Patch Tuesday Analysis for July 2006

We finally have patches for some nasty zero-day exploits in Office and there are new updates for some exploits that I think will be very attractive to worm writers.

7 Microsoft Security Bulletins for July 2006

Today Microsoft released 7 bulletins that cover every supported version of Windows and Office – including the Mac versions of Office.  Web server admins will want to pay particular attention to MS06-033 and MS06-034 which impact ASP.NET 2.0 and ASP respectively.  Both workstations and servers are vulnerable to MS06-035 – especially if you have the Messenger or Alerter services started.  All Windows computers that have the DHCP Client service started need to install MS06-036 which I think will be very attractive as a worm infection vector.  Finally, MS06-037,038 and 039 impact every version of Office and some related applications including Project, Visio, OneNote and Visual Studio including the 2 zero-day exploits.  All in all I recommend installation of all of these updates.  For my detailed analysis of these bulletins and further recommendations visit www.ultimateWindowsSecurity.com.

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS06-036

914388
Arbitrary code

/ Windows
Workstations
Terminal Servers
Servers
No/NoNoCritical Win2000
XP
Server 2003
Small Business Server 2003
Advance Server 2000
DHCP clientPatch ASAP
MS06-039

915384
Arbitrary code

/ Office
Workstations
Terminal Servers
No/NoNoCritical Office 2000
Office XP
Office 2003
Project 2002
Works 2005
Works 2004
Works 2006
MSPatch ASAP
MS06-035

917159
Arbitrary code

/ Windows
Workstations
Terminal Servers
Servers
No/NoNoCritical XP
Server 2003
Small Business Server 2003
Advance Server 2000
Small Business Server 2000
Close TCP 445Patch or use workarounds
MS06-033

917283
Information disclosure

/ .NET Framework
Web Servers
No/NoNoImportant XP
Server 2003
Server 2000
ASP.NETPatch after full testing
MS06-038

917284
Arbitrary code

/ Office
Workstations
Terminal Servers
Yes/NoNoCritical Office 2000
Office 2003
Project 2003
Word Viewer
Office 2004 for Mac
Visio 2003
Visio 2002
Project 2002
Frontpage 2000
Frontpage 2003
Works 2005
Works 2004
Works 2006
Office X for Mac
Office 2002
MS OfficePatch ASAP
MS06-037

917285
Arbitrary code

/ Excel
Workstations
Terminal Servers
Yes/NoNoCritical Office 2000
Office 2003
Office 2004 for Mac
Office X for Mac
Office 2002
ExcelPatch ASAP
MS06-034

917537
Arbitrary code

/ IIS
Web Servers
No/NoNoImportant Win2000
XP
Server 2003
Server 2000
Datacenter Server 2000
Advance Server 2000
Internet Information Services
ASPPatch after full testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.