|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Important security updatediscovered vulnerabilities: Important MS06-011 Microsoft Windows Elevation of Privilege Critical MS06-012 Microsoft Office Remote Code Execution The summary for this month's bulletins can be found at the following page: http://www.microsoft.com/technet/security/bulletin/ms06-mar.mspx Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable. Microsoft Windows Malicious Software Removal Tool Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here: http://go.microsoft.com/fwlink/?LinkId=40573 High-Priority Non-Security Updates on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS) Microsoft is today also making the following High-Priority NON-SECURITY updates available on WU, MU, SUS and WSUS: 913161 Update for Outlook 2003 Junk E-Mail Filter 913807 Update for Outlook 2003 913471 Update for Office XP, Update for Office XP Proofing Tools 913571 Update for Office 2003, Office 2003 Multilingual User Interface Pack, Project 2003 Multilingual User Interface, Visio 2003 Multilingual User Interface Pack, Office 2003 Proofing Tools TechNet Webcast: Information about Microsoft March 2006 Security Bulletins Wednesday, March 15, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada) https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=10322906 77&EventCategory=4&culture=en-US&CountryCode=US The on-demand version of the Webcast will be available 24 hours after the live Webcast at: https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=10322906 77&EventCategory=4&culture=en-US&CountryCode=US ********************************************************************** TECHNICAL DETAILS MS06-011 Title: Windows Services ACLs Could Lead to Elevation of Privilege (914798) Affected Software: o Microsoft Windows XP Service Pack 1 o Microsoft Windows Server 2003 o Microsoft Windows Server 2003 for Itanium-based Systems Non-Affected Software: o Microsoft Windows 2000 Service Pack 4 o Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) o Microsoft Windows XP Service Pack 2 o Microsoft Windows XP Professional x64 Edition o Microsoft Windows Server 2003 Service Pack 1 o Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems o Microsoft Windows Server 2003 x64 Edition The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site. Impact of Vulnerability: Elevation of Privilege Maximum Severity Rating: Important Restart required: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a reboot will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012. Update can be uninstalled: This update cannot be removed. To learn more about manually removing the changes made by this update, please see Microsoft Knowledge Base Article 914798. More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS06-012.mspx ******************************************************************* MS06-012 Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413) Affected Software: o Microsoft Office 2000 Service Pack 3 o Word 2000 o Excel 2000 o Outlook 2000 o PowerPoint 2000 o Microsoft Office 2000 MultiLanguage Packs o Microsoft Office XP Service Pack 3 o Word 2002 o Excel 2002 o Outlook 2002 o PowerPoint 2002 o Microsoft Office XP Multilingual User Interface Packs o Microsoft Office 2003 Service Pack 1 or Service Pack 2 o Excel 2003 o Excel 2003 Viewer o Microsoft Works Suites: o Microsoft Works Suite 2000 o Microsoft Works Suite 2001 o Microsoft Works Suite 2002 o Microsoft Works Suite 2003 o Microsoft Works Suite 2004 o Microsoft Works Suite 2005 o Microsoft Works Suite 2006 o Microsoft Office X for Mac o Excel X for Mac o Microsoft Office 2004 for Mac o Excel 2004 for Mac Non-Affected Software: o Microsoft Excel 2000 Viewer o Microsoft Excel 2002 Viewer o Microsoft Word 2003 o Microsoft Outlook 2003 The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Restart required: Excel v. X for Mac: No restart is required. Windows-based packages: To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012. Update can be uninstalled: The ability to uninstall this update varies by package. Please see the Security Update Information section of the bulletin for details at the following link. More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS06-012.mspx Mohamed Sharaf MEA Developer Support Center ITWorx on behalf Microsoft EMEA GTSC  |
|||||||||||||||||||||||
Other interesting topics