Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Journal SkiifGeek's Journal: Microsoft (Multiple) - Remote Hacker Automatic Control

Microsoft (Multiple) - Remote Hacker Automatic Control

        -- Products Affected --
        Windows 2000, XP, 2003
        Internet Explorer
        Visual Studio

        -- Technical Description --
        MS06-072 - Internet Explorer cumulative update. Arbitrary code execution affecting DHTML and active scripting, information disclosure affecting Temporary Internet Files (TIF) folder. Critical.
        MS06-073 - Visual Studio 2005. Arbitrary code execution due to WMI Object Broker ActiveX control. Critical.
        MS06-074 - SNMP implementation error can lead to arbitrary code execution. Important.
        MS06-075 - File Manifest Corruption leading to Privilege Escalation. Important.
        MS06-076 - Outlook Express arbitrary code execution at the local user level. Important.
        MS06-077 - Remote Installation Service arbitrary code execution (Windows 2000 ONLY). Important.
        MS06-078 - Windows Media Format remote arbitrary code execution. This is the .asx playlist issue brought to light in the last couple of weeks, along with another issue. Critical.

        -- Description --
        Microsoft delivered seven patches, instead of the expected six, with the December Security Update released today. Even though less than half of the patches are rated as Critical, almost all vulnerabilities can lead to arbitrary code execution for at least some end users. Notable by omission are the most recent Microsoft Word vulnerabilities for which there are targeted exploit attempts in use.

        -- Recommended Action --
        All users and administrators should apply the updates at the earliest opportunity.

        -- Source --

        -- Updates Available --

        -- External Tracking Data --
        CVE-ID: CVE-2006-5579 (MS06-072)
        CVE-ID: CVE-2006-5581 (MS06-072)
        CVE-ID: CVE-2006-5578 (MS06-072)
        CVE-ID: CVE-2006-5577 (MS06-072)
        CVE-ID: CVE-2006-4704 (MS06-073)
        CVE-ID: CVE-2006-5583 (MS06-074)
        CVE-ID: CVE-2006-5585 (MS06-075)
        CVE-ID: CVE-2006-2386 (MS06-076)
        CVE-ID: CVE-2006-5584 (MS06-077)
        CVE-ID: CVE-2006-4702 (MS06-078)
        CVE-ID: CVE-2006-6134 (MS06-078)

        -- Threat Matrix --
                        U O
        Home User 10 10 (Highly Critical)
        Corporate 10 10 (Highly Critical)

This discussion has been archived. No new comments can be posted.

Microsoft (Multiple) - Remote Hacker Automatic Control

Comments Filter:

God made machine language; all the rest is the work of man.