Microsoft patches 23 flaws in Windows and Office
Nine patches are deemed critical by the software giant.
By Robert Vamosi (August 8, 2006)
http://reviews.cnet.com/4520-6600_7-6625900.html?tag=cnetfd.sdMicrosoft has released its August 2006 security bulletin, which includes 12 updates: 9 are listed by Microsoft as critical and 3 are important. Two of the critical updates this month are specific to Microsoft Office, including one specific to PowerPoint that includes the Mac versions of Office. Users of Windows 98 and Windows Me will notice that Microsoft longer offers technical support for these two operating systems. To keep your Windows 98 and Me systems secure, see our roundup of compatible third-party security applications. All Microsoft security patches for Windows and Office software are available via Microsoft Update or the individual bulletins detailed below. For more details, see our coverage on News.com.
MS06-040: Critical
Entitled "Vulnerability in Server Service Could Allow Remote Code Execution (921883)," this advisory affects Windows 2000 and XP; it also affects Windows Server 2003. Exploitation could lead to remote code execution.
MS06-041: Critical
Entitled "Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683)," this advisory affects Windows 2000 and XP; it also affects Windows Server 2003. Exploitation could lead to remote code execution.
MS06-042: Critical
Entitled "Cumulative Security Update for Internet Explorer (918899)," this advisory affects Internet Explorer versions 5.01 through 6 running on Windows 2000 and XP; it also affects Windows Server 2003. Exploitation could lead to remote code execution.
MS06-043: Critical
Entitled "Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)," this advisory affects Outlook Express 6 running Windows XP SP2, XP x64, and Windows Server 2003 SP1; it does not affect Windows 2000, XP SP1. Exploitation could lead to remote code execution.
MS06-044: Critical
Entitled "Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008)," this advisory affects Windows 2000 SP4; it does not affect Windows XP, XP x64, or Windows Server 2003. Exploitation could lead to remote code execution.
MS06-045: Important
Entitled "Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)," this advisory affects Windows 2000 SP4, XP, and Windows Server 2003. Exploitation could lead to remote code execution.
MS06-046: Critical
Entitled "Vulnerability in HTML Help Could Allow Remote Code Execution (922616)," this advisory affects Windows 2000 SP4, XP, and Windows Server 2003. Exploitation could lead to remote code execution.
MS06-047: Critical
Entitled "Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645)," this advisory affects Microsoft Office 2000 SP3, Microsoft Project SP1, Microsoft Access SP3, Microsoft Project 2002, Microsoft Visio 2002, plus Microsoft Works Suites 2004, 2005, and 2006; it does not affect Microsoft Office 2003 SP1 and SP2. Exploitation could lead to remote code execution.
MS06-048: Critical
Entitled "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968)," this advisory affects Microsoft Office 2000 SP3, specifically PowerPoint 2000; Microsoft Office XP SP3, specifically PowerPoint 2002; Microsoft Office 2003, specifically PowerPoint 2003; and Microsoft Office for Mac OS X, specifically PowerPoint 2004. It does not affect Microsoft Powerpoint Viewer 2003, or Microsoft Works Suites 2004, 2005, and 2006. Exploitation could lead to remote code execution.
MS06-049: Important
Entitled "Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958)," this advisory affects Windows 2000 SP4; it does not affect Windows XP or Windows Server 2003. Exploitation could lead to escalation of privileges on a compromised machine.
MS06-050: Important
Entitled "Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)," this advisory affects Windows 2000 and XP; it also affects Windows Server 2003. Exploitation could lead to remote code execution.
MS06-051: Critical
Entitled "Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422)," this advisory affects Windows 2000 and XP; it also affects Windows Server 2003. Exploitation could lead to remote code execution.