dslreports logo
site
spacer

spacer
 
    All FAQs Site FAQ DSL FAQ Cable Tech About DSL Distance DSL Hurdles »»
spc

spacer




how-to block ads



This FAQ will be updated as bulletins are released throughout the year.

Notes:
Released 12/12/06 Updated 12/19/06

MS06-78 Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows Media Format 7.1 through 9.5 Series Runtime on the following operating system versions:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 or Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows Media Format 9.5 Series Runtime x64 Edition on the following operating system versions:
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows Media Player 6.4
    • Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 or on Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:
  • Windows Vista
  • Microsoft Windows 2003 For Itanium-Based Systems and Windows Server 2003 with SP1 for Itanium-based Systems
  • Windows Media Format 11 Series when installed on all Microsoft Operating Systems
Revisions:
  • V1.0 (December 12, 2006): Bulletin published.
  • V2.0 (December 19, 2006): Bulletin updated has been revised and re-released for the Korean only package on Microsoft Windows Media Runtime Format 7.1 and 9.0 Series Runtime on Windows 2000 Service Pack 4 to address the issues identified in Microsoft Knowledge Base Article 923689. Additional clarity around file versions in the Ive installed the Windows Media Format Runtime security update. What version of Windows Media Format Runtime should I have installed? in the Frequently Asked Questions (FAQ) Related to this Security Update section.

Released 12/12/06

MS06-77 Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)

Maximum Severity Rating: Important

Affected Software:
  • Microsoft Windows 2000 Service Pack 4

Non-Affected Software:
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition
  • Windows Vista

Released 12/12/06 Updated 12/20/06

MS06-76 Cumulative Security Update for Outlook Express (923694)

Maximum Severity Rating: Important

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:
  • Windows Vista

Affected Components:
  • Outlook Express 5.5 Service Pack 2 on Microsoft Windows 2000 Service Pack 4
  • Outlook Express 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4
  • Outlook Express 6 on Microsoft Windows XP Service Pack 2
  • Outlook Express 6 on Microsoft Windows XP Professional x64 Edition
  • Outlook Express 6 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Outlook Express 6 on Microsoft Windows Server 2003 x64 Edition
  • Outlook Express 6 on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Revisions:
  • V1.0 (December 12, 2006): Bulletin published.
  • V1.1 (December 20, 2006): Bulletin updated to modify the File Information for Windows Server 2003 in the Security Update Information section.

Released 12/12/06

MS06-75 Vulnerability in Windows Could Allow Elevation of Privilege (926255)

Maximum Severity Rating: Important

Affected Software:
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2003 for Itanium-based Systems

Non-Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition
  • Windows Vista

Released 12/12/06

MS06-74 Vulnerability in SNMP Could Allow Remote Code Execution (926247)

Maximum Severity Rating: Important

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:
  • Windows Vista

Released 12/12/06

MS06-73 Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Visual Studio 2005
    • Visual Studio 2005 Standard Edition
    • Visual Studio 2005 Professional Edition
    • Visual Studio 2005 Team Suite
    • Visual Studio 2005 Team Edition for Developers
    • Visual Studio 2005 Team Edition for Architects
    • Visual Studio 2005 Team Edition for Testers

Non-Affected Software:
  • Microsoft Visual Studio 2005
    • Visual Basic 2005 Express Edition
    • Visual C++ 2005 Express Edition
    • Visual C# Express Edition
    • Visual J# Express Edition
    • Visual Web Developer Express Edition
    • Visual Studio 2005 Tools For Office
    • Visual Studio 2005 Team Explorer
    • Visual Studio 2005 Team Foundation Dual-Server
    • Visual Studio 2005 Team Foundation Single Server
    • Visual Studio 2005 Team Foundation Proxy
    • Visual Studio 2005 Team Foundation Build
    • Visual Studio 2005 Premier Partner Edition
  • Microsoft Visual Studio 6.0 Service Pack 6
  • Microsoft Visual Studio .NET 2002 Service Pack 1
  • Microsoft Visual Studio .NET 2003 Service Pack 1

Released 12/12/06

MS06-72 Cumulative Security Update for Internet Explorer (925454)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:
  • Windows Vista

Affected Components:
  • Microsoft Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4
  • Microsoft Internet Explorer 6 Service Pack 1 when installed on Windows 2000 Service Pack 4
  • Microsoft Internet Explorer 6 for Windows XP Service Pack 2
  • Microsoft Internet Explorer 6 for Windows XP Professional x64 Edition
  • Microsoft Internet Explorer 6 for Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems and Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Internet Explorer 6 for Windows Server 2003 x64 Edition

Non-Affected Components:
  • Windows Internet Explorer 7 for Windows XP Service Pack 2
  • Windows Internet Explorer 7 for Windows XP Professional x64 Edition
  • Windows Internet Explorer 7 for Windows Server 2003 Service Pack 1
  • Windows Internet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based Systems
  • Windows Internet Explorer 7 for Windows Server 2003 x64 Edition
  • Windows Internet Explorer 7 in Windows Vista

Released 11/14/06 Updated 11/15/06

MS06-071 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft XML Core Services 4.0 when installed on Windows
  • Microsoft XML Core Services 6.0 when installed on Windows (all versions)

Non-Affected Software:
  • Microsoft XML Core Services 3.0
  • Microsoft XML Core Services 5.0
Revisions:
  • V1.0 (November 14, 2006): Bulletin published.
  • V1.1 (November 15, 2006): Bulletin updated: executable name for msxml6 has been updated with correct name and log file has been updated with correct KB number. Additional clarification has also been added to clarify which components of the previous Bulletin this update replaces.

