Home Applications Microsoft Security Bulletin Summary for April, 2006

Microsoft Security Bulletin Summary for April, 2006

0
0

Microsoft released the following Security Bulletin Summary for April 2006. 

Cumulative Security Update for Internet Explorer (912812)

MS06-013

Affected Software:

* Microsoft Windows 2000 Service Pack 4

* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

* Microsoft Windows XP Professional x64 Edition

* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems

* Microsoft Windows Server 2003 x64 Edition family

* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of this bulletin for details about these operating systems.

Note: The security updates for Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003

x64 Edition also apply to Microsoft Windows Server 2003 R2.

Affected Components:

* Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4

* Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1

* Internet Explorer 6 for Microsoft Windows XP Service Pack 2

* Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

* Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

* Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition

* Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition

* Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition – Review the FAQ section of this bulletin for details about this version.

Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site.

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Restart requirement: You must restart your system after you apply this security update.

Update can be uninstalled:  Yes. To remove this update, use the Add or Remove Programs tool in Control Panel

Caveats:  Microsoft Knowledge Base Article 912812 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 912812.

This security update also replaces the cumulative update for Internet Explorer that was released for Windows XP Service Pack 2, Windows Server

2003 Service Pack 1, Windows XP Professional x64 Edition, Windows Server

2003 x64 Edition family, and Windows Server 2003 with Service Pack 1 for Itanium-based Systems on February 28, 2006. This update was discussed in Microsoft Security Advisory (912945): Non-Security Update for Internet Explorer. For more information about this update, see Microsoft Knowledge Base Article 912945.

Compatibility Patch:  To help enterprise customers who need more time to prepare for the ActiveX update discussed in Microsoft Knowledge Base Article 912945, Microsoft is releasing an optional Compatibility Patch.

As soon as it is deployed, the optional Compatibility Patch will temporarily return Internet Explorer to the previous functionality for handling ActiveX controls. This optional Compatibility Patch will function until an Internet Explorer update is released as part of the June update cycle, at which time the changes to the way Internet Explorer handles ActiveX controls will be permanent. This optional Compatibility Patch may require an additional restart for systems it is deployed on. For more information, see Microsoft Knowledge Base Article 917425.

More information:

* Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer

http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx

* Microsoft Knowledge Base Article 912945 – Internet Explorer ActiveX update

http://support.microsoft.com/kb/912945

* Microsoft Security Advisory (912945)- Non-Security Update for Internet Explorer

http://www.microsoft.com/technet/security/advisory/912945.mspx

* Microsoft Knowledge Base Article 917425 – Internet Explorer ActiveX Compatability Patch

http://support.microsoft.com/kb/917425


 
Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)

MS06-014

Affected Software:

* Microsoft Windows XP Service Pack 1 running Microsoft Data Access Components 2.7 Service Pack 1

* Microsoft Windows XP Service Pack 2 running Microsoft Data Access Components 2.8 Service Pack 1

* Microsoft Windows XP Professional x64 Edition running Microsoft Data Access Components 2.8 Service Pack 2

* Microsoft Windows Server 2003 running Microsoft Data Access Components

2.8

* Microsoft Windows Server 2003 Service Pack 1 running Microsoft Data Access Components 2.8 Service Pack 2

* Microsoft Windows Server 2003 for Itanium-based Systems running Microsoft Data Access Components 2.8

* Microsoft Windows Server 2003 with SP1 for Itanium-based Systems running Microsoft Data Access Components 2.8 Service Pack 2

* Microsoft Windows Server 2003 x64 Edition running Microsoft Data Access Components 2.8 Service Pack 2

* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of this bulletin for details about these operating systems.

Affected Components:

* Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.5 Service Pack 3 installed

* Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.7 Service Pack 1 installed

* Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.8 installed

* Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.8 Service Pack 1 installed

* Windows XP Service Pack 1 with Microsoft Data Access Components 2.8 installed

Note: The “Affected Software” section applies to MDAC that shipped with a Microsoft Windows operating system. The “Affected Components” section applies to MDAC that was downloaded and installed onto a Microsoft Windows operating system.

