Neue SIcherheitsbulletins und Patches
- From: "Senaj Lelic [DE MVP Visio]" <Thanks@xxxxxxxxxxxxxxxx>
- Date: Wed, 11 Oct 2006 19:29:30 +0200
================================================
New Security Bulletins
================================================
Microsoft is releasing the following security bulletins for newly discovered
vulnerabilities:
Moderate MS06-056 Microsoft Windows .NET Framework 2.0 Information
Disclosure
Critical MS06-057 Microsoft Windows Remote Code Execution
Critical MS06-058 Microsoft Office Remote Code Execution
Critical MS06-059 Microsoft Office Remote Code Execution
Critical MS06-060 Microsoft Office Remote Code Execution
Critical MS06-061 Microsoft Windows or Office Remote Code Execution
Critical MS06-062 Microsoft Office Remote Code Execution
Important MS06-063 Microsoft Windows Denial of Service
Low MS06-064 Microsoft Windows Denial of Service
Important MS06-065 Microsoft Windows Remote Code Execution
Summaries for these new bulletins may be found at the following pages:
http://www.microsoft.com/technet/security/bulletin/ms06-oct.mspx
Customers are advised to review the information in the bulletins, test and
deploy the updates immediately in their environments, if applicable.
================================================
Microsoft Windows Malicious Software Removal Tool
================================================
Microsoft is releasing an updated version of the Microsoft Windows Malicious
Software Removal Tool on Windows Server Update Services (WSUS), Windows
Update (WU) and the Download Center. Note that this tool will NOT be
distributed using Software Update Services (SUS). Information on the
Microsoft Windows Malicious Software Removal Tool can be located here:
http://go.microsoft.com/fwlink/?LinkId=40573
================================================
High-Priority Non-Security Updates on Microsoft Update (MU), Windows Update
(WU), Windows Server Update Services (WSUS) and Software Update Services
(SUS) ================================================
Microsoft is today also making the following High-Priority NON-SECURITY
updates available on WU, MU, SUS and WSUS:
KB NUMBER TITLE Available via:
912580 Update for Outlook 2003 Junk E-Mail Filter MU
923097 Update for Office 2003 MU
================================================
TechNet Webcast: Information about Microsoft August 2006 Security Bulletins
================================================
Information about Microsoft October 2006 Security Bulletins (Level 200)
Wednesday, 11 October 2006 11:00 AM (GMT-08:00) Pacific Time (US & Canada)
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032308775
The on-demand version of the webcast will be available 24 hours after the
live webcast at:
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032308775
================================================
Security Bulletin Details
================================================
MS06-056
Title: Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure
(922770)
Affected Software:
Microsoft .NET Framework 2.0 for the following operating system versions:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1 or Windows XP Service Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows XP Tablet PC Edition
* Microsoft Windows XP Media Center Edition
* Microsoft Windows Server 2003 or Microsoft Windows Server 2003 Service
Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems or Windows Server
2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Affected Components:
* Microsoft .NET Framework 2.0
Non-Affected Software:
* Microsoft .NET Framework 1.0
* Microsoft .NET Framework 1.1
Impact of Vulnerability: Information Disclosure
Maximum Severity Rating: Moderate
Restart Requirement: This update does not require a restart. The installer
stops the required services, applies the update, and then restarts the
services. However, if the required services cannot be stopped for any
reason, or if required files are being used, this update will require a
restart. If this behavior occurs, a message appears that advises you to
restart.
To help reduce the chance that a reboot will be required, stop all affected
services and close all applications that may use the affected files prior to
installing the security update. For more information about the reasons why
you may be prompted to restart your computer, see Microsoft Knowledge Base
Article 887012 <http://support.microsoft.com/kb/887012> .
Update Can Be Uninstalled: Yes. To remove this security update, use the Add
or Remove Programs tool in Control Panel.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-056.mspx
******************************************************************
MS06-057
Title: Vulnerability in Windows Explorer Could Allow Remote Execution
(923191)
Affected Software:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack
2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service
Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: You must restart your system after you apply this
security update.