Released 11/14/06

MS06-070 Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 2

Non-Affected Software:
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition
  • Windows Vista

Released 11/14/06 Updated 11/15/06

MS06-069 Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition

Non-Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition
  • Windows Vista
Revisions:
  • V1.0 (November 14, 2006): Bulletin published.
  • V1.1 (November 15, 2006): Bulletin revised to clarify that this security update installs Flash6.ocx version 6.0.88.0 and removes the version of Flash.ocx it is replacing.

Released 11/14/06

MS06-068 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:
  • Windows Vista

Released 11/14/06

MS06-067 Cumulative Security Update for Internet Explorer (922760)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:
  • Windows Vista

Affected Components:
  • Microsoft Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4
  • Microsoft Internet Explorer 6 Service Pack 1 on Windows 2000 Service Pack 4
  • Microsoft Internet Explorer 6 for Windows XP Service Pack 2
  • Microsoft Internet Explorer 6 for Windows XP Professional x64 Edition
  • Microsoft Internet Explorer 6 for Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems and Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Internet Explorer 6 for Windows Server 2003 x64 Edition

Non-Affected Components:
  • Windows Internet Explorer 7 for Windows XP Service Pack 2
  • Windows Internet Explorer 7 for Windows XP Professional x64 Edition
  • Windows Internet Explorer 7 for Windows Server 2003 Service Pack 1
  • Windows Internet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based Systems
  • Windows Internet Explorer 7 for Windows Server 2003 x64 Edition
  • Windows Internet Explorer 7 in Windows Vista

Released 11/14/06

MS06-066 Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980)

Maximum Severity Rating: Important

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

Non-Affected Software:
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition
  • Windows Vista

Released 10/10/06

MS06-065 Vulnerability in Windows Object Packager Could Allow Remote Execution (924496)

Maximum Severity Rating: Moderate

Affected Software:
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:
  • Microsoft Windows 2000 Service Pack 4

Released 10/10/06

MS06-064 Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819)

Maximum Severity Rating: Low

Affected Software:
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:
  • Microsoft Windows 2000 Service Pack 4

Released 10/10/06

MS06-063 Vulnerability in Server Service Could Allow Denial of Service (923414)

Maximum Severity Rating: Important

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Released 10/10/06

MS06-062 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Office 2000 Service Pack 3
    • Microsoft Access 2000
    • Microsoft Excel 2000
    • Microsoft FrontPage 2000
    • Microsoft Outlook 2000
    • Microsoft PowerPoint 2000
    • Microsoft Publisher 2000
    • Microsoft Word 2000
  • Microsoft Office XP Service Pack 3
    • Microsoft Access 2002
    • Microsoft Excel 2002
    • Microsoft FrontPage 2002
    • Microsoft Outlook 2002
    • Microsoft PowerPoint 2002
    • Microsoft Publisher 2002
    • Microsoft Visio 2002
    • Microsoft Word 2002
  • Microsoft Office 2003 Service Pack 1 or Service Pack 2
    • Microsoft Access 2003
    • Microsoft Excel 2003
    • Microsoft Excel 2003 Viewer
    • Microsoft FrontPage 2003
    • Microsoft InfoPath 2003
    • Microsoft OneNote 2003
    • Microsoft Outlook 2003
    • Microsoft PowerPoint 2003
    • Microsoft Project 2003
    • Microsoft Publisher 2003
    • Microsoft Visio 2003
    • Microsoft Word 2003
    • Microsoft Word 2003 Viewer
  • Microsoft Project 2000 Service Release 1
  • Microsoft Project 2002 Service Pack 1
  • Microsoft Visio 2002 Service Pack 2
  • Microsoft Office 2004 for Mac
  • Microsoft Office v. X for Mac

Non-Affected Software:
  • Microsoft PowerPoint 2003 Viewer
  • Microsoft Works Suites:
    • Microsoft Works Suite 2004
    • Microsoft Works Suite 2005
    • Microsoft Works Suite 2006

Released 10/10/06 Updated 10/19/06

MS06-061 Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Windows 2000 Service Pack 4
  • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Service Pack 1
  • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Service Pack 2
  • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Professional x64 Edition
  • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003
  • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 Service Pack 1
  • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 x64 Edition
  • Microsoft Office 2003 Service Pack 1 or Service Pack 2 with Microsoft XML Core Services 5.0 Service Pack 1

Non-Affected Software:
  • Windows 2000 Service Pack 4 running Microsoft XML Core Services 2.5
  • Microsoft Windows XP Service Pack 1 running Microsoft XML Core Services 2.5
  • Microsoft Windows XP Service Pack 2 running Microsoft XML Core Services 2.5
  • Microsoft Windows Server 2003 running Microsoft XML Core Services 2.5
  • Microsoft Windows Server 2003 Service Pack 1 running Microsoft XML Core Services 2.5

Affected Components:
  • Microsoft XML Core Services 4.0 when installed on Windows 2000 Service Pack 4
  • Microsoft XML Core Services 4.0 when installed on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft XML Core Services 4.0 when installed on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft XML Core Services 6.0 when installed on Windows 2000 Service Pack 4
  • Microsoft XML Core Services 6.0 when installed on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft XML Core Services 6.0 when installed on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

Revisions:
  • V1.0 (October 10, 2006): Bulletin published.
  • V1.1 (October 11, 2006): Bulletin updated: removed erroneous Security Update Replacement information. This update does not replace a prior security update.
  • V2.0 (October 19, 2006): Bulletin updated: This bulletin has been re-released to re-offer the security update to customers with Windows 2000 Service Pack 4. The security update previously did not correctly set the kill bit for Microsoft XML Parser 2.6. Additional information has also been included for customers wishing to remove the security update for Microsoft XML Core Services 4.0 and Microsoft XML Core Services 6.0.

