Microsoft's February security bulletins
John McCormick
Published: 21 Feb 2006 14:30 GMT
Microsoft sent out valentines to all its users on February 14 — seven of them, to be exact. The software giant released seven security bulletins for this month's Patch Tuesday. While two of the bulletins are critical — the remaining five are important — none of the bulletins is actually a big threat.
Details
Microsoft's seven security bulletins for February really were a Valentine's Day treat. Even the two critical bulletins aren't particularly dangerous in a corporate setting. In fact, some of the important bulletins affect only a tiny fraction of the Microsoft user base. Let's take a closer look.
MS06-004
Microsoft Security Bulletin MS06-004, Cumulative Security Update for Internet Explorer, replaces Microsoft Security Bulletin MS05-054. This update fixes the WMF Image Parsing Memory Corruption Vulnerability (CVE-2006-0020), a graphics-related problem.
This vulnerability can allow a remote attacker to run arbitrary files on a vulnerable system by tricking users into opening a specially crafted email graphics attachment or getting them to visit a malicious Web site. While this is a publicly disclosed threat, no exploits have appeared in the wild.
Applicability
Fortunately, this update only affects one version of Windows — Windows 2000 Service Pack 4. MS06-004 is a cumulative browser patch that only applies to Internet Explorer 5.01 SP4, which is part of Windows 2000 SP4. This update doesn't apply to any other versions, including IE 6 for Windows Server 2003 or Windows XP SP2.
Risk level
Microsoft has rated MS06-004 as a critical threat, but keep in mind that it affects a relatively small number of installations.
Mitigating factors
Because Microsoft's graphics engine determines how to deal with a file based on the actual file coding rather than the extension name, blocking WMF files won't block this attack — merely renaming the file with another extension would bypass the block but not remove the threat.
Fix
Install the update. A variety of known problems may occur with the installation of this patch, so check out Microsoft Knowledge Base Article 910620 to learn more details and find out about available workarounds for the problems caused by the patch.
MS06-005
Microsoft Security Bulletin MS06-005, Vulnerability in Windows Media Player Could Allow Remote Code Execution, fixes a remote code execution threat caused by the improper handling of bitmap files, which is due to an unchecked buffer (CVE-2006-0006). This update replaces Microsoft Security Bulletin MS05-009.
Because Windows Media Player isn't the normal application that processes bitmap files, this is mostly a concern for users who download...
Previous
Did you find this article useful?
210 out of 489 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
Full Talkback thread
1 comment
-
I would like to know why we call the bulletins "Se... Leslie Satenstein