Update Can Be Uninstalled: Yes. To remove this security update, use the Add
or Remove Programs tool in Control Panel.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-057.mspx
******************************************************************
MS06-058
Title: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code
Execution (924163)
Affected Software:
· Microsoft Office 2000 Service Pack 3
· Microsoft PowerPoint 2000
· Microsoft Office XP Service Pack 3
· Microsoft PowerPoint 2002
· Microsoft Office 2003 Service Pack 1 or Service Pack 2 · Microsoft Office
PowerPoint 2003 · Microsoft Office 2004 for Mac · Microsoft PowerPoint 2004
for Mac · Microsoft Office v. X for Mac · Microsoft PowerPoint v. X for Mac
Non-Affected Software:
* Microsoft PowerPoint 2003 Viewer
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: Varies depending on which update is being installed
(Office version, Operating System). See the Security Bulletin - linked below
for more details.
Update Can Be Uninstalled: Varies depending on which update is being
installed (Office version, Operating System). See the Security Bulletin -
linked below for more details.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-058.mspx
******************************************************************
MS06-059
Title: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
(924164)
Affected Software:
· Microsoft Office 2000 Service Pack 3
· Microsoft Excel 2000
· Microsoft Office XP Service Pack 3
· Microsoft Excel 2002
· Microsoft Office 2003 Service Pack 1 or Service Pack 2
· Microsoft Office Excel 2003
· Microsoft Office Excel Viewer 2003 · Microsoft Office 2004 for Mac
· Microsoft Excel 2004 for Mac
· Microsoft Office v. X for Mac
· Microsoft Excel v. X for Mac
· Microsoft Works Suites:
· Microsoft Works Suite 2004
· Microsoft Works Suite 2005
· Microsoft Works Suite 2006
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: Varies depending on which update is being installed
(Office version, Operating System). See the Security Bulletin - linked below
for more details.
Update Can Be Uninstalled: Varies depending on which update is being
installed (Office version, Operating System). See the Security Bulletin -
linked below for more details.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-059.mspx
******************************************************************
MS06-060
Title: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution
(924554)
Affected Software:
· Microsoft Office 2000 Service Pack 3
· Microsoft Word 2000
· Microsoft Office XP Service Pack 3
· Microsoft Word 2002
· Microsoft Office 2003 Service Pack 1 or Service Pack 2
· Microsoft Office Word 2003
· Microsoft Office Word 2003 Viewer
· Microsoft Works Suites:
· Microsoft Works Suite 2004
· Microsoft Works Suite 2005
· Microsoft Works Suite 2006
· Microsoft Office 2004 for Mac
· Microsoft Office v. X for Mac
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: Varies depending on which update is being installed
(Office version, Operating System). See the Security Bulletin - linked below
for more details.
Update Can Be Uninstalled: Varies depending on which update is being
installed (Office version, Operating System). See the Security Bulletin -
linked below for more details.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-060.mspx
******************************************************************
MS06-061
Title: Vulnerabilities in Microsoft XML Core Services Could Allow Remote
Code Execution (924191)
Affected Software:
* Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services
3.0 (all versions) on Windows 2000 Service Pack 4
* Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services
3.0 (all versions) on Microsoft Windows XP Service Pack 1
* Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services
3.0 (all versions) on Microsoft Windows XP Service Pack 2
* Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services
3.0 (all versions) on Microsoft Windows XP Professional x64 Edition
* Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services
3.0 (all versions) on Microsoft Windows Server 2003
* Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services
3.0 (all versions) on Microsoft Windows Server 2003 Service Pack 1
* Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services
3.0 (all versions) on Microsoft Windows Server 2003 for Itanium-based
Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services
3.0 (all versions) on Microsoft Windows Server 2003 x64 Edition
* Microsoft Office 2003 Service Pack 1 or Service Pack 2 with Microsoft XML
Core Services 5.0 Service Pack 1
Non-Affected Software:
* Windows 2000 Service Pack 4 running Microsoft XML Core Services 2.5
* Microsoft Windows XP Service Pack 1 running Microsoft XML Core Services
2.5
* Microsoft Windows XP Service Pack 2 running Microsoft XML Core Services
2.5
* Microsoft Windows Server 2003 running Microsoft XML Core Services 2.5
* Microsoft Windows Server 2003 Service Pack 1 running Microsoft XML Core
Services 2.5
Affected Components:
* Microsoft XML Core Services 4.0 when installed on Windows 2000 Service
Pack 4
* Microsoft XML Core Services 4.0 when installed on Microsoft Windows XP
Service Pack 1 and Microsoft Windows XP Service Pack 2
* Microsoft XML Core Services 4.0 when installed on Microsoft Windows Server
2003 and Microsoft Windows Server 2003 Service Pack 1
* Microsoft XML Core Services 6.0 when installed on Windows 2000 Service
Pack 4
* Microsoft XML Core Services 6.0 when installed on Microsoft Windows XP
Service Pack 1 and Microsoft Windows XP Service Pack 2
* Microsoft XML Core Services 6.0 when installed on Microsoft Windows Server
2003 and Microsoft Windows Server 2003 Service Pack 1
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: You must restart your system after you apply this
security update.
