Microsoft patches 23 flaws (9 are "critical") in Windows and Office

Microsoft patches 23 flaws in Windows and Office
Nine patches are deemed critical by the software giant.
By Robert Vamosi (August 8, 2006)

http://reviews.cnet.com/4520-6600_7-6625900.html?tag=cnetfd.sd

Microsoft has released its August 2006 security bulletin, which includes 12 updates: 9 are listed by Microsoft as critical and 3 are important. Two of the critical updates this month are specific to Microsoft Office, including one specific to PowerPoint that includes the Mac versions of Office. Users of Windows 98 and Windows Me will notice that Microsoft longer offers technical support for these two operating systems. To keep your Windows 98 and Me systems secure, see our roundup of compatible third-party security applications. All Microsoft security patches for Windows and Office software are available via Microsoft Update or the individual bulletins detailed below. For more details, see our coverage on News.com.

MS06-040: Critical

Entitled "Vulnerability in Server Service Could Allow Remote Code Execution (921883)," this advisory affects Windows 2000 and XP; it also affects Windows Server 2003. Exploitation could lead to remote code execution.

MS06-041: Critical

Entitled "Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683)," this advisory affects Windows 2000 and XP; it also affects Windows Server 2003. Exploitation could lead to remote code execution.

MS06-042: Critical

Entitled "Cumulative Security Update for Internet Explorer (918899)," this advisory affects Internet Explorer versions 5.01 through 6 running on Windows 2000 and XP; it also affects Windows Server 2003. Exploitation could lead to remote code execution.

MS06-043: Critical

Entitled "Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)," this advisory affects Outlook Express 6 running Windows XP SP2, XP x64, and Windows Server 2003 SP1; it does not affect Windows 2000, XP SP1. Exploitation could lead to remote code execution.

MS06-044: Critical

Entitled "Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008)," this advisory affects Windows 2000 SP4; it does not affect Windows XP, XP x64, or Windows Server 2003. Exploitation could lead to remote code execution.

MS06-045: Important

Entitled "Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)," this advisory affects Windows 2000 SP4, XP, and Windows Server 2003. Exploitation could lead to remote code execution.

MS06-046: Critical

Entitled "Vulnerability in HTML Help Could Allow Remote Code Execution (922616)," this advisory affects Windows 2000 SP4, XP, and Windows Server 2003. Exploitation could lead to remote code execution.

MS06-047: Critical

Entitled "Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645)," this advisory affects Microsoft Office 2000 SP3, Microsoft Project SP1, Microsoft Access SP3, Microsoft Project 2002, Microsoft Visio 2002, plus Microsoft Works Suites 2004, 2005, and 2006; it does not affect Microsoft Office 2003 SP1 and SP2. Exploitation could lead to remote code execution.

MS06-048: Critical

Entitled "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968)," this advisory affects Microsoft Office 2000 SP3, specifically PowerPoint 2000; Microsoft Office XP SP3, specifically PowerPoint 2002; Microsoft Office 2003, specifically PowerPoint 2003; and Microsoft Office for Mac OS X, specifically PowerPoint 2004. It does not affect Microsoft Powerpoint Viewer 2003, or Microsoft Works Suites 2004, 2005, and 2006. Exploitation could lead to remote code execution.

MS06-049: Important

Entitled "Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958)," this advisory affects Windows 2000 SP4; it does not affect Windows XP or Windows Server 2003. Exploitation could lead to escalation of privileges on a compromised machine.

MS06-050: Important

Entitled "Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)," this advisory affects Windows 2000 and XP; it also affects Windows Server 2003. Exploitation could lead to remote code execution.

MS06-051: Critical

Entitled "Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422)," this advisory affects Windows 2000 and XP; it also affects Windows Server 2003. Exploitation could lead to remote code execution.

crap? If it was a car, no one would be around long enough for the recall.

Or putting out software that needs fixes?

If its software that needs fixes, then every single software producer on the planet gets away with it. :)

after the fact like old Billy.

:shrug:

I've been slowly switching over since this past winter. What's holding me up? I depend heavily on several programs I wrote in Visual Basic and with MS Word, and Linuxland scorns VB; Open Office is much more difficult to program for, and the learning curve has been steeper than I've been prepared for. But as Linux approaches "critical mass", that's changing. And besides, I might be an old dog, but I'm not incapable of learning new tricks.

I hope to be able to delete the massive virus that is WinXP from my computer by the end of the year.

And would you know, I was a Microsoft developer for about eight years? (Of course, Bill was instrumental in encouraging massive offshoring, too.)

I suffer through an average of two file system lock-ups per hour with WinXP; Win2k never did that, but they're dropping security support for it. The situation is nonsense. WinXP is a $200 piece of software that suffers frequent and data-destroying breakdowns, that spies on you and forces you to do a lengthy re-registration every time you upgrade. It's for the birds, and the vultures in Redmond can have it.

--p!

I decided to join 2001 a few months ago and finally upgrade my computer to Windows XP, and it's been a nightmare ever since. Since upgrading, I can't reinstall my scanner or my printer. I'm a full-time college student and taking summer classes, and my husband is still looking for work, so having a printer is pretty critical. My husband's pretty good with computers and he's looked up MS tech support pages to see if he could figure out how to fix this. So far absolutely nothing has worked.

I recently got a job and as soon as I start getting checks, or I get my fall financial aid (whichever comes first), I am going to buy a Mac and turn my back on MS hopefully forever. I never thought I'd become one of those Apple snobs but MS has driven a lot of us to that.