Released 10/10/06

MS06-060 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Office 2000 Service Pack 3
    • Microsoft Word 2000
  • Microsoft Office XP Service Pack 3
    • Microsoft Word 2002
  • Microsoft Office 2003 Service Pack 1 or Service Pack 2
    • Microsoft Office Word 2003
    • Microsoft Office Word 2003 Viewer
  • Microsoft Works Suites:
    • Microsoft Works Suite 2004
    • Microsoft Works Suite 2005
    • Microsoft Works Suite 2006
  • Microsoft Office 2004 for Mac
  • Microsoft Office v. X for Mac

Released 10/10/06

MS06-059 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Office 2000 Service Pack 3
    • Microsoft Excel 2000
  • Microsoft Office XP Service Pack 3
    • Microsoft Excel 2002
  • Microsoft Office 2003 Service Pack 1 or Service Pack 2
    • Microsoft Office Excel 2003
    • Microsoft Office Excel Viewer 2003
  • Microsoft Office 2004 for Mac
    • Microsoft Excel 2004 for Mac
  • Microsoft Office v. X for Mac
    • Microsoft Excel v. X for Mac
  • Microsoft Works Suites:
    • Microsoft Works Suite 2004
    • Microsoft Works Suite 2005
    • Microsoft Works Suite 2006

Released 10/10/06

MS06-058 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Office 2000 Service Pack 3
    • Microsoft PowerPoint 2000
  • Microsoft Office XP Service Pack 3
    • Microsoft PowerPoint 2002
  • Microsoft Office 2003 Service Pack 1 or Service Pack 2
    • Microsoft Office PowerPoint 2003
  • Microsoft Office 2004 for Mac
    • Microsoft PowerPoint 2004 for Mac
  • Microsoft Office v. X for Mac
    • Microsoft PowerPoint v. X for Mac

Released 10/10/06

MS06-057 Vulnerability in Windows Explorer Could Allow Remote Execution (923191)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Released 10/10/06

MS06-056 Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770)

Maximum Severity Rating: Moderate

Affected Software:
  • Microsoft .NET Framework 2.0 for the following operating system versions:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 or Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows XP Tablet PC Edition
    • Microsoft Windows XP Media Center Edition
    • Microsoft Windows Server 2003 or Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems or Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
Affected Components:
  • Microsoft .NET Framework 2.0

Non-Affected Components:
  • Microsoft .NET Framework 1.0
  • Microsoft .NET Framework 1.1

Released 9/26/06

MS06-055 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows XP Service Pack 1
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Affected Components:
  • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
  • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4

Released 9/12/06 Updated 9/13/06

MS06-054 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Office 2000 Service Pack 3
    • Office Publisher 2000
  • Microsoft Office XP Service Pack 3
    • Office Publisher 2002
  • Microsoft Office 2003 Service Pack 1 and Service Pack 2
    • Office Publisher 2003

Revisions:
  • V1.0 (September 12, 2006): Bulletin published.
  • V1.1 (September 13, 2006): Bulletin updated to provide additional clarity around Does this update contain any changes to functionality? under the FAQ for Microsoft Publisher Vulnerability section for Office 2003.

Released 9/12/06 Updated 9/13/06

MS06-053 Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685)

Maximum Severity Rating: Moderate

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Affected Components:
  • Indexing Service

Revisions
  • V1.0 (September 12, 2006): Bulletin published.
  • V1.1 (September 13, 2006): Bulletin updated the What updates does this release replace? regarding MS05-003 for Office XP Service Pack 2.

Released 9/12/06

MS06-052 Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007)

Maximum Severity Rating: Important

Affected Software:
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

Non-Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition


Released 8/8/06

MS06-051 Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Released 8/8/06

MS06-050 Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Released 8/8/06

MS06-049 Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Released 8/8/06

MS06-048 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Office 2000 Service Pack 3
    • Microsoft PowerPoint 2000
  • Microsoft Office XP Service Pack 3
    • Microsoft PowerPoint 2002
  • Microsoft Office 2003 Service Pack 1 or Service Pack 2
    • Microsoft Office PowerPoint 2003
  • Microsoft Office 2004 for Mac
    • PowerPoint 2004 for Mac
  • Microsoft Office v. X for Mac
    • PowerPoint 2004 v. X for Mac

Non-Affected Software:
  • Microsoft PowerPoint 2003 Viewer
  • Microsoft Works Suites:
    • Microsoft Works Suite 2004
    • Microsoft Works Suite 2005
    • Microsoft Works Suite 2006

Released 8/8/06

MS06-047 Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Office 2000 Service Pack 3
  • Microsoft Project 2000 Service Release 1
  • Microsoft Access 2000 Runtime Service Pack 3
  • Microsoft Office XP Service Pack 3
  • Microsoft Project 2002 Service Pack 1
  • Microsoft Visio 2002 Service Pack 2
  • Microsoft Works Suites:
    • Microsoft Works Suite 2004 Download the update (KB920821) (same as the Microsoft Office XP update)
    • Microsoft Works Suite 2005 Download the update (KB920821) (same as the Microsoft Office XP update)
    • Microsoft Works Suite 2006 Download the update (KB920821) (same as the Microsoft Office XP update)
  • Microsoft Visual Basic for Applications SDK 6.0 Download the update (KB923167)
  • Microsoft Visual Basic for Applications SDK 6.2 Download the update (KB923167)
  • Microsoft Visual Basic for Applications SDK 6.3 Download the update (KB923167)
  • Microsoft Visual Basic for Applications SDK 6.4 Download the update (KB923167)

