2
- Microsoft Visual Basic for Applications SDK 6.0
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-048 - Vulnerabilities in Microsoft Office Could Allow Remote
Code Execution (922968)
- Affected Software:
- Office 2003 Service Pack 2
- Office 2003 Service Pack 1
- Office XP Service Pack 3
- Office 2000 Service Pack 3
- Office v. X for Mac
- Office 2004 for Mac
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-051 - Vulnerability in Windows Kernel Could Result in Remote
Code Execution (917422)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
Important Security Bulletins
============================
MS06-045 - Vulnerability in Windows Explorer Could Allow Remote Code
Execution (921398)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-049 - Vulnerability in Windows Kernel Could Result in Elevation
of Privilege (920958)
- Affected Software:
- Windows 2000 Service Pack 4
- Impact: Elevation of Privilege
- Version Number: 1.0
MS06-050 - Vulnerabilities in Microsoft Windows Hyperlink Object
Library Could Allow Remote Code Execution (920670)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=70983
Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates.
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx
Microsoft Support Lifecycle for Business and Developer Software ===============================================================
The Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time that the product is released. Under this policy, Microsoft will offer a minimum of ten years of support. This includes five years of Mainstream Support and five years of Extended Support for Business and Developer products. Microsoft will continue to provide security update support, at a supported Service Pack level, for a minimum of ten years through the Extended support phase. For more information about the Microsoft Support Lifecycle, visit http://support.microsoft.com/lifecycle/ or contact your Technical Account Manager.
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:
http://www.microsoft.com/technet/security/secnews/default.mspx
* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:
http://www.microsoft.com/technet/security/bulletin/notify.mspx
* Join Microsoft's webcast for a live discussion of the technical
details of these security bulletins and steps you can take
to protect your environment. Details about the live webcast
can be found at:
www.microsoft.com/technet/security/bulletin/summary.mspx
The on-demand version of the webcast will be available 24 hours
after the live webcast at:
www.microsoft.com/technet/security/bulletin/summary.mspx
* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx
Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:
- - Pedram Amini, of the TippingPoint Security Research Team
(http://www.tippingpoint.com/)
(http://www.zerodayinitiative.com/)
for reporting an issue described in MS06-050.
- - Reed Arvin
for reporting an issue described in MS06-051.
- - Will Dormann of CERT/CC
(http://www.cert.org/)
for reporting an issue described in MS06-042.
- - Steve Tai of CSC Australia Pty Limited
(http://au.country.csc.com/)
for reporting an issue described in MS06-050.
- - Dejun of the Fortinet Security Response Team
for reporting an issue described in MS06-048.
- - Tom Gilder
for reporting an issue described in MS06-044.
- - Shih-hao Weng of Information & Communication Security Technology
Center
(http://www.icst.org.tw/)
for reporting an issue described in MS06-048.
- - Mark Dowd of ISS X-Force
(http://www.iss.net/)
for reporting an issue described in MS06-041.
- - Yorick Koster of ITsec Security Services
for reporting an issue described in MS06-044.
- - Matt Miller and Ken Johnson of Leviathan Security Group
(http://www.leviathansecurity.com/)
for reporting an issue described in MS06-051.
- - H D Moore
(http://www.metasploit.com/)
for reporting an issue described in MS06-044.
- - SoWhat of Nevis Labs
(http://www.nevisnetworks.com/)
for reporting an issue described in MS06-048.
- - Peter Winter Smith of NGS Software
(http://www.ngssoftware.com/)
for reporting an issue described in MS06-041.
- - SANS
(http://www.sans.org/)
for working with us on an issue described in MS06-040.
- - Elia Florio of Symantec
(http://www.symantec.com/)
for reporting an issue described in MS06-048.
- - Ka Chun Leung of Symantec
(http://www.symantec.com/)
for reporting an issue described in MS06-047.
