Microsoft's February security bulletins
John McCormick
Published: 21 Feb 2006 14:30 GMT
...it will affect the way some Web sites display. Read the entire security bulletin for more details.
MS06-007
Microsoft Security Bulletin MS06-007, Vulnerability in TCP/IP Could Allow Denial of Service, addresses the IGMP v3 DoS vulnerability (CAN-2006-0021). This update replaces Microsoft Security Bulletin MS05-019. This is a newly disclosed threat, and no exploits have appeared in the wild.
Applicability
- All versions of Windows XP
- All versions of Windows Server 2003
This threat does not affect Windows 2000 SP4.
Risk level
This is an important threat for all affected systems.
Mitigating factors
Using firewall best practices should block this attack vector.
Fix
Install the update. A Microsoft-approved workaround is available. However, this workaround involves editing the registry, so installing the patch is probably the better alternative.
MS06-008
Microsoft Security Bulletin MS06-008, Vulnerability in Web Client Service Could Allow Remote Code Execution, addresses a Web client vulnerability (CVE-2006-0013). This fixes a newly discovered, privately reported vulnerability. This update replaces Microsoft Security Bulletin MS05-028 for Windows XP SP1 and Windows Server 2003 — but not for Windows XP SP2 or Windows Server 2003 SP1.
Applicability
- All versions of Windows XP
- All versions of Windows Server 2003
This threat does not affect Windows 2000 SP4.
Risk level
This is an important threat for all versions of Windows XP; it is a moderate threat for all versions of Windows Server 2003.
Mitigating factors
A potential attacker requires valid logon credentials to exploit this threat. In addition, Windows Server...
Previous
Did you find this article useful?
210 out of 489 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
Full Talkback thread
1 comment
-
I would like to know why we call the bulletins "Se... Leslie Satenstein
