Want CNET to notify you of price drops and the latest stories?
No, thank you Accept
X
Apple WWDC: What We ExpectBest Mattress DealsAssessing Viral Sleep HacksNetflix Password SharingMeal Subscription vs. TakeoutBest Solar CompaniesVerizon 5G Home InternetBest Credit Cards

Microsoft fixes 26 flaws with 10 patches

Microsoft fixes 26 flaws with 10 patches

lgvamosir.jpg
lgvamosir.jpg
Robert Vamosi Former Editor
As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.
See full bio
Robert Vamosi
4 min read
Microsoft has released its October 2006 security bulletin, which includes 10 updates: 6 are listed as Critical, 1 Important, 2 Moderate, and 1 Low. Four critical updates this month are specific to Microsoft Office. Users of Windows 98 and Windows Me will notice that Microsoft no longer offers technical support for these two operating systems, nor does Microsoft continue to provide technical support for users of Windows XP SP1. To keep your Windows 98 and Me systems secure, see our roundup of compatible third-party security applications. To keep your Windows XP SP1 system secure, update to Windows XP SP2 today. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS06-056: Moderate

Entitled "Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770)," this bulletin affects users of Microsoft .Net Framework 2.0 for the following operating system versions: Microsoft Windows 2000 (SP4), Microsoft Windows XP (SP1 or 2, x64 edition, Tablet PC, Media Center), and Microsoft Windows Server 2003 (SP1, Itanium-based Systems, and x64 edition), and addresses the vulnerability detailed in CVE-2006-3436. Successful exploitation could lead to information disclosure.

MS06-057: Critical

Entitled "Vulnerability in Windows Explorer Could Allow Remote Execution (923191)," this bulletin affects users of Microsoft Windows 2000 (SP4), Microsoft Windows XP (SP1, SP2, and x64 edition) and Microsoft Windows Server 2003 (SP1, for Itanium-based Systems, and x64 Edition), and addresses the vulnerability detailed in CVE-2006-3730. Successful exploitation could lead to remote exploitation.

MS06-058: Critical

Entitled "Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)," this bulletin affects users of Microsoft Office 2000 (SP3), Microsoft PowerPoint 2000, Microsoft Office XP (SP3), Microsoft PowerPoint 2000, Microsoft Office 2003 (SP1 or SP2), Microsoft Office PowerPoint 2003, Microsoft Office 2004 for Mac, Microsoft PowerPoint 2004 for Mac, Microsoft Office v. X for Mac, Microsoft PowerPoint v. X for Mac, and addresses the vulnerabilities detailed in CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. Successful exploitation could lead to remote code execution.

MS06-059: Critical

Entitled " Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164) this bulletin affects users of Microsoft Office 2000 Service Pack 3, Microsoft Excel 2000, Microsoft Office XP Service Pack 3, Microsoft Excel 2002, Microsoft Office 2003 (SP1 or 2), Microsoft Office Excel 2003, Microsoft Office Excel Viewer 2003, Microsoft Office 2004 for Mac, Microsoft Excel 2004 for Mac, Microsoft Office X for Mac, Microsoft Excel X for Mac, Microsoft Works Suite 2004, Microsoft Works Suite 2005, and Microsoft Works Suite 2006, and addresses the vulnerabilities detailed in CVE-2006-2387, CVE-2006-3431, CVE-2006-3867, and CVE-2006-3875. Successful exploitation could lead to remote code execution.

MS06-060: Critical

Entitled "Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)," this bulletin affects users of Microsoft Office 2000 (SP3), Microsoft Word 2000, Microsoft Office XP (SP3), Microsoft Word 2002, Microsoft Office 2003 (SP1 or SP2), Microsoft Office Word 2003, Microsoft Office Word 2003 Viewer, Microsoft Works Suite 2004, Microsoft Works Suite 2005, Microsoft Works Suite 2006, Microsoft Office 2004 for Mac, and Microsoft Office X for Mac, and addresses the vulnerabilities detailed in CVE-2006-3647, CVE-2006-3651, CVE-2006-4534, and CVE-2006-4693. Successful exploitation could lead to remote code execution.