- - Sam Thomas, working with TippingPoint and the Zero Day Initiative
(http://www.tippingpoint.com/)
(http://www.zerodayinitiative.com/)
for reporting two issues described in MS06-042.
- - Cody Pierce of the Tipping Point Security Research Team
(http://www.tippingpoint.com/security/)
for reporting an issue described in MS06-042 and working with
us on an issue described in MS06-046.
- - US-CERT
(http://www.us-cert.gov/)
for working with us on an issue described in MS06-040.
********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQIVAwUBRNjMeRCvwTv3q93mAQIP4Q/+MJW44hG90Q+PJD7wcBJnxGRNlE4B1yeo
p/8cqGIggzJNb0/iEHRCwPClFc38KIFrYccdfXeEW9FOopQwMh0sLYh6a0WEawKd
LM/A6WnU91KwuuhYX/Iz0IvyMdN5Ykdl90/XVUZLo0t+MvY9uCO1ZiH8KGc3TaAe
zie4cuVQBhbFWWFnaGNPpxXo4ogX4vb406RWmrcplb19yzJ3eFu16V0ZTJ+3vmXb
qcd/41+8qRcOR+836w7aKNOGvKxBL85CoROmPD4S4OP8q6oGSrNnS3q3+g2SrmOk
gKzLAJMV3ieTcxUBTl9ga20BjtGtDXd0pgvyhdVu3dcvTmbTi1wqSB0q9peK6/4P
twdW1tVUfYP3NVchna90Ji717vWQvljnbxkIWPfMb7/PYpKkAT06AwRmOGtOGaHr
snDQ1ylpXnYwLPzOjfz7IfPI0wCORT8iM4aMrS+3W9FdfDmN8v6ub+cMJuVBybya
VKNqQzMB0EeZMonHdHl/Dg82WZKIX166KwhaaEFLhibE9DOnnsd11n3kdqXUWWs6
vSmiIb3yM1K7aGRXevx4mnT96gVpqVSUcdiOhY+wyaKaEpDcHb/BVhlBHX6fPvGv
xhr7CoLLzjY5gXrRKW7QenJX/jRK2yPtAyWIW8KR4FPtHpWaF8xbPy2EGoUpHag4
g8Nr+7ZEAXY=
=jn8U
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
********************************************************************
Title: Microsoft Security Bulletin Summary for July 2006
Issued: July 11, 2006
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=69768
********************************************************************
Summary:
========
This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.
Critical Security Bulletins
===========================
MS06-035 - Vulnerability in Server Service Could Allow Remote Code Execution
(917159)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Professional Service Pack 2
- Windows XP Professional Service Pack 1
- Windows XP Professional x64 Edition
- Windows XP Home Service Pack 2
- Windows XP Home Service Pack 1
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-036 - Vulnerability in DHCP Client Service Could Allow Remote Code
Execution (914388)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Professional Service Pack 2
- Windows XP Professional Service Pack 1
- Windows XP Professional x64 Edition
- Windows XP Home Service Pack 2
- Windows XP Home Service Pack 1
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-037 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
(917285)
- Affected Software:
- Excel 2003
- Excel Viewer 2003
- Excel 2002
- Excel 2000
- Excel v.X for Mac
- Excel 2004 for Mac
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-038 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
(917284)
- Affected Software:
- Office 2003 Service Pack 2
- Office 2003 Service Pack 1
- Office XP Service Pack 3
- Office 2000 Service Pack 3
- Office v.X for Mac
- Office 2004 for Mac
- Project 2002
- Project 2000
- Visio 2002
- Works Suite 2006
- Works Suite 2005
- Works Suite 2004
- Impact: Remote Code Execution
- Version Number: 1.0
MS06-039 - Vulnerabilities in Microsoft Office Filters Could Allow Remote Code
Execution (915384)
- Affected Software:
- Office 2003 Service Pack 2
- Office 2003 Service Pack 1
- Office XP Service Pack 3
- Office 2000 Service Pack 3
- Project 2002
- Project 2000
- Works Suite 2006
- Works Suite 2005
- Works Suite 2004
- Impact: Remote Code Execution
- Version Number: 1.0
Important Security Bulletins
============================
MS06-033 - Vulnerability in ASP.NET Could Allow Information Disclosure (917283)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Professional Service Pack 2
- Windows XP Professional Service Pack 1
- Windows XP Professional x64 Edition
- Windows XP Home Service Pack 2
- Windows XP Home Service Pack 1
- Windows 2000 Service Pack 4
- .NET Framework 2.0
- Impact: Information Disclosure
- Version Number: 1.0
MS06-034 - Vulnerability in Microsoft Internet Information Services using Active
Server Pages Could Allow Remote Code Execution (917537)
- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Professional Service Pack 2
- Windows XP Professional Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=69768
Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates.
