GFI Software - LanGuard reports

Supported Microsoft Security Bulletins

More information on 2006 updates

Bulletin ID: MS06-073	Title: Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674)	Update Type: Security Update	Severity: Critical	Date: 2006-12-13
Description: This update resolves a public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-4704	Included Updates: 925674	Applies to: Visual Studio 2005

Bulletin ID: MS06-077	Title: Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)	Update Type: Security Update	Severity: Important	Date: 2006-12-12
Description: This update resolves a privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-5584	Included Updates: 926121	Applies to: Windows 2000

Bulletin ID: MS06-076	Title: Cumulative Security Update for Outlook Express (923694)	Update Type: Security Update	Severity: Important	Date: 2006-12-12
Description: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-2386	Included Updates: 923694	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-075	Title: Vulnerability in Windows Could Allow Elevation of Privilege (926255)	Update Type: Security Update	Severity: Important	Date: 2006-12-12
Description: This update resolves a privately identified vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-5585	Included Updates: 926255	Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP

Bulletin ID: MS06-074	Title: Vulnerability in SNMP Could Allow Remote Code Execution (926247)	Update Type: Security Update	Severity: Important	Date: 2006-12-12
Description: This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-5583	Included Updates: 926247	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-066	Title: Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980)	Update Type: Security Update	Severity: Important	Date: 2006-12-12
Description: This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-4688 CVE-2006-4689	Included Updates: 923980	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP

Bulletin ID: MS06-061	Title: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191)	Update Type: Security Update	Severity: Critical	Date: 2006-12-12
Description: This update resolves two newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-4685 CVE-2006-4686	Included Updates: 924191 924424 925672 925673	Applies to: Office 2003 SQL Server Feature Pack Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows Vista Windows XP Windows XP x64 Edition

Bulletin ID: MS06-059	Title: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164)	Update Type: Security Update	Severity: Critical	Date: 2006-12-12
Description: This update addresses several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Vulnerabilities: CVE-2006-2387 CVE-2006-3431 CVE-2006-3867 CVE-2006-3875	Included Updates: 923088 923089 923275 924164	Applies to: Office 2002/XP Office 2003

Bulletin ID: MS06-005	Title: Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)	Update Type: Security Update	Severity: Critical	Date: 2006-11-28
Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-0006	Included Updates: 911565	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP

Bulletin ID: MS06-070	Title: Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)	Update Type: Security Update	Severity: Critical	Date: 2006-11-14
Description: This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-4691	Included Updates: 924270	Applies to: Windows 2000 Windows XP

Bulletin ID: MS06-055	Title: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486)	Update Type: Security Update	Severity: Critical	Date: 2006-11-14
Description: This update resolves a public vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-4868	Included Updates: 925486	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-065	Title: Vulnerability in Windows Object Packager Could Allow Remote Execution (924496)	Update Type: Security Update	Severity: Moderate	Date: 2006-10-10
Description: This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-4692	Included Updates: 924496	Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-064	Title: Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819)	Update Type: Security Update	Severity: Low	Date: 2006-10-10
Description: This update resolves a publicly disclosed vulnerability as well as additional issues discovered through internal investigations.
Vulnerabilities: CVE-2004-0230 CVE-2004-0790 CVE-2005-0688	Included Updates: 922819	Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-063	Title: Vulnerability in Server Service Could Allow Denial of Service and Remote Code Execution (923414)	Update Type: Security Update	Severity: Important	Date: 2006-10-10
Description: This update resolves publicly and privately reported vulnerabilities. The vulnerabilities are documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-3942 CVE-2006-4696	Included Updates: 923414	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-062	Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)	Update Type: Security Update	Severity: Critical	Date: 2006-10-10
Description: This update addresses several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Vulnerabilities: CVE-2006-3434 CVE-2006-3650 CVE-2006-3864 CVE-2006-3868	Included Updates: 922581 923272 923273	Applies to: Office 2002/XP Office 2003

Bulletin ID: MS06-060	Title: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)	Update Type: Security Update	Severity: Critical	Date: 2006-10-10
Description: This update addresses several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Vulnerabilities: CVE-2006-3647 CVE-2006-3651 CVE-2006-4534 CVE-2006-4693	Included Updates: 920817 923094 923276 924554	Applies to: Office 2002/XP Office 2003

Bulletin ID: MS06-058	Title: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)	Update Type: Security Update	Severity: Critical	Date: 2006-10-10
Description: This update addresses several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Vulnerabilities: CVE-2006-3435 CVE-2006-3876 CVE-2006-3877 CVE-2006-4694	Included Updates: 923091 923092 924163	Applies to: Office 2002/XP Office 2003