Update Can Be Uninstalled: Yes. To remove this security update, use the Add
or Remove Programs tool in Control Panel.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-061.mspx
******************************************************************
MS06-062
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
(922581)
Affected Software:
· Microsoft Office 2000 Service Pack 3
· Microsoft Access 2000
· Microsoft Excel 2000
· Microsoft FrontPage 2000
· Microsoft Outlook 2000
· Microsoft PowerPoint 2000
· Microsoft Publisher 2000
· Microsoft Word 2000
· Microsoft Office XP Service Pack 3
· Microsoft Access 2002
· Microsoft Excel 2002
· Microsoft FrontPage 2002
· Microsoft Outlook 2002
· Microsoft PowerPoint 2002
· Microsoft Publisher 2002
· Microsoft Visio 2002
· Microsoft Word 2002
· Microsoft Office 2003 Service Pack 1 or Service Pack 2
· Microsoft Access 2003
· Microsoft Excel 2003
· Microsoft Excel 2003 Viewer
· Microsoft FrontPage 2003
· Microsoft InfoPath 2003
· Microsoft OneNote 2003
· Microsoft Outlook 2003
· Microsoft PowerPoint 2003
· Microsoft Project 2003
· Microsoft Publisher 2003
· Microsoft Visio 2003
· Microsoft Word 2003
· Microsoft Word 2003 Viewer
· Microsoft Project 2000 Service Release 1 · Microsoft Project 2002 Service
Pack 2 · Microsoft Visio 2002 Service Pack 2 · Microsoft Office 2004 for Mac
· Microsoft Office v. X for Mac
Non-Affected Software:
· Microsoft PowerPoint 2003 Viewer
· Microsoft Works Suites:
· Microsoft Works Suite 2004
· Microsoft Works Suite 2005
· Microsoft Works Suite 2006
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: Varies depending on which update is being installed
(Office version, Operating System). See the Security Bulletin - linked below
for more details.
Update Can Be Uninstalled: Varies depending on which update is being
installed (Office version, Operating System). See the Security Bulletin -
linked below for more details.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-062.mspx
******************************************************************
MS06-063
Title: Vulnerability in Server Service Could Allow Denial of Service
(923414)
Affected Software:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack
2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service
Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Important
Restart Requirement: You must restart your system after you apply this
security update.
Update Can Be Uninstalled: Yes. To remove this security update, use the Add
or Remove Programs tool in Control Panel.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-063.mspx
******************************************************************
MS06-064
Title: Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819)
Affected Software:
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack
2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service
Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Non-Affected Software:
* Microsoft Windows 2000 Service Pack 4
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Low
Restart Requirement: You must restart your system after you apply this
security update.
Update Can Be Uninstalled: Yes. To remove this security update, use the Add
or Remove Programs tool in Control Panel.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-064.mspx
******************************************************************
MS06-065
Title: Vulnerability in Windows Object Packager Could Allow Remote Execution
(924496)
Affected Software:
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack
2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service
Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Non-Affected Software:
* Microsoft Windows 2000 Service Pack 4
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Moderate
Restart Requirement: You must restart your system after you apply this
security update.
Update Can Be Uninstalled: Yes. To remove this security update, use the Add
or Remove Programs tool in Control Panel.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-065.mspx
******************************************************************
Notes and Disclaimers
Regarding Affected Software listed above and in the Security Bulletins:
* The software listed in the sections above has been tested to determine
whether the versions are affected. Other versions either no longer include
security update support or may not be affected. To determine the support
life cycle for your product and version, visit the Microsoft Support
Lifecycle Web site:
http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle
* Security updates for Microsoft Windows Server 2003, Windows Server 2003
Service Pack 1, and Windows Server 2003 x64 Edition also apply to Windows
Server 2003 R2.
Regarding information consistency:
We strive to provide you with accurate information in static (this mail) and
dynamic (web-based) content. Security Bulletins posted to the web are
occasionally updated to reflect late-breaking information. If this results
in an inconsistency between the information here and the information in the
web-based security bulletin, the information in the web-based security
bulletin is authoritative.