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx
Microsoft Support Lifecycle for Business and Developer Software ===============================================================
The Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time that the product is released. Under this policy, Microsoft will offer a minimum of ten years of support. This includes five years of Mainstream Support and five years of Extended Support for Business and Developer products. Microsoft will continue to provide security update support, at a supported Service Pack level, for a minimum of ten years through the Extended support phase. For more information about the Microsoft Support Lifecycle, visit http://support.microsoft.com/lifecycle/ or contact your Technical Account Manager.
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:
http://www.microsoft.com/technet/security/secnews/default.mspx
* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:
http://www.microsoft.com/technet/security/bulletin/notify.mspx
* Join Microsoft's webcast for a live discussion of the technical
details of these security bulletins and steps you can take
to protect your environment. Details about the live webcast
can be found at:
www.microsoft.com/technet/security/bulletin/summary.mspx
The on-demand version of the webcast will be available 24 hours
after the live webcast at:
www.microsoft.com/technet/security/bulletin/summary.mspx
* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx
Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:
- - Pedram Amini of the TippingPoint Security Research Team in collaboration with
H D Moore
(http://www.tippingpoint.com/security/)
for reporting an issue described in MS06-035.
- - Shaun Colley of NGSS Consulting
(http://www.ngssoftware.com/)
for reporting an issue described in MS06-037.
- - Mariano Nuņez Di Croce of Cybsec Security Systems
(http://www.cybsec.com/)
for reporting an issue described in MS06-036.
- - Arnaud Dovi
(ad@heapoverflow.com)
for reporting an issue described in MS06-037.
- - Arnaud Dovi working with Zero Day Initiative (ZDI) and TippingPoint
(http://www.zerodayinitiative.com/)
(http://www.tippingpoint.com/)
for reporting an issue described in MS06-037.
- - Urs Eichmann of PRISMA Informatik
(http://www.prismanet.ch/)
for reporting an issue described in MS06-033.
- - Elia Florio of Symantec
(http://www.symantec.com/)
for reporting an issue described in MS06-038.
- - Fortinet
(http://www.fortinet.com/)
for reporting an issue described in MS06-039.
- - Costin Ionescu of Symantec
(http://www.symantec.com/)
for reporting an issue described in MS06-037.
- - Brett Moore of Security-Assessment.com
(http://www.security-assessment.com/)
for reporting an issue described in MS06-034.
- - NSFocus Security Team
(http://www.nsfocus.com/)
for reporting issues described in MS06-037 and MS06-039.
- - Xin Ouyang of Nevis Networks
(http://www.nevisnetworks.com/)
for reporting an issue described in MS06-037.
- - Posidron
(posidron@tripbit.net)
for reporting an issue described in MS06-037.
- - Nicolas Pouvesle of Tenable Network Security
(http://www.tenablesecurity.com/)
for reporting an issue described in MS06-035.
- - Mike Price and Rafal Wojtczuk of McAfee Avert Labs
(http://www.mcafee.com/us/threat_center/)
for reporting an issue described in MS06-035.
- - Sowhat of Nevis Labs
(isowhat@gmail.com)
for reporting an issue described in MS06-037.
