BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Software

Desktop platforms Toolkit

Microsoft's February security bulletins

Tags:
Security,
Bulletin,
Patch,
Flaw

John McCormick Tech Republic

Published: 21 Feb 2006 14:30 GMT

...2003 disables the Web Client Service by default.

Fix
Install the update. As a workaround, disable the Web Client Service in Windows XP. (To do so, go to Control Panel | Administrative Tools | Services | WebClient.) Blocking TCP Ports 139 and 445 will also stop some attacks.

MS06-009
Microsoft Security Bulletin MS06-009, Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege, addresses the Korean IME vulnerability (CVE-2006-0008). This is a newly disclosed threat, and no exploits have appeared in the wild.

Applicability
While this threat affects a variety of Microsoft software, it only affects the Korean language version of these applications. Read the entire security bulletin for more details.

Risk level
This is an important threat for all affected versions.

Mitigating factors
In addition to only affecting the Korean language versions, there's a variety of mitigating factors. See the security bulletin for more details.

Fix
Install the update. A variety of Microsoft-approved workarounds are available, including blocking TCP port 3389 at the enterprise perimeter firewall.

MS06-010
Microsoft Security Bulletin MS06-010, Vulnerability in PowerPoint 2000 Could Allow Information Disclosure, also fixes a threat that affects only a small amount of users. This update addresses the PowerPoint Temporary Internet Files Information Disclosure vulnerability (CVE-2006-0004). This is a newly disclosed threat, and no exploits have appeared in the wild.

Applicability
This only affects PowerPoint 2000, which is part of Microsoft Office 2000 Service Pack 3. This threat doesn't affect any other versions of PowerPoint.

Risk level
Microsoft has rated this an important threat.

Mitigating factors
In addition to only affecting one version of PowerPoint, potential attackers would have to convince users to visit a malicious Web site or open a suspicious email.

Fix
Install the update. Some Microsoft-approved workarounds are available. Read the entire security bulletin for more details.

Final word
Is anyone out there still using IE 5.01? If so, it really is time to upgrade — not just install the MS06-004 patch. Likewise, the other critical bulletin shouldn't be much threat to computers in a corporate environment.

1 2 3 4

Did you find this article useful?
210 out of 489 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

Company/Topic Alerts

Create a new alert from the list below:

Microsoft
Flaw
bulletin

February
Patch
Security

Video

Install Flash Player plugin

Find out more: From The Labs: A look at...

All videos
Most popular videos
Latest videos

Microsoft Windows 7 Special Report Special Report

How Microsoft can make Windows 7 a success

Comment Many businesses have given Vista a wide berth; Microsoft must focus on five areas to make sure Windows 7 doesn't suffer the same fate, argues TechRepublic's Jason Hiner