******************************************************************
================================================
New Security Bulletins
================================================
Microsoft is releasing the following security bulletins for newly discovered
vulnerabilities:
Moderate MS06-056 Microsoft Windows .NET Framework 2.0 Information
Disclosure
Critical MS06-057 Microsoft Windows Remote Code Execution
Critical MS06-058 Microsoft Office Remote Code Execution
Critical MS06-059 Microsoft Office Remote Code Execution
Critical MS06-060 Microsoft Office Remote Code Execution
Critical MS06-061 Microsoft Windows or Office Remote Code Execution
Critical MS06-062 Microsoft Office Remote Code Execution
Important MS06-063 Microsoft Windows Denial of Service
Low MS06-064 Microsoft Windows Denial of Service
Important MS06-065 Microsoft Windows Remote Code Execution
Summaries for these new bulletins may be found at the following pages:
http://www.microsoft.com/technet/security/bulletin/ms06-oct.mspx
Customers are advised to review the information in the bulletins, test and
deploy the updates immediately in their environments, if applicable.
================================================
Microsoft Windows Malicious Software Removal Tool
================================================
Microsoft is releasing an updated version of the Microsoft Windows Malicious
Software Removal Tool on Windows Server Update Services (WSUS), Windows
Update (WU) and the Download Center. Note that this tool will NOT be
distributed using Software Update Services (SUS). Information on the
Microsoft Windows Malicious Software Removal Tool can be located here:
http://go.microsoft.com/fwlink/?LinkId=40573
================================================
High-Priority Non-Security Updates on Microsoft Update (MU), Windows Update
(WU), Windows Server Update Services (WSUS) and Software Update Services
(SUS) ================================================
Microsoft is today also making the following High-Priority NON-SECURITY
updates available on WU, MU, SUS and WSUS:
KB NUMBER TITLE Available via:
912580 Update for Outlook 2003 Junk E-Mail Filter MU
923097 Update for Office 2003 MU
================================================
TechNet Webcast: Information about Microsoft August 2006 Security Bulletins
================================================
Information about Microsoft October 2006 Security Bulletins (Level 200)
Wednesday, 11 October 2006 11:00 AM (GMT-08:00) Pacific Time (US & Canada)
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032308775
The on-demand version of the webcast will be available 24 hours after the
live webcast at:
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032308775
================================================
Security Bulletin Details
================================================
MS06-056
Title: Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure
(922770)
Affected Software:
Microsoft .NET Framework 2.0 for the following operating system versions:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1 or Windows XP Service Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows XP Tablet PC Edition
* Microsoft Windows XP Media Center Edition
* Microsoft Windows Server 2003 or Microsoft Windows Server 2003 Service
Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems or Windows Server
2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Affected Components:
* Microsoft .NET Framework 2.0
Non-Affected Software:
* Microsoft .NET Framework 1.0
* Microsoft .NET Framework 1.1
Impact of Vulnerability: Information Disclosure
Maximum Severity Rating: Moderate
Restart Requirement: This update does not require a restart. The installer
stops the required services, applies the update, and then restarts the
services. However, if the required services cannot be stopped for any
reason, or if required files are being used, this update will require a
restart. If this behavior occurs, a message appears that advises you to
restart.
To help reduce the chance that a reboot will be required, stop all affected
services and close all applications that may use the affected files prior to
installing the security update. For more information about the reasons why
you may be prompted to restart your computer, see Microsoft Knowledge Base
Article 887012 <http://support.microsoft.com/kb/887012> .
Update Can Be Uninstalled: Yes. To remove this security update, use the Add
or Remove Programs tool in Control Panel.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-056.mspx
******************************************************************
MS06-057
Title: Vulnerability in Windows Explorer Could Allow Remote Execution
(923191)
Affected Software:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack
2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service
Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: You must restart your system after you apply this
security update.
Update Can Be Uninstalled: Yes. To remove this security update, use the Add
or Remove Programs tool in Control Panel.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-057.mspx
******************************************************************
MS06-058
Title: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code
Execution (924163)
Affected Software:
· Microsoft Office 2000 Service Pack 3
· Microsoft PowerPoint 2000
· Microsoft Office XP Service Pack 3
· Microsoft PowerPoint 2002
· Microsoft Office 2003 Service Pack 1 or Service Pack 2 · Microsoft Office
PowerPoint 2003 · Microsoft Office 2004 for Mac · Microsoft PowerPoint 2004
for Mac · Microsoft Office v. X for Mac · Microsoft PowerPoint v. X for Mac
Non-Affected Software:
* Microsoft PowerPoint 2003 Viewer
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: Varies depending on which update is being installed
(Office version, Operating System). See the Security Bulletin - linked below
for more details.