Bulletin ID: MS06-057	Title: Vulnerability in Windows Explorer Could Allow Remote Execution (923191)	Update Type: Security Update	Severity: Critical	Date: 2006-10-10
Description: This update resolves a newly discovered, publicly reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-3730	Included Updates: 923191	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-056	Title: Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770)	Update Type: Security Update	Severity: Moderate	Date: 2006-10-10
Description: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-3436	Included Updates: 922770	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS05-030	Title: Vulnerability in Outlook Express Could Allow Remote Code Execution (897715)	Update Type: Security Update	Severity: Important	Date: 2006-10-10
Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Vulnerabilities: CAN-2005-1213	Included Updates: 897715	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP

Bulletin ID: MS06-049	Title: Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958)	Update Type: Security Update	Severity: Important	Date: 2006-09-26
Description: This update resolves a newly discovered, publicly reported vulnerability and additional issues discovered through internal investigations.
Vulnerabilities: CVE-2006-3444	Included Updates: 920958	Applies to: Windows 2000

Bulletin ID: MS05-021	Title: Vulnerability in Exchange Server Could Allow Remote Code Execution (894549)	Update Type: Security Update	Severity: Critical	Date: 2006-09-26
Description: This update resolves a newly-discovered, privately-reported vulnerability in Microsoft Exchange Server that could allow an attacker to run arbitrary code on the system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Vulnerabilities: CAN-2005-0560	Included Updates: 894549	Applies to: Exchange 2000 Server Exchange Server 2003

Bulletin ID: MS06-054	Title: Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729)	Update Type: Security Update	Severity: Critical	Date: 2006-09-12
Description: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-0001	Included Updates: 894541 894542 910729	Applies to: Office 2002/XP Office 2003

Bulletin ID: MS06-053	Title: Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685)	Update Type: Security Update	Severity: Moderate	Date: 2006-09-12
Description: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-0032	Included Updates: 920685	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-052	Title: Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007)	Update Type: Security Update	Severity: Important	Date: 2006-09-12
Description: This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-3442	Included Updates: 919007	Applies to: Windows XP

Bulletin ID: MS06-042	Title: Cumulative Security Update for Internet Explorer (918899)	Update Type: Security Update	Severity: Critical	Date: 2006-09-12
Description: This update resolves several newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin.
Vulnerabilities: CVE-2004-1166 CVE-2006-3280 CVE-2006-3450 CVE-2006-3451 CVE-2006-3637 CVE-2006-3638 CVE-2006-3639 CVE-2006-3640 CVE-2006-3869 CVE-2006-3873	Included Updates: 918899	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-040	Title: Vulnerability in Server Service Could Allow Remote Code Execution (921883)	Update Type: Security Update	Severity: Critical	Date: 2006-09-12
Description: This update resolves a privately disclosed vulnerability as well as additional issues discovered through internal investigations.
Vulnerabilities: CVE-2006-3439	Included Updates: 921883	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-038	Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)	Update Type: Security Update	Severity: Critical	Date: 2006-09-12
Description: This update resolves several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Vulnerabilities: CVE-2006-1316 CVE-2006-1318 CVE-2006-1540 CVE-2006-2389	Included Updates: 917150 917151 917284	Applies to: Office 2002/XP Office 2003

Bulletin ID: MS06-034	Title: Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)	Update Type: Security Update	Severity: Important	Date: 2006-09-12
Description: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-0026	Included Updates: 917537	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-051	Title: Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422)	Update Type: Security Update	Severity: Critical	Date: 2006-08-08
Description: This update resolves newly discovered, privately reported vulnerabilities and additional issues discovered through internal investigations.
Vulnerabilities: CVE-2006-3443 CVE-2006-3648	Included Updates: 917422	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-050	Title: Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)	Update Type: Security Update	Severity: Important	Date: 2006-08-08
Description: This update resolves two newly discovered vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-3086 CVE-2006-3438	Included Updates: 920670	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-048	Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968)	Update Type: Security Update	Severity: Critical	Date: 2006-08-08
Description: This update resolves two newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Vulnerabilities: CVE-2006-3449 CVE-2006-3590	Included Updates: 921566 921567 922968	Applies to: Office 2002/XP Office 2003

Bulletin ID: MS06-047	Title: Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645)	Update Type: Security Update	Severity: Critical	Date: 2006-08-08
Description: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-3649	Included Updates: 920821 921645	Applies to: Office 2002/XP

Bulletin ID: MS06-046	Title: Vulnerability in HTML Help Could Allow Remote Code Execution (922616)	Update Type: Security Update	Severity: Critical	Date: 2006-08-08
Description: This update resolves a newly discovered, publicly reported vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CAN-2006-3357 CVE-2006-3357	Included Updates: 922616	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-045	Title: Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)	Update Type: Security Update	Severity: Important	Date: 2006-08-08
Description: This update resolves a newly-discovered, publicly-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-3281	Included Updates: 921398	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-044	Title: Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008)	Update Type: Security Update	Severity: Critical	Date: 2006-08-08
Description: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-3643	Included Updates: 917008	Applies to: Windows 2000

