Security Bulletin: December 2006
Hi there folks!
Yes its that time again! Security Updates. Today we have released t security updates that you need to consider for your environment. Here is an overview of these seven new security bulletins:
Bulletin Number |
Title |
Maximum Severity |
Products Affected |
MS06-072 |
Cumulative Security Update for Internet Explorer (925454) |
Critical |
Internet Explorer 5.01 & 6 |
MS06-073 |
Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674) |
Critical |
Visual Studio 2005 |
MS06-074 |
Vulnerability in SNMP Could Allow Remote Code Execution (926247) |
Important |
Windows 2000, XP, 2003 |
MS06-075 |
Vulnerability in Windows Could Allow Elevation of Privilege (926255) |
Important |
Windows XP, 2003 |
MS06-076 |
Cumulative Security Update for Outlook Express (923694) |
Important |
Outlook Express on Windows 2000, XP, 2003 |
MS06-077 |
Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121) |
Important |
Windows 2000 |
MS06-078 |
Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689) |
Critical |
Windows Media Format 7.1 – 9.5 and Windows Media Player 6.4 on Windows 2000, XP, 2003 |
All recent updates are available for download at https://www.microsoft.com/security/.
Summaries for these new bulletins may be found here.
Microsoft continues to urge all customers to update to the latest version of Windows XP, Windows XP Service Pack 2 with Advanced Security Technologies. More information is available at https://www.microsoft.com/security/. We also encourage customers to deploy Windows Server 2003 Service Pack 1 which provides customers with significant security enhancements and reliability and performance improvements. More information about Windows Server 2003 Service Pack 1 is available here.
Microsoft recommends that all customers sign up for Microsoft Update (MU) and enable its Automatic Updates functionality to receive all updates available this month and to help make their systems more secure. MU is a service offered at no charge that gives customers everything they get through Windows Update (WU), plus high priority updates for Office and other Microsoft applications. MU includes the Automatic Updates functionality already found in WU so users can choose to automatically install high-priority updates. Customers can sign up for MU by following the steps at: https://update.microsoft.com/microsoftupdate.
Additional Resources
Microsoft encourages system administrators to join the monthly technical webcast to learn more about the December security updates, the Malicious Software Removal Tool and the TechNet IT Pro Security Newsletter column on Principles of Patch Management. The webcast is scheduled for Wednesday, December, 13, 2006 at 11:00 AM PDT. Registration is available here.
I encourage you to review all the bulletins for applicability in your environment and take appropriate action as soon as possible. Feel free to post any questions on this blog.
Cheers, Jeffa