BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Security

Desktop platforms Toolkit

Get the details on Microsoft's June security bulletins

Tags:
Security

John McCormick Tech Republic

Published: 20 Jun 2006 12:45 BST

MS06-026
Microsoft Security Bulletin MS06-026, "Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution", addresses CVE-2006-2376. This vulnerability only affects Windows 98, Windows SE, and Windows ME, and there are no reports of active exploits.

MS06-027
Microsoft Security Bulletin MS06-027, "Vulnerability in Microsoft Word Could Allow Remote Code Execution", addresses CVE-2006-2492. This update affects Microsoft Word, Word Viewer, and Microsoft Works Suite beginning with the 2000 versions; it doesn't affect Word v.X for Mac or Word 2004 for Mac.

This is a critical threat only for Word 2000; it's an important threat for all other affected versions. This security bulletin replaces MS06-012 for Word 2000 and Word 2002, and it replaces MS05-023 for Word Viewer 2003. There have been reports of active exploits for this vulnerability, so don't hesitate to apply the patch.

MS06-028
Microsoft Security Bulletin MS06-028,"Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution", addresses CVE-2006-0022. No proof-of-concept code is circulating, and this is not an active attack vector.

This is a critical threat only for PowerPoint 2000. It is an important threat for PowerPoint 2002, PowerPoint 2003, PowerPoint 2004 for Mac, and PowerPoint v.X for Mac.

Less critical threats

Let's take a look at the three security bulletins for June that Microsoft has rated important or moderate:

Microsoft Security Bulletin MS06-029, "Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection", addresses CVE-2006-1193. No reports of active exploits have surfaced.
Microsoft Security Bulletin MS06-030, "Vulnerability in Server Message Block Could Allow Elevation of Privilege", addresses CVE-2006-2373 and CVE-2006-2374. However, malicious users can't exploit this threat via the Internet, and there are no reports of active exploits.
Microsoft Security Bulletin MS06-032, "Vulnerability in TCP/IP Could Allow Remote Code Execution", addresses CVE-2006-2379. No reports of active exploits have surfaced.
Microsoft Security Bulletin MS06-031, "Vulnerability in RPC Mutual Authentication Could Allow Spoofing", addresses CVE-2006-2380. This threat only affects Windows 2000 with Service Pack 4 installed, and there have been no reports of active exploits.

Final word
While no security vulnerability is good news, most of these security bulletins address relatively minor threats, and Microsoft released them before they became public knowledge. All you need to do is apply the necessary updates to your systems.

1 2

Did you find this article useful?
111 out of 235 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

Company/Topic Alerts

Create a new alert from the list below:

Microsoft

Security

Video

Install Flash Player plugin

Find out more: From The Labs: A look at...

All videos
Most popular videos
Latest videos

Microsoft Windows 7 Special Report Special Report

How Microsoft can make Windows 7 a success

Comment Many businesses have given Vista a wide berth; Microsoft must focus on five areas to make sure Windows 7 doesn't suffer the same fate, argues TechRepublic's Jason Hiner