Note: Microsoft strongly recommends that all customers who currently use a version of Windows that does not have Microsoft Data Access Components

2.7 Service Pack 1 or higher upgrade immediately to Microsoft Data Access Components 2.8 Service Pack 1 or another supported version. The only exception to this notice is customers who currently use Windows 2000 Service Pack 4 running Microsoft Data Access Components 2.5 Service Pack 3. See Knowledge Base Article 915387 for more information.

Note: The security updates for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 also apply to Microsoft Windows Server 2003 R2.

Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site.

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Restart requirement: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. 

For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012.

Update can be uninstalled:  Yes. To remove this update, use the Add or Remove Programs tool in Control Panel

More information on this vulnerability and the update is available at:

http://www.microsoft.com/technet/security/bulletin/MS06-014.mspx


 
Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)

MS06-015

Affected Software:

* Microsoft Windows 2000 Service Pack 4

* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

* Microsoft Windows XP Professional x64 Edition

* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

* Microsoft Windows Server 2003 x64 Edition

* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of this bulletin for details about these operating systems.

Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site.

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Restart required: You must restart your system after you apply this security update.

Update can be uninstalled:  Yes. To remove this update, use the Add or Remove Programs tool in Control Panel

More information on this vulnerability and the update is available at:

 

Cumulative Security Update for Outlook Express (911567)

MS06-016

Affected Software:

* Microsoft Windows 2000 Service Pack 4

* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

* Microsoft Windows XP Professional x64 Edition

* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

* Microsoft Windows Server 2003 x64 Edition

* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Windows Me) – Review the FAQ section of this bulletin for details about these operating systems.

Affected Components:

* Outlook Express 6 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

* Outlook Express 6 on Microsoft Windows Server 2003 x64 Edition

* Outlook Express 6 Microsoft Windows Server 2003 on Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

* Outlook Express 6 on Microsoft Windows XP Service Pack 2

* Outlook Express 6 on Microsoft Windows XP Professional x64 Edition

* Outlook Express 6 Service Pack 1 on Microsoft Windows XP Service Pack

1 or when installed on Microsoft Windows 2000 Service Pack 4

* Outlook Express 5.5 Service Pack 2 on Microsoft Windows 2000 Service Pack 4

Note: The security updates for Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003

x64 Edition also apply to Microsoft Windows Server 2003 R2.

Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site.

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Important

Restart requirement: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. 

For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012.

Update can be uninstalled:  Yes. To remove this update, use the Add or Remove Programs tool in Control Panel

More information on this vulnerability and the update is available at:

http://www.microsoft.com/technet/security/bulletin/MS06-016.mspx


 
Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)

MS06-017

Affected Software:

* Microsoft FrontPage Server Extensions 2002 shipped on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

* Microsoft FrontPage Server Extensions 2002 shipped on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

* Microsoft FrontPage Server Extensions 2002 (x64 Edition) downloaded and installed on Microsoft Windows Server 2003 x64 Edition and Microsoft Windows XP Professional x64 Edition

* Microsoft FrontPage Server Extensions 2002 (x 86 Editions) downloaded and installed on Microsoft Windows Server 2000 Service Pack 4, Microsoft Windows XP Service Pack 1, and Microsoft Windows XP Service Pack 2

* Microsoft SharePoint Team Services

Non-Affected Software:

* Microsoft Windows SharePoint Services

* Microsoft FrontPage 2002

* Microsoft FrontPage Server Extensions 2000

* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

Note: To determine what version of FrontPage Server Extensions that is installed on your system please see ” How can I determine if I am running of FrontPage Server Extensions 2002 or SharePoint Team Services”

in the FAQ section of this bulletin.

Note: Review the FAQ section of this bulletin for information about why you may be prompted to install the SharePoint Team Services security update if you have Microsoft FrontPage 2002 installed.

