Patch Tuesday Analysis for June 2006

12 Microsoft Security Bulletins for June 2006

Microsoft finally released the patch for the very public Word 2000/2002/2003 vulnerability I began blogging about several weeks ago.  (https://www.ultimatewindowssecurity.com/blog) Until now your only real protection has been comprehensive and up-to-date anti-malware coverage.  I recommend deploying this update to all systems with a vulnerable version of Word installed as soon as possible since this is a very public vulnerability already being exploited in the wild.

In addition Microsoft released 11 other security bulletins covering a wide range of vulnerabilities.  One bulletin (MS06-021) covers 8 different vulnerabilities in Internet Explorer on all versions of Windows and I recommend installing it on all computers used to access the web.  2 bulletins deal with vulnerabilities in image file formats (ART and WMF) which you should like wise patch on workstations.  Out of the 12, only about 4 bulletins deserve particular consideration for servers which I’ve highlighted in the new table beginning with this issue of Patch Tuesday Observer.  Let me know if it’s helpful.

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS06-025

911280
Arbitrary code

/ Windows
Workstations
Terminal Servers
Servers
No/NoYesCritical Win2000
XP
Server 2003
Server 2000
Small Business Server 2003
Advance Server 2000
Remote Access Connection Manager servicePatch after full testing or disable service
MS06-029

912442
Arbitrary code

/ Exchange
Servers
No/NoNoImportant Exchange 2000
Exchange 2003
Exchange 2003 Outlook Web AccessInstall ASAP
MS06-030

914389
Privilege elevation
Denial of service

/ Windows
Workstations
Terminal Servers
No/NoNoImportant Win2000
XP
Server 2003
Server 2000
Small Business Server 2003
Advance Server 2000
Small Business Server 2000
Server Message Block ProtocolPatch after testing
MS06-021

916281
Arbitrary code

/ Windows
Workstations
Terminal Servers
Yes/NoNoCritical Win2000
XP
Server 2003
Datacenter Server 2000
Small Business Server 2003
Advance Server 2000
Small Business Server 2000
Internet Explorer
Windows Millennium
Win98
Internet ExplorerPatch after full testing
MS06-028

916768
Arbitrary code

/ PowerPoint
Workstations
Terminal Servers
No/NoNoCritical Office 2000
Office 2003
Office 2004 for Mac
Office 2002
PowerPoint all versionsPatch after testing
MS06-027

917336
Arbitrary code

/ Office
Workstations
Terminal Servers
Yes/NoNoCritical Office 2000
Office 2003
Word Viewer
Works 2005
Works 2004
Works 2006
Office 2002
Works 2000
Works 2001
Works 2002
Works 2003
Word 2000/2002/2003Patch ASAP after testing
MS06-023

917344
Arbitrary code

/ Windows
Workstations
Terminal Servers
No/NoNoCritical Win2000
XP
Server 2003
Small Business Server 2003
Advance Server 2000
JscriptPatch after full testing
MS06-024

917734
Arbitrary code

/ Windows Media
Workstations
Terminal Servers
No/NoYesCritical XP
Server 2003
Small Business Server 2003
Small Business Server 2000
Windows Media PlayerPatch or disable WMP
MS06-031

917736
Spoofing

/ Windows
Workstations
Terminal Servers
Servers
No/NoNoModerate Win2000
Server 2000
Advance Server 2000
Small Business Server 2000
RPC mutual authenticationPatch after testing in high security environments
MS06-032

917953
Arbitrary code

/ Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Win2000
XP
Server 2003
Server 2000
Datacenter Server 2000
Advance Server 2000
TCP/IP source routingPatch vulnerable systems or ensure source routing is disabled
MS06-022

918439
Arbitrary code

/ Windows
Workstations
Terminal Servers
No/NoYesCritical Win2000
XP
Server 2003
Datacenter Server 2000
Small Business Server 2003
Advance Server 2000
Small Business Server 2000
Internet Explorer
Windows Millennium
Win98
ART image filesPatch after testing or use workaround
MS06-026

918547
Arbitrary code

/ Windows
Workstations
Terminal Servers
No/NoNoCritical Windows Millennium
Win98
WMF image filesPatch after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.