Non-Affected Software:
  • Microsoft Office 2003 Service Pack 1 and Microsoft Office 2003 Service Pack 2

Released 8/8/06

MS06-046 Vulnerability in HTML Help Could Allow Remote Code Execution (922616)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Released 8/8/06

MS06-045 Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)

Maximum Severity Rating: Important

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Released 8/8/06

MS06-044 Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4

Non-Affected Software:
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Released 8/8/06

MS06-043 Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Affected Components:
  • Outlook Express 6 on Microsoft Windows XP Service Pack 2
  • Outlook Express 6 on Microsoft Windows XP Professional x64 Edition
  • Outlook Express 6 on Microsoft Windows Server 2003 Service Pack 1
  • Outlook Express 6 on Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Outlook Express 6 on Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2003 for Itanium-based Systems

Released 8/8/06 Updated 8/24/06

MS06-042 Cumulative Security Update for Internet Explorer (918899)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition
Affected Components:
  • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
  • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
  • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
  • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
  • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
Revisions:
  • V1.0 (August 8, 2006): Bulletin published.
  • V1.1 (August 15, 2006): Bulletin caveats updated with additional information affecting some Internet Explorer 6 Service Pack 1 customers. See Knowledge Base Article 923762 for more information.
  • V1.2 (August 22, 2006): Bulletin caveats updated with additional information regarding the release status of revised Internet Explorer 6 Service Pack 1 updates, as well as the release of Security Advisory 923762.
  • V2.0 (August 24, 2006): Bulletin reissued and updated with additional information and vulnerability details affecting Internet Explorer 6 Service Pack 1 customers.


Released 8/8/06

MS06-041 Vulnerabilities in DNS Resolution Could Allow Remote Code Execution (920683)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Released 8/8/06

MS06-040 Vulnerability in Server Service Could Allow Remote Code Execution (921883)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Released 7/11/06

MS06-039 Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Office 2003 Service Pack 1 or Service Pack 2
    • Microsoft Access 2003
    • Microsoft Excel 2003
    • Microsoft Excel 2003 Viewer
    • Microsoft FrontPage 2003
    • Microsoft InfoPath 2003
    • Microsoft OneNote 2003
    • Microsoft Outlook 2003
    • Microsoft PowerPoint 2003
    • Microsoft Project 2003
    • Microsoft Publisher 2003
    • Microsoft Visio 2003
    • Microsoft Word 2003
    • Microsoft Word 2003 Viewer
  • Microsoft Office XP Service Pack 3 - Download the update (KB917150)
    • Microsoft Access 2002
    • Microsoft Excel 2002
    • Microsoft FrontPage 2002
    • Microsoft Outlook 2002
    • Microsoft PowerPoint 2002
    • Microsoft Publisher 2002
    • Microsoft Visio 2002
    • Microsoft Word 2002
  • Microsoft Office 2000 Service Pack 3
    • Microsoft Access 2000
    • Microsoft Excel 2000
    • Microsoft FrontPage 2000
    • Microsoft Outlook 2000
    • Microsoft PowerPoint 2000
    • Microsoft Publisher 2000
    • Microsoft Word 2000
  • Microsoft Project 2002 Service Pack 1
  • Microsoft Visio 2002 Service Pack 2
  • Microsoft Project 2000 Service Release 1
  • Microsoft Office 2004 for Mac
  • Microsoft Office v. X for Mac

Non-Affected Software:
  • Microsoft Works Suites:
    • Microsoft Works Suite 2004
    • Microsoft Works Suite 2005
    • Microsoft Works Suite 2006

Released 7/11/06

MS06-038 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Office 2003 Service Pack 1 or Service Pack 2
    • Microsoft Project 2003
    • OneNote 2003
  • Microsoft Office XP Service Pack 3
  • Microsoft Office 2000 Service Pack 3
  • Microsoft Project 2002• Microsoft Works Suites:
    • Microsoft Works Suite 2004
    • Microsoft Works Suite 2005
    • Microsoft Works Suite 2006

Non- Affected Software:
  • Microsoft Office Viewers
  • Microsoft Office 2004 for Mac
  • Microsoft Office v. X for Mac

Released 7/11/06

MS06-037 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Office 2003 Service Pack 1 or Service Pack 2
    • Microsoft Excel 2003
    • Microsoft Excel Viewer 2003
  • Microsoft Office XP Service Pack 3
    • Microsoft Excel 2002
  • Microsoft Office 2000 Service Pack 3
    • Microsoft Excel 2000
  • Microsoft Office 2004 for Mac
    • Microsoft Excel 2004 for Mac
  • Microsoft Office v. X for Mac
    • Microsoft Excel v. X for Mac

Released 7/11/06

MS06-036 Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)

Released 7/11/06

MS06-035 Vulnerability in Server Service Could Allow Remote Code Execution (917159)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)

Released 7/11/06

MS06-034 Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)

Maximum Severity Rating: Important

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Professional Service Pack 1 and Microsoft Windows XP Professional Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition family