Bulletin ID: MS06-043	Title: Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)	Update Type: Security Update	Severity: Critical	Date: 2006-08-08
Description: This update resolves a newly-discovered, publicly-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin
Vulnerabilities: CVE-2006-2766	Included Updates: 920214	Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-041	Title: Vulnerabilities in DNS Resolution Could Allow Remote Code Execution (920683)	Update Type: Security Update	Severity: Critical	Date: 2006-08-08
Description: This update resolves several newly discovered, privately reported, vulnerabilities.
Vulnerabilities: CVE-2006-3440 CVE-2006-3441	Included Updates: 920683	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-037	Title: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)	Update Type: Security Update	Severity: Critical	Date: 2006-08-08
Description: This update resolves several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Vulnerabilities: CVE-2006-1301 CVE-2006-1302 CVE-2006-1304 CVE-2006-1306 CVE-2006-1308 CVE-2006-1309 CVE-2006-2388 CVE-2006-3059	Included Updates: 917285 918419 918420 918425	Applies to: Office 2002/XP Office 2003

Bulletin ID: MS06-036	Title: Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)	Update Type: Security Update	Severity: Critical	Date: 2006-07-11
Description: This update resolves a newly discovered, privately reported vulnerability as well as additional issues discovered through internal investigations. The privately reported vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-2372	Included Updates: 914388	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-035	Title: Vulnerability in Server Service Could Allow Remote Code Execution (917159)	Update Type: Security Update	Severity: Critical	Date: 2006-07-11
Description: This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-1314 CVE-2006-1315	Included Updates: 917159	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-033	Title: Vulnerability in ASP.NET Could Allow Information Disclosure (917283)	Update Type: Security Update	Severity: Important	Date: 2006-07-11
Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-1300	Included Updates: 917283	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-028	Title: Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)	Update Type: Security Update	Severity: Critical	Date: 2006-07-11
Description: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in this bulletin in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-0022	Included Updates: 916518 916519 916768	Applies to: Office 2002/XP Office 2003

Bulletin ID: MS06-027	Title: Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)	Update Type: Security Update	Severity: Critical	Date: 2006-07-11
Description: This update resolves a newly discovered, public vulnerability. The vulnerability is documented in this bulletin in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-2492	Included Updates: 917334 917335 917336 917346	Applies to: Office 2002/XP Office 2003

Bulletin ID: MS06-025	Title: Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)	Update Type: Security Update	Severity: Critical	Date: 2006-06-27
Description: This update resolves several newly discovered, privately reported vulnerability. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-2370 CVE-2006-2371	Included Updates: 911280	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-020	Title: Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433)	Update Type: Security Update	Severity: Critical	Date: 2006-06-27
Description: This update resolves publicly reported vulnerabilities. The vulnerabilities are documented in the "Vulnerability Details" section of this bulletin. These vulnerabilities are also documented in Macromedia Security Bulletin MPSB05-07 for customers using Flash Player 5 and 6. Customers who have installed Flash Player 7 and higher are advised to download the latest version from the Adobe website. Customers that have followed the guidance in Adobe Security Bulletin APSB06-03 are not at risk from the vulnerability.
Vulnerabilities: CVE-2005-2628 CVE-2006-0024	Included Updates: 913433	Applies to: Windows XP Windows XP x64 Edition

Bulletin ID: MS06-032	Title: Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)	Update Type: Security Update	Severity: Important	Date: 2006-06-13
Description: This update resolves a privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-2379	Included Updates: 917953	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-031	Title: Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736)	Update Type: Security Update	Severity: Moderate	Date: 2006-06-13
Description: This update resolves a newly discovered, privately reported vulnerability. A spoofing vulnerability exists in the RPC service that could enable an attacker to spoof trusted network resource. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-2380	Included Updates: 917736	Applies to: Windows 2000