Update Can Be Uninstalled: Varies depending on which update is being
installed (Office version, Operating System). See the Security Bulletin -
linked below for more details.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-058.mspx
******************************************************************
MS06-059
Title: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
(924164)
Affected Software:
· Microsoft Office 2000 Service Pack 3
· Microsoft Excel 2000
· Microsoft Office XP Service Pack 3
· Microsoft Excel 2002
· Microsoft Office 2003 Service Pack 1 or Service Pack 2
· Microsoft Office Excel 2003
· Microsoft Office Excel Viewer 2003 · Microsoft Office 2004 for Mac
· Microsoft Excel 2004 for Mac
· Microsoft Office v. X for Mac
· Microsoft Excel v. X for Mac
· Microsoft Works Suites:
· Microsoft Works Suite 2004
· Microsoft Works Suite 2005
· Microsoft Works Suite 2006
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: Varies depending on which update is being installed
(Office version, Operating System). See the Security Bulletin - linked below
for more details.
Update Can Be Uninstalled: Varies depending on which update is being
installed (Office version, Operating System). See the Security Bulletin -
linked below for more details.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-059.mspx
******************************************************************
MS06-060
Title: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution
(924554)
Affected Software:
· Microsoft Office 2000 Service Pack 3
· Microsoft Word 2000
· Microsoft Office XP Service Pack 3
· Microsoft Word 2002
· Microsoft Office 2003 Service Pack 1 or Service Pack 2
· Microsoft Office Word 2003
· Microsoft Office Word 2003 Viewer
· Microsoft Works Suites:
· Microsoft Works Suite 2004
· Microsoft Works Suite 2005
· Microsoft Works Suite 2006
· Microsoft Office 2004 for Mac
· Microsoft Office v. X for Mac
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: Varies depending on which update is being installed
(Office version, Operating System). See the Security Bulletin - linked below
for more details.
Update Can Be Uninstalled: Varies depending on which update is being
installed (Office version, Operating System). See the Security Bulletin -
linked below for more details.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-060.mspx
******************************************************************
MS06-061
Title: Vulnerabilities in Microsoft XML Core Services Could Allow Remote
Code Execution (924191)
Affected Software:
* Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services
3.0 (all versions) on Windows 2000 Service Pack 4
* Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services
3.0 (all versions) on Microsoft Windows XP Service Pack 1
* Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services
3.0 (all versions) on Microsoft Windows XP Service Pack 2
* Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services
3.0 (all versions) on Microsoft Windows XP Professional x64 Edition
* Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services
3.0 (all versions) on Microsoft Windows Server 2003
* Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services
3.0 (all versions) on Microsoft Windows Server 2003 Service Pack 1
* Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services
3.0 (all versions) on Microsoft Windows Server 2003 for Itanium-based
Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services
3.0 (all versions) on Microsoft Windows Server 2003 x64 Edition
* Microsoft Office 2003 Service Pack 1 or Service Pack 2 with Microsoft XML
Core Services 5.0 Service Pack 1
Non-Affected Software:
* Windows 2000 Service Pack 4 running Microsoft XML Core Services 2.5
* Microsoft Windows XP Service Pack 1 running Microsoft XML Core Services
2.5
* Microsoft Windows XP Service Pack 2 running Microsoft XML Core Services
2.5
* Microsoft Windows Server 2003 running Microsoft XML Core Services 2.5
* Microsoft Windows Server 2003 Service Pack 1 running Microsoft XML Core
Services 2.5
Affected Components:
* Microsoft XML Core Services 4.0 when installed on Windows 2000 Service
Pack 4
* Microsoft XML Core Services 4.0 when installed on Microsoft Windows XP
Service Pack 1 and Microsoft Windows XP Service Pack 2
* Microsoft XML Core Services 4.0 when installed on Microsoft Windows Server
2003 and Microsoft Windows Server 2003 Service Pack 1
* Microsoft XML Core Services 6.0 when installed on Windows 2000 Service
Pack 4
* Microsoft XML Core Services 6.0 when installed on Microsoft Windows XP
Service Pack 1 and Microsoft Windows XP Service Pack 2
* Microsoft XML Core Services 6.0 when installed on Microsoft Windows Server
2003 and Microsoft Windows Server 2003 Service Pack 1
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: You must restart your system after you apply this
security update.
