Desktop platforms Toolkit

Microsoft's five critical security bulletins for July

John McCormick Tech Republic

Published: 24 Jul 2006 13:30 BST

…include both new and publicly known vulnerabilities, this is a critical threat for Office 2000 only. For all other affected versions, this is only an important threat.

MS06-039
Microsoft Security Bulletin MS06-039, "Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution," addresses another remote code execution threat that affects multiple Office versions and components. The two holes patched by this update are newly discovered threats.

This bulletin affects Office 2003 SP1 and SP2 (including Project 2003 and OneNote 2003), Office XP SP3, and Office 2000 SP3. It also affects Project 2000, Project 2002, Works Suite 2004, Works Suite 2005 and Works Suite 2006. This update does not affect Office Viewers, Office 2004 for Mac and Office v. X for Mac.

This is a critical threat for Office 2000 only. For all other affected versions, it's an important or moderate threat.

Less critical threats
In addition to these major threats, Microsoft released two security bulletins for July that it rated as important.

Microsoft Security Bulletin MS06-033, "Vulnerability in ASP.NET Could Allow Information Disclosure"
Microsoft Security Bulletin MS06-034, "Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution"

At least one of these may have significant implications for developers, but the implications aren't completely clear yet.

Final word
As usual, Microsoft's monthly security update release included several critical threats. However, it's important to note that many of these threats are only critical for the older Windows or Office 2000 platforms. (Newer releases have various updated default installation settings or other mitigating factors.)

That means that the actual security impact of all of these critical security bulletins is far less severe than it may at first appear. Unfortunately, they do apply to virtually every Windows platform as well as many Macintosh platforms. So even if the threats aren't particularly critical for most organisations, the work involved with patching the vulnerabilities is still extensive.

John McCormick is a security consultant and well-known author in the field of IT, with more than 17,000 published articles.

1 2

Did you find this article useful?
166 out of 329 people found this useful

More In Desktop platforms

Company/Topic Alerts

Create a new alert from the list below:

Related Jobs

Online Data Analyst

Microsoft Office, especially Excel (experience with Excel Macro's and Visual Basic would be highly beneficial). My London based client requires a ...

Reporting Analyst - London - 35,000 - 38,000 - Plus Benefits

Reporting analyst with skills in SAS, VBA and Excel required for a leading media organisation based in London. VBA Excel and Microsoft Office ...

Technical Support Engineer Windows XP 2003, Microsoft Outlook, LANs, WANs, DNS,

Technical Support Engineer Windows XP 2003, Microsoft Outlook, LANs, WANs, DNS, - Lambeth - 2198 RM helps to push the boundaries of technology to ...

Featured Talkback

So if you upgrade to XP SP3 you can't uninstall Internet Explorer, I'm quite sure I'm having a Deja-vu feeling about MS preventing people from uninstalling Internet Explorer in other Windows products.