Details: Microsoft has released a slew of critical bulletins for the cruelest month of all (tax day for U.S. readers). This month we have three new critical bulletins (one of which was updated over the weekend) addressing a number of vulnerabilities, along with two more bulletins addressing minor issues. (Of course no issue is really minor if it affects you.) Microsoft Security Bulletin MS06-013, "Cumulative Security Update for Internet Explorer," replaces MS05-054 (all platforms) and MS06-004 (IE 5.01 SP4 only), and the patch will affect the way IE as well as ActiveX works. There have been reports of exploits in this vulnerability. Microsoft Security Bulletin MS06-014, "Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution," addresses one vulnerability, Microsoft Windows MDAC Vulnerability-CVE-2006-0003. There have been no reports of exploits in this newly-disclosed vulnerability. Microsoft Security Bulletin MS06-015, "Vulnerability in Windows Explorer Could Allow Remote Code Execution," replaces MS05-016 and MS05-008. This is a newly discovered vulnerability with no reported exploits. Note that due to the event of the bulletin's April 15 modification, you may wish to recheck this if you had earlier dismissed the known issues with the patch as not applicable to your shop. This patch targets Windows Shell Vulnerability-CVE-2006-0012 but also addresses CVE-2004-2289. MS06-016 The remote code execution vulnerability, "Cumulative Security Update for Outlook Express," is an "important" threat. There have been no reports of exploits in this newly-disclosed vulnerability. The patch alters the way Outlook Express validates .WAB files. Please note that this bulletin has been updated (April 15), regarding a privacy related change so you may wish to recheck this bulletin if you already looked at it. MS06-017 The remote code execution vulnerability, "Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross Site Scripting," rates a "moderate" threat. There have been no reports of exploits in this newly-disclosed vulnerability. This threat mostly affects platforms with Microsoft Internet Information Services, FrontPage Server extensions 2002, or SharePoint Team Services installed.
*Tech Republic
No comments:
Post a Comment
Contact The Wizard!
(he/him)