Affected Components:
  • Microsoft Internet Information Services (IIS) 6.0
  • Microsoft Internet Information Services (IIS) 5.1
  • Microsoft Internet Information Services (IIS) 5.0

Non-Affected Software:
  • Microsoft Windows XP Home Service Pack 1 and Microsoft Windows XP Home Service Pack 2

Released 7/11/06

MS06-033 Vulnerability in ASP.NET Could Allow Information Disclosure (917283)

Maximum Severity Rating: Important

Affected Software:
  • NET Framework 2.0 for the following operating system versions:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 or Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows XP Tablet PC Edition
    • Microsoft Windows XP Media Center Edition
    • Microsoft Windows Server 2003 or Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based systems and Microsoft Windows Server with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:
  • Microsoft .NET Framework 1.0
  • Microsoft .NET Framework 1.1
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)

Affected Components:
  • ASP.NET



Released 6/13/06 Updated 6/21/06

MS06-032 Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)

Maximum Severity Rating: Important

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)
Revisions:
  • V1.0 (June 13, 2006): Bulletin published.
  • V1.1 (June 21, 2006): FAQ Related to This Security Update section updated to clarify MS05-019 bulletin replacement. Vulnerability Details section of the bulletin was also updated to provide additional information on Disable IP Source Routing.

Released 6/13/06

MS06-031 Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736)

Maximum Severity Rating: Moderate

Affected Software:
  • Microsoft Windows 2000 Service Pack 4

Non-Affected Software:
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)

Released 6/13/06 Updated 6/14/06

MS06-030 Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)

Maximum Severity Rating: Important

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)
Revisions:
  • V1.0 (June 13, 2006): Bulletin published.
  • V1.1 (June 14, 2006): Acknowledgments section updated to reflect Rubn Santamartas cooperation with iDefense for reporting the associated vulnerabilities.

Released 6/13/06

MS06-029 Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)

Maximum Severity Rating: Important

Affected Software:
  • Microsoft Exchange 2000 Server Pack 3 with the August 2004 Exchange 2000 Server Post-Service Pack 3 Update Rollup
  • Microsoft Exchange Server 2003 Service Pack 1
  • Microsoft Exchange Server 2003 Service Pack 2

Released 6/13/06 Updated 6/21/06

MS06-028 Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Office 2000 Service Pack 3
    • Microsoft PowerPoint 2000
  • Microsoft Office XP Service Pack 3
    • Microsoft PowerPoint 2002
  • Microsoft Office 2003 Service Pack 1 or Service Pack 2
    • Microsoft PowerPoint 2003
  • Microsoft Office 2004 for Mac
    • Microsoft PowerPoint 2004 for Mac
  • Microsoft Office v. X for Mac
    • Microsoft PowerPoint v. X for Mac
Revisions:
  • V1.0 June 13, 2006: Bulletin published.
  • V1.1 June 14, 2006: Bulletin revised the Client Installation File Information and Administrative Installation File Information under PowerPoint 2003.
  • V1.2 June 21, 2006: Bulletin revised the What updates does this release replace? under the Frequently Asked Questions (FAQ) Related to this Security Update section.

Released 6/13/06 Updated 6/21/06

MS06-027 Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Office 2000 Service Pack 3
    • Microsoft Word 2000
  • Microsoft Office XP Service Pack 3
    • Microsoft Word 2002
  • Microsoft Office 2003 Service Pack 1 or Service Pack 2
    • Microsoft Word 2003
    • Microsoft Word Viewer 2003
  • Microsoft Works Suites:
    • Microsoft Works Suite 2000
    • Microsoft Works Suite 2001
    • Microsoft Works Suite 2002
    • Microsoft Works Suite 2003
    • Microsoft Works Suite 2004
    • Microsoft Works Suite 2005
    • Microsoft Works Suite 2006

Non-Affected Software:
  • Microsoft Word v. X for Mac
  • Microsoft Word 2004 for Mac
Revisions:
  • V1.0 (June 13, 2006): Bulletin published.
  • V1.1 (June 14, 2006): Bulletin revised: Bulletin revised: Updated the Acknowledgments section for CVE-2006-2492.
  • V1.2 (June 21, 2006): Bulletin revised: Updated the What updates does this release replace? for Word 2003.

Released 6/13/06

MS06-026 Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (918547)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) See FAQ Related to This Security Update

Non-Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Released 6/13/06 Updated 6/27/06

MS06-025 Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)
Revisions:
  • V1.0 (June 13, 2006): Bulletin published
  • V1.1 (June 19, 2006): FAQ and Vulnerability Details sections updated to provide clarification on affected RASMAN component. Caveats section updated to include known issues.
  • V1.2 (June 21, 2006): Bulletin updated to provide additional differentiation between RRAS, RAS, and RASMAN components.
  • V2.0 (June 27, 2006): Microsoft updated this bulletin and the associated security updates to address the issues affecting customers identified in Microsoft Knowledge Base Article 911280.

Released 6/13/06 Updated 6/21/06

MS06-024 Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)

Maximum Severity Rating: Critical

Affected Software:
  • Windows Media Player for XP on Microsoft Windows XP Service Pack 1
  • Windows Media Player 9 on Microsoft Windows XP Service Pack 2
  • Windows Media Player 10 on Microsoft Windows XP Professional x64 Edition
  • Windows Media Player 9 on Microsoft Windows Server 2003
  • Windows Media Player 10 on Microsoft Windows Server 2003 Service Pack 1
  • Windows Media Player 10 on Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) Review the FAQ section of this bulletin for details about these operating systems.

