Patch Tuesday Analysis for October 2006

Office Shot Full of Holes.

This is a really bad month for Office with 4 critical bulletins and 2 of them already being used in real attacks making this month mainly a workstation patching effort.

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS06-062

922581
Arbitrary code

/ Office
Workstations
Yes/NoNoCritical Office XP
Office 2003
FrontPage 2002
Project 2003
Visio 2003
Office 2002
NoneI recommend deploying this update at the same time you plug all the other Office holes this month.
MS06-056

922770
Information disclosure

/ .NET Framework
Servers
No/NoNoModerate XP
Server 2003
Datacenter Server 2000
Advance Server 2000
Cross-site Scripting ASP.NET 2.0Wait and see
MS06-064

922819
Denial of service

/ TCP/IP
Workstations
Terminal Servers
Servers
Yes/NoNoLow XP
Server 2003
Small Business Server 2003
IPv6 I recommend installing this update on Internet facing servers
MS06-057

923191
Arbitrary code

/ Windows Explorer
Workstations
Terminal Servers
Yes/YesYesCritical XP
Server 2003
Small Business Server 2003
Small Business Server 2000
Windows ExplorerPatch or workaround
MS06-063

923414
Arbitrary code
Denial of service

/ Server Service
Servers
Yes/NoNoImportant XP
Server 2003
Datacenter Server 2000
Small Business Server 2003
Advance Server 2000
Small Business Server 2000
Server serviceThis one is more than a denial of service issue
MS06-058

924163
Arbitrary code

/ PowerPoint
Workstations
Terminal Servers
Yes/YesNoCritical Office XP
Office 2003
Office 2004 for Mac
Office X for Mac
Office 2002
Including MacUntil the update is deployed you should consider quarantining PPT files sent in emails and blocking them at web proxy gateways if possible.
MS06-059

924164
Arbitrary code

/ Excel
Workstations
Terminal Servers
Yes/NoNoCritical Office 2000
Office 2003
Office 2004 for Mac
Excel Viewer
Works 2005
Works 2004
Works 2006
Office X for Mac
Office 2002
.XLS and .123 filesI recommend limited testing followed by immediate deployment
MS06-061

924191
Arbitrary code
Information disclosure

/ XML Core Services
Workstations
No/NoNoCritical XP
Server 2003
Datacenter Server 2000
Advance Server 2000
XML Core Services
XML Parser
BackOffice Small Business Svr
To determine whether your version of XML Core Services is vulnerable see knowledge base article 269238.Since these vulnerabilities are not yet publicly detailed I recommend identifying exactly which systems are vulnerable in your environment and testing the patch before deployment.
MS06-065

924496
Arbitrary code

/ Windows
Workstations
Terminal Servers
No/NoNoModerate XP
Server 2003
Small Business Server 2003
Windows Object PackagerI would normally recommend full testing but since there are so many other workstation exploits this month some organizations will choose to roll this update into the testing and deployment effort.
MS06-060

924554
Arbitrary code

/ Word
Workstations
Terminal Servers
Yes/YesNoCritical Office 2000
Office 2003
Office 2002
NoneAllows an attacker to take over a victim’s computer with a malicious Word document via email

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.