********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQIVAwUBRLQJthCvwTv3q93mAQLZ5w//YBws3FO4m3DRjsNsDSIF5Ve76X6SEELY
lExxjbqdmsauU+jicZfWtZXCLaMlbRXHjoMICAhNJBiQkG9hPlLx7S7n9M3blpfj
5SIVkyor42rQFOnSVqMOi+mIC2G3fJ2773OBndZwh23wcklU8Iji9id1hLk4fORS
SVZqtVRS13HhGPA1puCI7CsimxpXBfNjLNqs2/MQZTnUf7cCYsShd3twJnQZeGPw
1LPQqnU14ln9UQ8zmhhBQzuzXAUdbdAFrvwJ69SORswLbqlttgqDwknhwWL/D36h
qKbUczbw7bdeJl1OpOJQ7zmy1/xOubB+ez2abML0RxRc9VRpRHcyRJ3gg3W+GF3b
CMiZy2B0hE7iF4YdOPmeWWnkvLrU/tMFnWTiA6pv+Er+2WnZlOWPXvZmKKTea72I
ujoNU+EVP11mgGRYiut5I3a9lgmvwjTcT/Hm0cv97mdoXo+uFh71b1fuyJHMZ/z+
MLMoRNvKZTv7svDRu2LkrTseJFiR9B/q2Z9UDJnhRtrGl9xRyCSOBWkdIqhmSMTw
bDureFgEWEhjEQo1VyjJ92VqklWP0MCcvDvX/wcU5AP9BU4OQAAtSiu5M2Kavny8
5sVs7+3TWomfiif2POKRJfzvNDHe8EwBR8hHBCulmW/HmzVu2Sz4ufMrLPPnfm5q
CuwuOjMgLgQ=
=IWUW
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
********************************************************************
Title: Microsoft Security Bulletin Re-Release
Issued: June 27, 2006
********************************************************************
Summary
=======
The following bulletin has undergone a major revision increment.
Please see the appropriate bulletin for more details.
* MS06-025
Bulletin Information:
=====================
* MS06-025
- http://www.microsoft.com/technet/security/bulletin/ms06-025.mspx
- Reason for Revision: Microsoft updated this bulletin and the
associated security updates to address the issues affecting
customers identified in Microsoft Knowledge Base Article 911280.
- Originally posted: June 13, 2006
- Updated: June 27, 2006
- Bulletin Severity Rating: Critical
- Version: 2.0
********************************************************************
Support:
========
Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx
Microsoft Support Lifecycle for Business and Developer Software ===============================================================
The Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time that the product is released. Under this policy, Microsoft will offer a minimum of ten years of support. This includes five years of Mainstream Support and five years of Extended Support for Business and Developer products. Microsoft will continue to provide security update support, at a supported Service Pack level, for a minimum of ten years through the Extended support phase. For more information about the Microsoft Support Lifecycle, visit http://support.microsoft.com/lifecycle/ or contact your Technical Account Manager.
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:
http://www.microsoft.com/technet/security/secnews/default.mspx
* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:
http://www.microsoft.com/technet/security/bulletin/notify.mspx
* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx
********************************************************************
THE INFORMATION PROVIDED IN THE THIS EMAIL IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQIVAwUBRKF08xCvwTv3q93mAQJylBAAm5Hi1LVY7Sj/WF/wkv8knYepBOWEN9F7
Y/nN7aTlVY89NM4V/OYtrrhfYmrNYqMrJ+yg8luJOMxM+hbY4dV4mMrn8X7y+j4Y
nJynprlwbRVlTL6jp9ZRVj6JgTXpPviTT4ACeewi3sXcQ8rSvsNJbBCM3Y0jQD5m
J0Hv0CEZhilGHV//RTPcuSj1du61WLqvNbxrEaoupEb+n2jaig/iSWXtPP1r2UZf
3knjBcpzKm6rQTeQeZz+/A7ypELLZjBeo6XxJ
