In unserem Info-Board Forum finden Sie wichtige Informationen zu VB, aktuelle Sicherheitshinweise, sowie allgemeine Infos, die von unseren Moderatoren bereitgestellt wurden. Dieses Forum hat den Status read-only, d.h. nur Moderatoren können neue Beiträge einstellen!

Sie sind aktuell nicht angemeldet.

Funktionen: Einloggen  |  Neu registrieren  |  Suchen

Critical Product Vulnerability - May 2006 Microsoft Security Bulletin Release
Autor: Dieter (Moderator)
Datum: 09.05.06 20:48
New Security Bulletins Microsoft is releasing the following security bulletins for newly discovered vulnerabilities: * Moderate MS06-018 Microsoft Windows Denial of Service * Critical MS06-019 Microsoft Exchange Remote Code Execution * Critical MS06-020 Microsoft Windows Remote Code Execution The Summary for these new bulletins may be found at the following page: * http://www.microsoft.com/technet/security/bulletin/ms06-May.mspx Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable. Microsoft Windows Malicious Software Removal Tool Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here: * http://go.microsoft.com/fwlink/?LinkId=40573 High-Priority Non-Security Updates on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS) Microsoft is today also making the following High-Priority NON-SECURITY updates available on WU, MU, SUS and/or WSUS: * 917148 Update for OneNote 2003 KB917148 * 916521 Update for Outlook 2003 Junk E-Mail Filter KB916521 TechNet Webcast: Information about Microsoft May 2006 Security Bulletins * Wednesday, 10 May 2006 11:00 AM (GMT-08:00) Pacific Time (US & Canada) * http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032294228&culture=en-US The on-demand version of the Webcast will be available 24 hours after the live Webcast at: * http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032294228 ********************************************************************** MS06-018 Title: Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580) Affected Software: * Microsoft Windows 2000 Service Pack 4 * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 * Microsoft Windows Server 2003 * Microsoft Windows Server 2003 for Itanium-based Systems Non-Affected Software: * Microsoft Windows XP Professional x64 Edition * Microsoft Windows Server 2003 Service Pack 1 * Microsoft Windows Server 2003 x64 Edition * Microsoft Windows Server 2003 with SP1 for Itanium-based Systems * Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site: http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle. Impact of Vulnerability: Denial of Service Maximum Severity Rating: Moderate Restart requirement: In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a reboot will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012. Update can be uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS06-018.mspx ****************************************************************** MS06-019 Title: Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803) Affected Software: * Microsoft Exchange Server 2000 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004(870540) * Microsoft Exchange Server 2003 Service Pack 1 * Microsoft Exchange Server 2003 Service Pack 2 Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site: http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Restart requirement: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a reboot will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012. Update can be uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS06-019.mspx ****************************************************************** MS06-020 Title: Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433) Affected Software: * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 * Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of the bulletin for details about these operating systems. Non-Affected Software: * Microsoft Windows 2000 Service Pack 4 * Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 * Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems * Microsoft Windows Server 2003 x64 Edition * Windows XP Professional x64 Edition Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site: http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle. Note: Flash Player does not ship with the versions of Microsoft Windows in the not affected software list. Customers who have installed Flash Player on these versions of Windows are encouraged to follow the guidance in the Adobe Security Bulletin ASPB06-03. Caveats: * This bulletin is for customers using Macromedia Flash Player from Adobe version 6 or earlier. Customers that have followed the guidance in Adobe Security Bulletin APSB06-03 (http://go.microsoft.com/fwlink/?LinkId=62431) are not at risk from the vulnerability. * Vulnerable versions of Macromedia Flash Player from Adobe are included with Windows XP and Internet Explorer 6 Service Pack 1 when installed on Windows ME, Windows 98, and Windows 98 Second Edition. Other versions of Windows are not affected or not supported by this security update. Customers with Flash Player installed on other versions of the operating system or customers who have upgraded to Flash Player 7 or higher are encouraged to follow the guidance in the Adobe Security Bulletin APSB06-03 (http://go.microsoft.com/fwlink/?LinkId=62431). * Microsoft Knowledge Base Article 913433 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 913433 (http://support.microsoft.com/kb/913433). Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Restart requirement: This update does not require a restart. Update can be uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS06-020.mspx ****************************************************************** If you have any questions regarding the security updates or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary at the number located at http://support.microsoft.com/security _________________________ Professionelle Entwicklerkomponenten www.tools4vb.de

Critical Product Vulnerability - May 2006 Microsoft Security...

3.570

Dieter

09.05.06 20:48

In unserem Info-Board finden Sie wichtige Infos, die von den Moderatoren für Sie bereitgestellt wurden. Sie haben ebenfalls einen wichtigen Beitrag für dieses Forum? Dann wenden Sie sich bitte direkt an den  Webmaster.

Funktionen:  Zum Thema  |  Gesamtübersicht

Suchen