BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Software

Desktop platforms Toolkit

Tackling Microsoft's August patches: Part 1

Tags:
Security Bulletin,
Patch,
Microsoft

John McCormick Tech Republic

Published: 22 Aug 2006 12:20 BST

…adds up to a critical threat, most are only moderate or low-level threats to fully patched IE 6 versions on Windows XP SP2, Windows Server 2003, and Windows Server 2003 SP1.

MS06-047
Microsoft Security Bulletin MS06-047, "Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution", also deserves immediate attention because attackers are actively exploiting this flaw. This is a critical threat for Microsoft Office 2000 users.

MS06-047 addresses the Visual Basic for Applications Vulnerability (CVE-2006-3649). While this vulnerability also affects Office XP and Visual Basic for Applications SDK 6.0, 6.2, 6.3, and 6.4, it's only an important threat for these versions.

The only recommended workaround is not to open unexpected Office files or any Office files from untrusted sources.

MS06-048
Microsoft Security Bulletin MS06-048, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution", doesn't appear to pose a great threat at first glace. It only affects PowerPoint users — and it's only critical for PowerPoint 2000. (It's an important threat for all other affected versions.)

However, attackers are already exploiting the Mso.dll vulnerability, which is why I'm addressing it. MS06-048 addresses two vulnerabilities: Microsoft PowerPoint Mso.dll Vulnerability (CVE-2006-3590) and Microsoft PowerPoint Malformed Records Vulnerability (CVE-2006-3449).

This security bulletin replaces Microsoft Security Bulletin MS06-038. It affects PowerPoint 2000, PowerPoint 2002, PowerPoint 2003, PowerPoint 2004 for Mac and PowerPoint 2004 v. X for Mac.

Final word
What a lovely way to spend the dog days of August — so many security bulletins that I can't even fit all the critical threats into one article!

I've tried to prioritise these threats because I think readers have slightly different priorities (as each subset of users and managers generally does) than Microsoft's necessarily generalised ratings. I will focus on the remaining five critical threats, as well as the three important threats, in a future article.

John McCormick is a security consultant and well-known author in the field of IT, with more than 17,000 published articles. He has written the IT Locksmith column for TechRepublic for more than four years.

1 2

Did you find this article useful?
150 out of 307 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

Company/Topic Alerts

Create a new alert from the list below:

Microsoft
security bulletin

Patch

Video

Install Flash Player plugin

Find out more: From The Labs: A look at...

All videos
Most popular videos
Latest videos

Microsoft Windows 7 Special Report Special Report

How Microsoft can make Windows 7 a success

Comment Many businesses have given Vista a wide berth; Microsoft must focus on five areas to make sure Windows 7 doesn't suffer the same fate, argues TechRepublic's Jason Hiner