MS06-061: Critical

Entitled "Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191)," this bulletin affects users of Microsoft XML Parser 2.6 and Office 2003, and does not affect users of Windows 2000 (SP4) running Microsoft XML Core Services 2.5, Microsoft Windows XP (SP1 or SP2) running Microsoft XML Core Services 2.5, Microsoft Windows Server 2003 running Microsoft XML Core Services 2.5, and Microsoft Windows Server 2003 Service Pack 1 running Microsoft XML Core Services 2.5, and addresses the vulnerabilities detailed in CVE-2006-4685 and CVE-2006-4686. Successful exploitation could lead to remote code execution.

MS06-062: Critical

Entitled "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)," this bulletin affects users of Microsoft Office 2000 SP3, Microsoft Access 2000, Microsoft Excel 2000, Microsoft FrontPage 2000, Microsoft Outlook 2000, Microsoft PowerPoint 2000, Microsoft Publisher 2000, Microsoft Word 2000, Microsoft Office XP (SP3) Microsoft Access 2002, Microsoft Excel 2002, Microsoft FrontPage 2002, Microsoft Outlook 2002, Microsoft PowerPoint 2002, Microsoft Publisher 2002, Microsoft Visio 2002, Microsoft Word 2002, Microsoft Office 2003 (SP1 or SP2), Microsoft Access 2003, Microsoft Excel 2003, Microsoft Excel 2003 Viewer, Microsoft FrontPage 2003, Microsoft InfoPath 2003, Microsoft OneNote 2003, Microsoft Outlook 2003, Microsoft PowerPoint 2003, Microsoft Project 2003, Microsoft Publisher 2003, Microsoft Visio 2003, Microsoft Word 2003, Microsoft Word 2003 Viewer, Microsoft Project 2000 (SP1), Microsoft Project 2002 (SP1), Microsoft Visio 2002 (SP2), Microsoft Office 2004 for Mac, and Microsoft Office X for Mac; it does not affect Microsoft PowerPoint 2003 Viewer, Microsoft Works Suites, Microsoft Works Suite 2004, Microsoft Works Suite 2005, and Microsoft Works Suite 2006, and addresses the vulnerabilities detailed in CVE-2006-3434, CVE-2006-3650, CVE-2006-3864, and CVE-2006-3868. Successful exploitation could lead to remote code execution.

MS06-063: Important

Entitled "Vulnerability in Server Service Could Allow Denial of Service (923414)," this bulletin affects users of Microsoft Windows 2000 (SP4), Microsoft Windows XP (SP1, SP2, and x64 Edition), Microsoft Windows Server 2003 (SP1, for Itanium-based Systems and x64 Edition), and addresses the vulnerabilities detailed in CVE-2006-3942 and CVE-2006-4696. Successful exploitation could lead to denial of service.

MS06-064: Low

Entitled "Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819)," this bulletin affects users of Microsoft Windows XP (SP1, SP2, x64), Microsoft Windows Server 2003 (SP1, for Itanium-based Systems and x64 Edition), does not affect Microsoft Windows 2000 (SP4), and addresses the vulnerabilities detailed in CVE-2006-0790, CVE-2006-0230, and CVE-2006-0688. Succesful exploitation could lead to denial of service.

MS06-065: Moderate

Entitled "Vulnerability in Windows Object Packager Could Allow Remote Execution (924496))," this bulletin affects users of Microsoft Windows XP (SP1, SP2, and x64), Microsoft Windows Server 2003 (SP1, for Itanium-based Systems and x64 Edition), does not affect Microsoft Windows 2000 (SP4), and addresses the vulnerability detailed in CVE-2006-4692. Successful exploitation could lead to remote code execution.