Note: The security updates for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 also apply to Microsoft Windows Server 2003 R2.

Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site.

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Moderate

Restart required: In some cases, this update does not require a restart.

The installer stops affected services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if files being updated are in use by some other service or application, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a reboot will be required, close all applications prior to installing the security update.

For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012.

Note: if you are prompted for a reboot, you will not be secure until you restart your machine.

Update can be uninstalled:  This depends on which version of the security Update you are installing. Please see the Security Bulletin for more details.

More information on this vulnerability and the update is available at:

http://www.microsoft.com/technet/security/bulletin/MS06-017.mspx


 
Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)

MS06-005

Affected Software:

* Windows Media Player for XP on Microsoft Windows XP Service Pack 1

* Windows Media Player 9 on Microsoft Windows XP Service Pack 2

* Windows Media Player 9 on Microsoft Windows Server 2003

* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of this bulletin for details about these operating systems.

Affected Components:

* Microsoft Windows Media Player 7.1 when installed on Windows 2000 Service Pack 4

* Microsoft Windows Media Player 9 when installed on Windows 2000 Service Pack 4 or Windows XP Service Pack 1

* Microsoft Windows Media Player 10 when installed on Windows XP Service Pack 1 or Windows XP Service Pack 2

Note: The re-release of this security update on April 11th 2006 affects Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 specifically.

Note: The “Affected Software” section applies to Windows Media Player that shipped with a Microsoft Windows operating system. The “Affected Components” section applies to Windows Media Player that was downloaded and installed onto a Microsoft Windows operating system.

Note: The security updates for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 also apply to Microsoft Windows Server 2003 R2 severity.

Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site.

Reason for Re-release:

Microsoft updated this bulletin on April 11th to advise customers that revised versions of the security update are available for Microsoft Windows Media Player 10 when installed on Windows XP Service Pack 1 or Windows XP Service Pack 2, listed in the “Affected Components” section.

For more information, see the following two questions in the in the FAQ section of the Bulletin:

* “What are the known issues that customers may experience when they install this security update?”

* “Why did Microsoft reissue this bulletin on April 11, 2006?”

More information on this re-released bulletin is available at:

http://www.microsoft.com/technet/security/bulletin/MS06-005.mspx

Categories:
DABCC DABCC.com, the world leader in sharing the finest Virtualization & Cloud news and support resources. #Citrix, #VMware, #Microsoft, #Mobility and much more! Brought to you by @douglasabrown & team!

Featured Resources:

Related Articles:

| LATEST FEATURED RESOURCES

White Papers

    Application Lifecycle Management with Stratusphere UX – White Paper

    Enterprises today are faced with many challenges, and among those at the top of the list is the struggle surrounding the design, deployment, management and operations that support desktop applications. The demand for applications is increasing at an exponential rate, and organizations are being forced to consider platforms beyond physical, virtual and cloud-based environments. Users […]

    Downloads

      Download Commvault VM Backup and Recovery: end-to-end VM backup, recovery and cloud management

      Commvault’s ability to provide end-to-end VM backup, recovery and cloud management creates a significantly better way to build, protect and optimize VMs throughout their lifecycle. Our best-in-class software for VM backup, recovery and cloud management delivers a number of significant benefits, including: VM recovery with live recovery options; backup to and in the cloud; custom-fit […]

      On-Demand Webinars

        What’s Going on in EUC Printing – A Technical Deep Dive!

        The IGEL Community and ThinPrint invite you to watch the following technical deep dive webinar. The agenda is to technically bring you up to speed on what’s going on in the EUC Printing space today along with a deep dive into new methods, technologies, printing scenarios and a discussion on why printing still matters. You […]

        Latest Videos

          Views All IT News on DABCC.com
          Views All IT Videos on DABCC.com
          Win big $$, visit ITBaller.com for more info!

          Visit Our Sponsors

          Close