Patch Tuesday Analysis for October 2006

Office Shot Full of Holes.

This is a really bad month for Office with 4 critical bulletins and 2 of them already being used in real attacks making this month mainly a workstation patching effort.

Bulletin	Exploit Types /Technologies Affected	System Types Affected	Exploit details public? / Being exploited?	Comprehensive, practical workaround available?	MS severity rating	Products Affected	Notes	Randy's recommendation
MS06-062 922581	Arbitrary code / Office	Workstations	Yes/No	No	Critical	Office XP Office 2003 FrontPage 2002 Project 2003 Visio 2003 Office 2002	None	I recommend deploying this update at the same time you plug all the other Office holes this month.
MS06-056 922770	Information disclosure / .NET Framework	Servers	No/No	No	Moderate	XP Server 2003 Datacenter Server 2000 Advance Server 2000	Cross-site Scripting ASP.NET 2.0	Wait and see
MS06-064 922819	Denial of service / TCP/IP	Workstations Terminal Servers Servers	Yes/No	No	Low	XP Server 2003 Small Business Server 2003	IPv6	I recommend installing this update on Internet facing servers
MS06-057 923191	Arbitrary code / Windows Explorer	Workstations Terminal Servers	Yes/Yes	Yes	Critical	XP Server 2003 Small Business Server 2003 Small Business Server 2000	Windows Explorer	Patch or workaround
MS06-063 923414	Arbitrary code Denial of service / Server Service	Servers	Yes/No	No	Important	XP Server 2003 Datacenter Server 2000 Small Business Server 2003 Advance Server 2000 Small Business Server 2000	Server service	This one is more than a denial of service issue
MS06-058 924163	Arbitrary code / PowerPoint	Workstations Terminal Servers	Yes/Yes	No	Critical	Office XP Office 2003 Office 2004 for Mac Office X for Mac Office 2002	Including Mac	Until the update is deployed you should consider quarantining PPT files sent in emails and blocking them at web proxy gateways if possible.
MS06-059 924164	Arbitrary code / Excel	Workstations Terminal Servers	Yes/No	No	Critical	Office 2000 Office 2003 Office 2004 for Mac Excel Viewer Works 2005 Works 2004 Works 2006 Office X for Mac Office 2002	.XLS and .123 files	I recommend limited testing followed by immediate deployment
MS06-061 924191	Arbitrary code Information disclosure / XML Core Services	Workstations	No/No	No	Critical	XP Server 2003 Datacenter Server 2000 Advance Server 2000 XML Core Services XML Parser BackOffice Small Business Svr	To determine whether your version of XML Core Services is vulnerable see knowledge base article 269238.	Since these vulnerabilities are not yet publicly detailed I recommend identifying exactly which systems are vulnerable in your environment and testing the patch before deployment.
MS06-065 924496	Arbitrary code / Windows	Workstations Terminal Servers	No/No	No	Moderate	XP Server 2003 Small Business Server 2003	Windows Object Packager	I would normally recommend full testing but since there are so many other workstation exploits this month some organizations will choose to roll this update into the testing and deployment effort.
MS06-060 924554	Arbitrary code / Word	Workstations Terminal Servers	Yes/Yes	No	Critical	Office 2000 Office 2003 Office 2002	None	Allows an attacker to take over a victim’s computer with a malicious Word document via email

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime.

"Thank you. I am very glad I subscribed to this newsletter. Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

- Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.

Upcoming Webinars

Additional Resources

Patch Analysis

•	Analysis Criteria
•	Patch Tuesday History
•	Research Patches

Follow @randyfsmith

About | Newsletter | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2013 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.