Microsoft Security Bulletin Summary for November, 2006

Revision Note: Bulletin Published.Summary: Bulletin Summary for November, 2006

MS06-020: Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433) - Version:1.1

Severity Rating: Critical - Revision Note: Bulletin revised to call out Microsoft Windows XP Professional x64 Edition as affected software. The Download Center Web page as well as all Microsoft detection and deployment software have, since the initial release of the security bulletin, included this Windows version among the affected software.Summary: This update resolves publicly reported vulnerabilities. The vulnerabilities are documented in the Vulnerability Details section of this bulletin. These...

MS06-069: Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789) - Version:1.1

Severity Rating: Critical - Revision Note: Bulletin revised to clarify that this security update installs Flash6.ocx version 6.0.88.0 and removes the version of Flash.ocx it is replacing.Summary: This update resolves a privately reported vulnerability in Macromedia Flash Player from Adobe, version 6.0.84.0 and earlier. Macromedia Flash Player is a third party software application that also was redistributed with Microsoft Windows XP Service Pack 2 and Microsoft Windows XP Professional x64 Edition...

Microsoft Security Advisory (930181): Exploit Code Published Affecting Windows Client Server Run-Time Subsystem

Revision Note: Advisory published.Summary: Security Advisory

MS06-033: Vulnerability in ASP.NET Could Allow Information Disclosure (917283) - Version:1.3

Severity Rating: Important - Revision Note: Bulletin updated " Caveats" Section and " What are the known issues that customers may experience when they install this security update?" under the " Frequently Asked Questions (FAQ) Related to This Security Update" section.Summary: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. This vulnerability could allow an attacker to bypass ASP.Net...

MS06-039: Vulnerability in Microsoft Office Could Allow Remote Code Execution (915384) - Version:1.2

Severity Rating: Critical - Revision Note: Bulletin updated to provide clarity "Affected Software" in the "Tested Software and Security Update Download Location" section.Summary: This update resolves two newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own "Vulnerability Details" section in this bulletin. On vulnerable versions of Office, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could...

MS06-056: Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770) - Version:1.3

Severity Rating: Moderate - Revision Note: Bulletin updated "Caveats" Section and "What are the known issues that customers may experience when they install this security update?" under the "Frequently Asked Questions (FAQ) Related to This Security Update" section.Summary: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. The vulnerability could allow an attacker to gain unauthorized...

Microsoft Security Advisory (929433): Vulnerability in Microsoft Word Could Allow Remote Code Execution

Revision Note: Advisory updated to provide additional clarity around the investigation.Summary: Security Advisory

Microsoft Security Advisory (927709): Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution

Revision Note: Advisory updated to reflect publication of security bulletin.Summary: Microsoft is investigating public reports of a vulnerability in Visual Studio 2005

MS06-059: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164) - Version:2.0

Severity Rating: Critical - Revision Note: Bulletin updated has been revised and re-released for Microsoft Excel 2002 to address the issues identified in Microsoft Knowledge Base Article 924164.Summary: This update resolves several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section. When using vulnerable versions of Office, if a user were logged on

MS06-073: Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674) - Version:1.0

Severity Rating: Critical - Revision Note: Bullet PublishedSummary: There is a vulnerability in Visual Studio 2005 that could allow remote code execution.

MS06-074: Vulnerability in SNMP Could Allow Remote Code Execution (926247) - Version:1.0

Severity Rating: Important - Revision Note: Bulletin PublishedSummary: Vulnerability in SNMP Could Allow Remote Code Execution (926247)

MS06-075: Vulnerability in Windows Could Allow Elevation of Privilege (926255) - Version:1.0

Severity Rating: Important - Revision Note: Bulletin Published.Summary: Microsoft Security Bulletin MS06-075: Vulnerability in Windows Could Allow Elevation of Privilege (926255)

MS06-077: Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121) - Version:1.0

Severity Rating: Important - Revision Note: Bulletin PublishedSummary: Microsoft Security Bulletin MS06-077: Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)

Microsoft Security Bulletin Summary for December, 2006

Revision Note: Bulletin Published.Summary: Bulletin Summary for December, 2006

MS06-071: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088) - Version:1.2

Severity Rating: Critical - Revision Note: Bulletin Updated: removed the “:” in the command line options for the /log switch.Summary: A remote code execution vulnerability exists in the Microsoft XML Core Services (MSXML) implementation in Microsoft Windows.

MS06-072: Cumulative Security Update for Internet Explorer (925454) - Version:1.1

Severity Rating: Critical - Revision Note: Bulletin revised to correct the file manifests for Windows XP Professional x64 Edition, Windows Server 2003 x64 Edition, Windows Server 2003 for Itanium-based Systems, and Windows Server 2003 with SP1 for Itanium-based Systems.Summary: This update resolves several newly discovered vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. If a user is logged on with administrative user...

MS06-076: Cumulative Security Update for Outlook Express (923694) - Version:1.1

Severity Rating: Important - Revision Note: Bulletin updated to modify the “File Information” for Windows Server 2003 in the “Security Update Information” section.Summary: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. We recommend that customers should apply the update at the earliest opportunity.

MS06-012: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413) - Version:1.5

Severity Rating: Critical - Revision Note: Bulletin Updated to provide additional clarity for " What updates does this release replace?" for Microsoft Outlook in the " Frequently asked questions (FAQ) related to this security update" section.Summary: This update resolves several newly-discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin. On vulnerable versions of Office, if a user is...

MS06-078: Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689) - Version:2.1

Severity Rating: Critical - Revision Note: Bulletin updated to provide additional clarity around file versions in the " I’ve installed the Windows Media Format Runtime security update. What version of Windows Media Format Runtime should I have installed?" in the " Frequently Asked Questions (FAQ) Related to this Security Update" section.Summary: This update resolves two newly discovered vulnerabilities. These vulnerabilities are documented in the "Vulnerability Details" section of this bulletin...