Update Can Be Uninstalled: Yes. To remove this security update, use the Add
or Remove Programs tool in Control Panel.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-061.mspx
******************************************************************
MS06-062
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
(922581)
Affected Software:
· Microsoft Office 2000 Service Pack 3
· Microsoft Access 2000
· Microsoft Excel 2000
· Microsoft FrontPage 2000
· Microsoft Outlook 2000
· Microsoft PowerPoint 2000
· Microsoft Publisher 2000
· Microsoft Word 2000
· Microsoft Office XP Service Pack 3
· Microsoft Access 2002
· Microsoft Excel 2002
· Microsoft FrontPage 2002
· Microsoft Outlook 2002
· Microsoft PowerPoint 2002
· Microsoft Publisher 2002
· Microsoft Visio 2002
· Microsoft Word 2002
· Microsoft Office 2003 Service Pack 1 or Service Pack 2
· Microsoft Access 2003
· Microsoft Excel 2003
· Microsoft Excel 2003 Viewer
· Microsoft FrontPage 2003
· Microsoft InfoPath 2003
· Microsoft OneNote 2003
· Microsoft Outlook 2003
· Microsoft PowerPoint 2003
· Microsoft Project 2003
· Microsoft Publisher 2003
· Microsoft Visio 2003
· Microsoft Word 2003
· Microsoft Word 2003 Viewer
· Microsoft Project 2000 Service Release 1 · Microsoft Project 2002 Service
Pack 2 · Microsoft Visio 2002 Service Pack 2 · Microsoft Office 2004 for Mac
· Microsoft Office v. X for Mac
Non-Affected Software:
· Microsoft PowerPoint 2003 Viewer
· Microsoft Works Suites:
· Microsoft Works Suite 2004
· Microsoft Works Suite 2005
· Microsoft Works Suite 2006
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart Requirement: Varies depending on which update is being installed
(Office version, Operating System). See the Security Bulletin - linked below
for more details.
Update Can Be Uninstalled: Varies depending on which update is being
installed (Office version, Operating System). See the Security Bulletin -
linked below for more details.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-062.mspx
******************************************************************
MS06-063
Title: Vulnerability in Server Service Could Allow Denial of Service
(923414)
Affected Software:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack
2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service
Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Important
Restart Requirement: You must restart your system after you apply this
security update.
Update Can Be Uninstalled: Yes. To remove this security update, use the Add
or Remove Programs tool in Control Panel.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-063.mspx
******************************************************************
MS06-064
Title: Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819)
Affected Software:
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack
2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service
Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Non-Affected Software:
* Microsoft Windows 2000 Service Pack 4
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Low
Restart Requirement: You must restart your system after you apply this
security update.
Update Can Be Uninstalled: Yes. To remove this security update, use the Add
or Remove Programs tool in Control Panel.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-064.mspx
******************************************************************
MS06-065
Title: Vulnerability in Windows Object Packager Could Allow Remote Execution
(924496)
Affected Software:
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack
2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service
Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
Non-Affected Software:
* Microsoft Windows 2000 Service Pack 4
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Moderate
Restart Requirement: You must restart your system after you apply this
security update.
Update Can Be Uninstalled: Yes. To remove this security update, use the Add
or Remove Programs tool in Control Panel.
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS06-065.mspx
******************************************************************
Notes and Disclaimers
Regarding Affected Software listed above and in the Security Bulletins:
* The software listed in the sections above has been tested to determine
whether the versions are affected. Other versions either no longer include
security update support or may not be affected. To determine the support
life cycle for your product and version, visit the Microsoft Support
Lifecycle Web site:
http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle
* Security updates for Microsoft Windows Server 2003, Windows Server 2003
Service Pack 1, and Windows Server 2003 x64 Edition also apply to Windows
Server 2003 R2.
Regarding information consistency:
We strive to provide you with accurate information in static (this mail) and
dynamic (web-based) content. Security Bulletins posted to the web are
occasionally updated to reflect late-breaking information. If this results
in an inconsistency between the information here and the information in the
web-based security bulletin, the information in the web-based security
bulletin is authoritative.
******************************************************************
--
Mit freundlichen Grüßen/ with kind regards
Senaj Lelic
DE MVP Visio
DE Visio MVP 2007
.
- Prev by Date: Darstellung von Vertragstypen
- Next by Date: Re: Darstellung von Vertragstypen
- Previous by thread: Darstellung von Vertragstypen
- Next by thread: Re: Ausdruck der Spalte Anmerkungen beim Shape Datenbanken
- Index(es):
Relevant Pages
|
