Title: Microsoft Security Bulletin Summary for December 2006

[Dan]

************************************************** ******************
Title: Microsoft Security Bulletin Summary for December 2006
Issued: December 12, 2006
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=79710
************************************************** ******************

Quote:

Summary:
========
This advisory contains information about all security updates
released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS06-072 - Cumulative Security Update for Internet Explorer (925454)

- Affected Software:
- Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service
Pack 4
- Internet Explorer 6 Service Pack 1 on Windows 2000 Service
Pack 4
- Internet Explorer 6 for Windows XP Service Pack 2
- Internet Explorer 6 for Windows XP Professional x64 Edition
- Internet Explorer 6 for Windows Server 2003 and Windows
Server 2003 Service Pack 1
- Internet Explorer 6 for Windows Server 2003 for Itanium-based
Systems and Windows Server 2003 with SP1 for Itanium-based
Systems
- Internet Explorer 6 for Windows Server 2003 x64 Edition


- Impact: Remote Code Execution
- Version Number: 1.0

MS06-073 - Vulnerability in Visual Studio 2005
Could Allow Remote Code Execution (925674)

- Affected Software:
- Microsoft Visual Studio 2005


- Impact: Remote Code Execution
- Version Number: 1.0

MS06-078 - Vulnerability in Windows Media Format
Could Allow Remote Code Execution (923689)

- Affected Software:
- Microsoft Windows Media Format 7.1 through 9.5 Series Runtime
on the following operating system versions:
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 or Microsoft Windows Server
2003 Service Pack 1
- Microsoft Windows Server 2003 x64 Edition
- Microsoft Windows Media Format 9.5 Series Runtime x64 Edition
on the following operating system versions:
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 x64 Edition
- Microsoft Windows Media Player 6.4
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 or on Microsoft Windows
Server 2003 Service Pack 1
- Microsoft Windows Server 2003 x64 Edition


- Impact: Remote Code Execution
- Version Number: 1.0

Important Security Bulletins
============================

MS06-074 - Vulnerability in SNMP
Could Allow Remote Code Execution (926247)

- Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows Server 2003 with SP1
for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition


- Impact: Remote Code Execution
- Version Number: 1.0

MS06-075 - Vulnerability in Windows
Could Allow Elevation of Privilege (926255)

- Affected Software:
- Microsoft Windows XP Service Pack 2
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems


- Impact: Elevation of Privilege
- Version Number: 1.0

MS06-076 - Cumulative Security Update for Outlook Express (923694)

- Affected Software:
- Outlook Express 5.5 Service Pack 2 on Windows 2000 Service
Pack 4
- Outlook Express 6 Service Pack 1 on Windows 2000 Service
Pack 4
- Outlook Express 6 on Windows XP Service Pack 2
- Outlook Express 6 on Windows XP Professional x64 Edition
- Outlook Express 6 on Windows Server 2003 and Windows
Server 2003 Service Pack 1
- Outlook Express 6 on Windows Server 2003 for Itanium-based
Systems and Windows Server 2003 with SP1 for Itanium-based
Systems
- Outlook Express 6 on Windows Server 2003 x64 Edition


- Impact: Remote Code Execution
- Version Number: 1.0

MS06-077 - Vulnerability in Remote Installation Service
Could Allow Remote Code Execution (926121)

- Affected Software:
- Microsoft Windows 2000 Service Pack 4


- Impact: Remote Code Execution
- Version Number: 1.0

[x SF med]

This is why I update my MS stuff bi-weekly, even if there's nothing posted out there.

[hoepoe]

Yeah. hopefully Vista will be better..

Hoepoe

[Kyobanim]

Quote:

Originally Posted by hoepoe

Yeah. hopefully Vista will be better..

Hoepoe

Security wise, you will probably like Vista, but the casual user will not like the extra steps you have to go through to screw up your machine. I've been using it since Beta 2 came out, just installed enterprise 2 weeks ago, and I can't find a thing I don't like about it.

[Mav]

MS Office has had a lot of security risk increases since institution of ADS for interoperability with Mac OS and its Office.

[x SF med]

A lot of the MS security issues arise because there is still original Windows 1 beta code embedded in the OS, and Office V1 code embedded in Office (including DOS code in both). Win/Office is bloated with useless lines that can't be wiped because of some old link that'll kill the entire program. I'm waiting for the general release of Vista, I believe it was essentially started from scratch on the NT kernel, right? From what I've heard it runs like the old MS OS2, only in 64 bit.

[hoepoe]

Quote:

Originally Posted by x_sf_med

A lot of the MS security issues arise because there is still original Windows 1 beta code embedded in the OS, and Office V1 code embedded in Office (including DOS code in both). Win/Office is bloated with useless lines that can't be wiped because of some old link that'll kill the entire program. I'm waiting for the general release of Vista, I believe it was essentially started from scratch on the NT kernel, right? From what I've heard it runs like the old MS OS2, only in 64 bit.

Yup, That's why i am giving Windows a chance (security wise). I am a Linux user, wannabe Mac user, but hell, Windows, well it has the apps and works (most of the time). Other than the ethical aspect of not using it, it does have most viruses written to attack it hence i try not to use it. But as i said, it works.

Hoepoe