Bulletin ID: MS06-030	Title: Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)	Update Type: Security Update	Severity: Important	Date: 2006-06-13
Description: This update resolves several newly discovered, privately reported vulnerability. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-2373 CVE-2006-2374	Included Updates: 914389	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-024	Title: Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)	Update Type: Security Update	Severity: Critical	Date: 2006-06-13
Description: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-0025	Included Updates: 917734	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-023	Title: Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)	Update Type: Security Update	Severity: Critical	Date: 2006-06-13
Description: This update resolves a newly discovered vulnerability. A remote code execution vulnerability exists in Microsoft JScript that could allow an attacker to take complete control of an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-1313	Included Updates: 917344	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-022	Title: Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)	Update Type: Security Update	Severity: Critical	Date: 2006-06-13
Description: This update resolves a newly discovered, privately reported vulnerability. A remote code execution vulnerability exists in the way AOL ART images are handled. This vulnerability could allow an attacker to take complete control of an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-2378	Included Updates: 918439	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-018	Title: Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580)	Update Type: Security Update	Severity: Moderate	Date: 2006-06-13
Description: This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-0034 CVE-2006-1184	Included Updates: 913580	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP

Bulletin ID: MS06-011	Title: Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798)	Update Type: Security Update	Severity: Important	Date: 2006-06-13
Description: This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CAN-2006-0023 CVE-2006-0023	Included Updates: 914798	Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP

Bulletin ID: MS06-017	Title: Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)	Update Type: Security Update	Severity: Moderate	Date: 2006-04-11
Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-0015	Included Updates: 908981 911701 917627	Applies to: Office 2002/XP Windows Server 2003 Windows Server 2003, Datacenter Edition

Bulletin ID: MS06-016	Title: Cumulative Security Update for Outlook Express (911567)	Update Type: Security Update	Severity: Important	Date: 2006-04-11
Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-0014	Included Updates: 911567	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS04-018	Title: Cumulative Security Update for Outlook Express (823353)	Update Type: Security Update	Severity: Moderate	Date: 2006-04-11
Description: This update resolves a public vulnerability. A denial of service vulnerability exists in Outlook Express because of a lack of robust verification for malformed e-mail headers. The vulnerability is documented in the Vulnerability Details section of this bulletin. This update also changes the default security settings for Outlook Express 5.5 Service Pack 2 (SP2). This change is documented in the Frequently Asked Questions related to this security update section of this bulletin.
Vulnerabilities: CAN-2004-0215	Included Updates: 823353	Applies to: Windows 2000 Windows XP

Bulletin ID: MS06-012	Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)	Update Type: Security Update	Severity: Critical	Date: 2006-03-14
Description: This update resolves several newly-discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2005-4131 CVE-2006-0009 CVE-2006-0028 CVE-2006-0029 CVE-2006-0030 CVE-2006-0031	Included Updates: 905413 905649 905754 905755 905756 905758 914451	Applies to: Office 2002/XP Office 2003

Bulletin ID: MS06-007	Title: Vulnerability in TCP/IP Could Allow Denial of Service (913446)	Update Type: Security Update	Severity: Important	Date: 2006-02-15
Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:	Included Updates: 913446	Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-009	Title: Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)	Update Type: Security Update	Severity: Important	Date: 2006-02-14
Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-0008	Included Updates: 901190 905645 909115 909118	Applies to: Office 2003 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-008	Title: Vulnerability in Web Client Service Could Allow Remote Code Execution (911927)	Update Type: Security Update	Severity: Important	Date: 2006-02-14
Description: This update resolves a newly-discovered, privately-reported vulnerability.
Vulnerabilities: CVE-2006-0013	Included Updates: 911927	Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-006	Title: Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)	Update Type: Security Update	Severity: Important	Date: 2006-02-14
Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2006-0005	Included Updates: 911564	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS03-042	Title: Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232)	Update Type: Security Update	Severity: Critical	Date: 2006-02-14
Description: Microsoft re-issued this bulletin on October 29, 2003 to advise on the availability of an updated Windows 2000 patch. This revised patch corrects the Debug Programs (SeDebugPrivilege) user right issue that some customers experienced with the original patch that is discussed in Knowledge Base Article 830846. This problem is unrelated to the security vulnerability discussed in this bulletin. If you have previously applied this security patch, this update does not need to be installed.
Vulnerabilities:	Included Updates: 826232	Applies to: Windows 2000

Bulletin ID: MS06-003	Title: Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)	Update Type: Security Update	Severity: Critical	Date: 2006-01-10
Description: This update resolves a newly-discovered, privately-reported vulnerability that could allow an attacker to run arbitrary code on the system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Vulnerabilities: CVE-2006-0002	Included Updates: 892841 892843 894689 902412	Applies to: Exchange 2000 Server Office 2002/XP Office 2003

Bulletin ID: MS06-002	Title: Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)	Update Type: Security Update	Severity: Critical	Date: 2006-01-10
Description: This update resolves a newly-discovered, privately-reported vulnerability.
Vulnerabilities: CVE-2006-0010	Included Updates: 908519	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition

Bulletin ID: MS06-001	Title: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)	Update Type: Security Update	Severity: Critical	Date: 2006-01-05
Description: This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities: CVE-2005-4560	Included Updates: 912919	Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition