Microsoft releases three critical security bulletins for December
Takeaway: For December's Patch Tuesday, Microsoft released seven security bulletins, rating three of them as critical. In this edition of the IT Locksmith, John McCormick has the details about this month's security bulletins.
For this month's Patch Tuesday, Microsoft released seven security bulletins, three of which it's rated as critical. (The remaining four updates address important threats.) However, the pair of zero-day threats for Microsoft Word remains unpatched.
Details
Redmond released seven security bulletins for December's Patch Tuesday, rating three as critical. But critical Word vulnerabilities are still unpatched—keep an eye on this article's discussion and TechRepublic's Security blog in case Microsoft decides to release an emergency patch. In the meantime, let's take a look at this month's updates, in order of risk.
MS06-078
Microsoft Security Bulletin MS06-078, "Vulnerability in Windows Media Format Could Allow Remote Code Execution," addresses two vulnerabilities:
- Windows Media Format ASF Parsing Vulnerability (CVE-2006-4702)
- Windows Media Format ASX Parsing Vulnerability (CVE-2006-6134)
This is a critical threat for all affected platforms and versions, which include Windows Media Player 6.4 on all operating systems, Windows 2000 SP4, all versions of Windows XP, and most versions of Windows Server 2003 (except Itanium-based systems). This update does not affect Windows Vista.
While the best workaround for the second vulnerability is to install Media Format 11, this isn't among the recommended workarounds for the first threat. Blocking ActiveX controls via the kill bit in the registry will stop both attacks.
There are no significant mitigating factors, so this patch is probably the most important of this month's batch.
MS06-072
Microsoft Security Bulletin MS06-072, "Cumulative Security Update for Internet Explorer," is another one of the periodic collective updates for the IE browser, and it isn't critical for a number of platforms. This update addresses four problems:
- Script Error Handling Memory Corruption Vulnerability (CVE-2006-5579)
- DHTML Script Function Memory Corruption Vulnerability (CVE-2006-5581)
- TIF Folder Information Disclosure Vulnerability (CVE-2006-5578)
- TIF Folder Information Disclosure Vulnerability (CVE-2006-5577)
The first two are remote code execution threats, and the latter two are information disclosure threats.
While the cumulative threat rating is critical, this update is only critical for IE6 Service Pack 1 on Windows 2000 SP4 and IE6 on Windows XP SP2. It's an important threat for IE5.01 SP4 on Windows 2000 SP4, and it's a moderate threat for IE6 on Windows Server 2003 and Windows Server 2003 SP1. This update does not affect IE7.
MS06-073
Microsoft Security Bulletin MS06-073, "Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution," addresses a critical remote code execution threat that comes from the WMI Object Broker Vulnerability (CVE-2006-4704). This is a publicly disclosed threat, and there have been reports that attackers are actively exploiting this vulnerability.
This update applies to only some versions of Visual Studio 2005 (not all installations): Visual Studio 2005 Standard Edition, Visual Studio 2005 Professional Edition, Visual Studio 2005 Team Suite, Visual Studio 2005 Team Edition for Developers, Visual Studio 2005 Team Edition for Architects, and Visual Studio 2005 Team Edition for Testers.
MS06-074
Microsoft Security Bulletin MS06-074, "Vulnerability in SNMP Could Allow Remote Code Execution," addresses the SNMP Memory Corruption Vulnerability (CVE-2006-5583).
This is an important threat for all affected versions, including Windows 2000 SP4, all versions of Windows XP, and all versions of Windows Server 2003. It does not affect Windows Vista.
Even though this is a remote code execution threat, Microsoft has only rated it important because you can use firewall best practices to block the threat. A simple workaround is to block UDP port 161, which is the port that allows a connection with the affected component.
MS06-075
Microsoft Security Bulletin MS06-075, "Vulnerability in Windows Could Allow Elevation of Privilege," addresses the File Manifest Corruption Vulnerability (CVE-2006-5585).
This update only affects Windows XP SP2, Windows Server 2003, and Windows Server 2003 for Itanium-based systems. It is an important threat for all affected platforms.
An attacker must have valid logon credentials to successfully launch an attack. In addition, attackers can't exploit this vulnerability remotely.
MS06-076
Microsoft Security Bulletin MS06-076, "Cumulative Security Update for Outlook Express," addresses the Windows Address Book Contact Record Vulnerability (CVE-2006-2386).
This is an important threat for all affected versions. While it's obviously only a problem for those using Outlook Express, it affects all currently supported platforms with the exception of Windows Vista. This bulletin replaces Microsoft Security Bulletin MS06-016 for all platforms, and it replaces Microsoft Security Bulletin MS06-043 for Outlook Express 6 on all versions of Windows XP SP2 and Windows Server 2003 SP1.
There is an available registry workaround that only marginally affects how the Outlook Express Address Book works. See the security bulletin for more details.
MS06-077
Microsoft Security Bulletin MS06-077, "Vulnerability in Remote Installation Service Could Allow Remote Code Execution," addresses the RIS Writable Path Vulnerability (CVE-2006-5584). This update only affects Windows 2000 SP4; it is an important threat.
A major mitigating factor is that Windows 2000 SP 4 doesn't install the Remote Install Service by default. There are known issues that result from applying this patch. See Microsoft Knowledge Base article 926121 for more details.
Final word
While seven security bulletins may seem like a lot, many of the updates only apply to a small number of users. So, the bigger issue seems to be the major Microsoft threats that are still unpatched—those actual bulletins we can apply are pretty limited threats, and they shouldn't interfere too much with your office holiday party.
Miss a column?
Check out the IT Locksmith Archive, and catch up on the most recent editions of John McCormick's column.
Want to stay on top of the latest security updates? Automatically sign up for our free IT Locksmith newsletter, delivered each Tuesday!
John McCormick is a security consultant and well-known author in the field of IT, with more than 17,000 published articles. He has written the IT Locksmith column for TechRepublic for more than four years.
Print/View all Posts Comments on this article
 Have a happy holiday seasonTech Locksmith | 12/20/06 |
 Is there any thing else..mrjunaidali@... | 12/22/06 |
SponsoredWhite Papers, Webcasts, and Downloads
- Simple Tricks to Ace the Subnetting Portion of Any Certification Exam Global Knowledge
- ITIL Version 3.0 -- What It Means to You Global Knowledge
- The Case for Virtual Local Area Networks (VLANs) Global Knowledge
- CCNA v2.0 Review Global Knowledge
- Preparing for and Taking the PMP Certification Exam Global Knowledge
Article Categories
- Security
- Security Solutions, IT Locksmith
- Networking and Communications
- E-mail Administration NetNote, Cisco Routers and Switches
- CIO and IT Management
- Project Management, CIO Issues, Strategies that Scale
- Desktops, Laptops & OS
- Windows 2000 Professional, Microsoft Word, Microsoft Excel, Microsoft Access, Windows XP,
- Data Management
- Oracle, SQL Server
- Servers
- Windows NT, Linux NetNote, Windows Server 2003
- Career Development
- Geek Trivia
- Software/Web Development
- Web Development Zone, Visual Basic, .NET