Affected Components:
  • Microsoft Windows Media Player 7.1 when installed on Windows 2000 Service Pack 4
  • Microsoft Windows Media Player 9 when installed on Windows 2000 Service Pack 4 or Windows XP Service Pack 1
  • Microsoft Windows Media Player 10 when installed on Windows XP Service Pack 1 or Windows XP Service Pack 2

Non-Affected Software:
  • Windows Media Player 6.4 on all Microsoft Windows operating systems
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

Revisions:
  • V1.0 (June 13, 2006): Bulletin published.
  • V1.1 (June 21, 2006): Bulletin revised Registry Key Verification for Windows Media Player 9 on Windows 2000.

Released 6/13/06

MS06-023 Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) Review the FAQ section of this bulletin for details about these operating systems.

Affected Components:
  • Microsoft JScript 5.1 on Microsoft Windows 2000 Service Pack 4
  • Microsoft JScript 5.6 and 5.5 when installed on Windows 2000 Service Pack 4
  • Microsoft JScript 5.6 on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft JScript 5.6 on Microsoft Windows XP Professional x64 Edition
  • Microsoft JScript 5.6 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft JScript 5.6 on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft JScript 5.6 on Microsoft Windows Server 2003 x64 Edition
  • Microsoft JScript 5.6 on Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) Review the FAQ section of this bulletin for details about these operating systems.

Released 6/13/06

MS06-022 Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows XP Service Pack 1
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) Review the FAQ section of this bulletin for details about these operating systems.

Affected Components:
  • Windows 2000 with the Windows 2000 AOL Image Support Update installed:
    • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4

Released 6/13/06

MS06-021 Cumulative Security Update for Internet Explorer (916281)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) Review the FAQ section of this bulletin for details about these operating systems.

Affected Components:
  • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
  • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
  • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
  • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
  • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
  • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.

Released 5/9/06

MS06-020 Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
Non-Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition
  • Windows XP Professional x64 Edition

Released 5/9/06

MS06-019 Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Exchange Server 2000 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004(870540)
  • Microsoft Exchange Server 2003 Service Pack 1
  • Microsoft Exchange Server 2003 Service Pack 2

Released 5/9/06

MS06-018 Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580)

Maximum Severity Rating: Moderate

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2003 for Itanium-based Systems
Non-Affected Software:
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)

Released 4/11/06

MS06-017 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)

Maximum Severity Rating: Moderate

Affected Software:
  • Microsoft FrontPage Server Extensions 2002 shipped on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft FrontPage Server Extensions 2002 shipped on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft FrontPage Server Extensions 2002 (x64 Edition) downloaded and installed on Microsoft Windows Server 2003 x64 Edition and Microsoft Windows XP Professional x64 Edition
  • Microsoft FrontPage Server Extensions 2002 (x86 Editions) downloaded and installed on Microsoft Windows Server 2000 Service Pack 4, Microsoft Windows XP Service Pack 1, and Microsoft Windows XP Service Pack 2
  • Microsoft SharePoint Team Services

Non-Affected Software:
  • Microsoft Windows SharePoint Services
  • Microsoft FrontPage 2002
  • Microsoft FrontPage Server Extensions 2000
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

Released 4/11/06 Updated 4/15/06

MS06-016 Cumulative Security Update for Outlook Express (911567)

Maximum Severity Rating: Important

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Windows Me) Review the FAQ section of this bulletin for details about these operating systems.

Affected Components:
  • Outlook Express 6 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Outlook Express 6 on Microsoft Windows Server 2003 x64 Edition
  • Outlook Express 6 Microsoft Windows Server 2003 on Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Outlook Express 6 on Microsoft Windows XP Service Pack 2
  • Outlook Express 6 on Microsoft Windows XP Professional x64 Edition
  • Outlook Express 6 Service Pack 1 on Microsoft Windows XP Service Pack 1 or when installed on Microsoft Windows 2000 Service Pack 4
  • Outlook Express 5.5 Service Pack 2 on Microsoft Windows 2000 Service Pack 4
Revisions:
  • V1.0 (April 11, 2006): Bulletin published.
  • V1.1 (April 15, 2006): Bulletin updated to discuss a privacy related change included in this update for Outlook Express 6 on Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Outlook Express 6 for Windows XP Service Pack 2 to ignore the X-Unsent field in email headers.

Released 4/11/06 Updated 4/25/06

MS06-015 Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
Revisions:
  • V1.0 (April 11, 2006): Bulletin published.
  • V1.1 (April 15, 2006): Bulletin revised: Caveats section updated due to new issues discovered with the security update. Users may experience issues in Windows Explorer or the Windows shell after installing the update. Security Update Information revised to reflect correct file version information for Microsoft Windows XP and Microsoft Windows 2000.
  • V1.2 (April 20, 2006): Bulletin revised: FAQ Section updated to include information about an upcoming re-release of the security update.
  • V2.0 (April 25, 2006): Bulletin revised: This bulletin has been re-released to advise customers that revised versions of the security update are available for all products listed in the Affected Software section. Customers who have already applied the MS06-015 update who are not experiencing the problem need take no action. For additional information, see Why did Microsoft reissue this bulletin on April 25, 2006. in "Frequently asked questions (FAQ) related to this security update" section.

Released 4/11/06

MS06-014 Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows XP Service Pack 1 running Microsoft Data Access Components 2.7 Service Pack 1
  • Microsoft Windows XP Service Pack 2 running Microsoft Data Access Components 2.8 Service Pack 1
  • Microsoft Windows XP Professional x64 Edition running Microsoft Data Access Components 2.8 Service Pack 2
  • Microsoft Windows Server 2003 running Microsoft Data Access Components 2.8
  • Microsoft Windows Server 2003 Service Pack 1 running Microsoft Data Access Components 2.8 Service Pack 2
  • Microsoft Windows Server 2003 for Itanium-based Systems running Microsoft Data Access Components 2.8
  • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems running Microsoft Data Access Components 2.8 Service Pack 2
  • Microsoft Windows Server 2003 x64 Edition running Microsoft Data Access Components 2.8 Service Pack 2
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.

Affected Components:
  • Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.5 Service Pack 3 installed
  • Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.7 Service Pack 1 installed
  • Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.8 installed
  • Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.8 Service Pack 1 installed
  • Windows XP Service Pack 1 with Microsoft Data Access Components 2.8 installed

Released 4/11/06

MS06-013 Cumulative Security Update for Internet Explorer (912812)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition family
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.

Note The security updates for Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 x64 Edition also apply to Microsoft Windows Server 2003 R2.

Affected Components:
  • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
  • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
  • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
  • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
  • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
  • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.

Released 03/14/06 Updated 3/17/06

MS06-012 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Office 2000 Service Pack 3
    • Microsoft Word 2000
    • Microsoft Excel 2000
    • Microsoft Outlook 2000
    • Microsoft PowerPoint 2000
    • Microsoft Office 2000 MultiLanguage Packs
  • Microsoft Office XP Service Pack 3
    • Microsoft Word 2002
    • Microsoft Excel 2002
    • Microsoft Outlook 2002
    • Microsoft PowerPoint 2002
    • Microsoft Office XP Multilingual User Interface Packs
  • Microsoft Office 2003 Service Pack 1 or Service Pack 2
    • Microsoft Excel 2003
    • Microsoft Excel 2003 Viewer
  • Microsoft Works Suites:
    • Microsoft Works Suite 2000
    • Microsoft Works Suite 2001
    • Microsoft Works Suite 2002
    • Microsoft Works Suite 2003
    • Microsoft Works Suite 2004
    • Microsoft Works Suite 2005
    • Microsoft Works Suite 2006
  • Microsoft Office X for Mac
    • Microsoft Excel X for Mac
  • Microsoft Office 2004 for Mac
    • Microsoft Excel 2004 for Mac
Non-Affected Software:
  • Microsoft Office Excel 2000 Viewer
  • Microsoft Office Excel 2002 Viewer
  • Microsoft Word 2003
  • Microsoft Outlook 2003
  • Microsoft PowerPoint 2003

Revisions:
  • V1.0 (March 14, 2006): Bulletin published.
  • V1.2 (March 17, 2006): Bulletin revised: Removed MS05-012 and MS06-010 from What updates does this release replace? in the Frequently asked questions (FAQ) related to this security update section. Updated the Mitigations and Work Around section for all vulnerabilities to provide additional clarity around Office 2000 in addition updated the Acknowledgments section for CVE-2006-0028.

Released 03/14/06 Updated 3/17/06

MS06-011 Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798)

Maximum Severity Rating: Important

Affected Software:
  • Microsoft Windows XP Service Pack 1
  • Microsoft Windows Server 2003,li>Microsoft Windows Server 2003 for Itanium-based Systems
Non-Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

REVISIONS
  • V1.0 March 14, 2006: Bulletin published.
  • V1.1 March 17, 2006: For Windows Server 2003 the File verification section updated to reflect the appropriate registry key for file detection.

Released 02/14/06

MS06-010 Vulnerability in PowerPoint 2000 Could Allow Information Disclosure (889167)

Maximum Severity Rating: Important

Affected Software:
  • Microsoft Office 2000 Service Pack 3
    • PowerPoint 2000
Non-Affected Software:
  • Microsoft Office XP Service Pack 3
    • PowerPoint 2002
  • Microsoft Office 2003 Service Pack 1 or Service Pack 2
    • PowerPoint 2003

Released 02/14/06 Updated 3/8/06

MS06-009 Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)

Maximum Severity Rating: Important

Affected Software:
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Office 2003 Software:
    • Microsoft Office 2003 Service Pack 1 and Service Pack 2
    • Microsoft Office 2003 Multilingual User Interface Packs
    • Microsoft Office Visio 2003 Multilingual User Interface Packs
    • Microsoft Office Project 2003 Multilingual User Interface Packs
    • Microsoft Office 2003 Proofing Tools
    • Microsoft Office Visio 2003
    • Microsoft Office OneNote 2003
    • Microsoft Office Project 2003

    Note The security updates for Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 x64 Edition also apply to Microsoft Windows Server 2003 R2.

    Note Only the Korean language versions of Windows are by default affected by this vulnerability. Customers running East Asian language versions of Windows have the affected component present on the system, but are only vulnerable if the Korean language IME is enabled. Customers running any other language version of Windows only need to take action if they have installed and enabled the Korean language IME.

    Note Only the Korean language versions of the listed Office 2003 products are affected, with the exception of Office 2003 Proofing Tools. Customers who have installed the Microsoft Office 2003 Proofing Tools product will need to install this security update even if they did not specifically install the Korean Proofing Tools component. When this security bulletin was issued, the most recent update for non-Korean versions of Microsoft Office 2003 Multilingual User Interface Pack was Microsoft Security Bulletin MS06-003.
Non-Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
  • Microsoft Office XP Service Pack Microsoft Office 2000 Service Pack 3
Revisions:
  • V1.0 (February 14, 2006): Bulletin published.
  • V1.1 (March 8, 2006): Bulletin revised: Executive Summary updated to clarify the criteria for a successful attack, updated the workarounds section to provide clarity for TCP port 4125.

Released 02/14/06

MS06-008 Vulnerability in Web Client Service Could Allow Remote Code Execution (911927)

Maximum Severity Rating: Important

Affected Software:
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

    Note The security updates for Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 x64 Edition also apply to Microsoft Windows Server 2003 R2.
Non-Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

Released 02/14/06

MS06-007 Vulnerability in TCP/IP Could Allow Denial of Service (913446)

Maximum Severity Rating: Important

Affected Software:
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

    Note The security updates for Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 x64 Edition also apply to Microsoft Windows Server 2003 R2.
Non-Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

Released 02/14/06

MS06-006 Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)

Maximum Severity Rating: Important

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 x64 Edition
Non-Affected Software:
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

    Note The security update for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 also applies to Microsoft Windows Server R2.

Released 02/14/06 Updated 3/8/06

MS06-005 Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)

Maximum Severity Rating: Critical

Affected Software:
  • Windows Media Player for XP on Microsoft Windows XP Service Pack 1
  • Windows Media Player 9 on Microsoft Windows XP Service Pack 2
  • Windows Media Player 9 on Microsoft Windows Server 2003
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
Affected Components:
  • Microsoft Windows Media Player 7.1 when installed on Windows 2000 Service Pack 4
  • Microsoft Windows Media Player 9 when installed on Windows 2000 Service Pack 4 or Windows XP Service Pack 1
  • Microsoft Windows Media Player 10 when installed on Windows XP Service Pack 1 or Windows XP Service Pack 2
Non-Affected Software:
  • Windows Media Player 6.4 on all Microsoft Windows operating systems
  • Windows Media Player 10 on Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

    Note The Affected Software section applies to Windows Media Player that shipped with a Microsoft Windows operating system. The Affected Components section applies to Windows Media Player that was downloaded and installed onto a Microsoft Windows operating system.

    Note The security updates for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 also apply to Microsoft Windows Server 2003 R2 severity.
Revisions:
  • V1.0 (February 14, 2006): Bulletin published
  • V1.1 (February 17, 2006): Bulletin updated for the following: What updates does this release replace? and Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by this vulnerability? within the Frequently asked questions (FAQ) related to this security update section. Updated operating systems within Severity Ratings and Vulnerability Identifiers in the Executive Summary section; Revised malicious file name (.wmp to .bmp) under the Vulnerability Details section; Revised finder details in the Acknowledgments section; and additional clarity around the workaround Un-register Quartz.dll in the Workarounds for Windows Media Player section.
  • V1.2 (March 8, 2006): Bulletin revised: Caveats section updated due to new issues discovered with the security update. Users may experience issues when they try to seek, fast rewind, or fast forward in Windows Media Player 10.

Released 02/14/06

MS06-004 Cumulative Security Update for Internet Explorer (910620)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
Non-Affected Software:
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition family
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.

    Note The bullet points for Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 x64 Edition also apply to Microsoft Windows Server 2003 R2.
Affected Components:
  • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4

Released 01/10/06 Updated: 1/18/06

MS06-003 Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Office 2000 Service Pack 3

    Microsoft Office 2000 Software:
    • Microsoft Outlook 2000
    • Microsoft Office 2000 MultiLanguage Packs
    • Microsoft Outlook 2000 English MultiLanguage Packs
  • Microsoft Office XP Service Pack 3

    Microsoft Office XP Software:
    • Microsoft Outlook 2002
    • Microsoft Office XP Multilingual User Interface Packs
        Note Multilingual User Interface Packs are for non- English packages.
  • Microsoft Office 2003 Service Pack 1 and Service Pack 2

    Microsoft Office 2003 Software:
    • Microsoft Outlook 2003
    • Microsoft Office 2003 Multilingual User Interface Packs
    • Microsoft Office 2003 Language Interface Packs
        Note Multilingual User Interface Packs are for non- English packages
  • Microsoft Exchange Server
    • Microsoft Exchange Server 5.0 Service Pack 2
    • Microsoft Exchange Server 5.5 Service Pack 4
    • Microsoft Exchange 2000 Server Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004
Non-Affected Software:
  • Microsoft Exchange Server 2003 Service Pack 1
  • Microsoft Exchange Server 2003 Service Pack 2
Revisions:
  • V1.0 (January 10, 2006): Bulletin published.
  • V1.2 (January 18, 2006): Bulletin revised for the following: Outlook 2003 and Office 2003 Multilingual Packs section under Prerequisites and Additional Update Details section; Office 2003 Service Pack 1 must be installed to install the update. Removed Microsoft Outlook 2000 English MultiLanguage Packs under Affected Software section as this is a duplicate of Microsoft Office 2000 MultiLanguage Packs. Revised Administrative Installation File Information under Outlook 2000 and Office 2000 MultiLanguage Packs, Outlook 2002 and Office XP MultiLanguage Packs and Outlook 2003 and Office 2003 Multilingual User Interface Packs section to provide additional clarity. Added Manual Client Installation Information to the Outlook 2003 and Office 2003 Multilingual User Interface Packs section to provide additional clarification.

Released 01/10/06

MS06-002 Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.

Released 01/05/06

MS06-001 Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)

Maximum Severity Rating: Critical

Affected Software:
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.



Expand got feedback?

by MSeng See Profile
last modified: 2006-12-20 18:14:26