LanGuard reports



Supported Microsoft Security Bulletins


More information on 2006 updates



Bulletin ID:
MS06-073
Title:
Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674)
Update Type:
Security Update
Severity:
Critical
Date:
2006-12-13
Description:
This update resolves a public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-4704
Included Updates:
925674
Applies to:
Visual Studio 2005

Bulletin ID:
MS06-077
Title:
Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)
Update Type:
Security Update
Severity:
Important
Date:
2006-12-12
Description:
This update resolves a privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-5584
Included Updates:
926121
Applies to:
Windows 2000

Bulletin ID:
MS06-076
Title:
Cumulative Security Update for Outlook Express (923694)
Update Type:
Security Update
Severity:
Important
Date:
2006-12-12
Description:
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-2386
Included Updates:
923694
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-075
Title:
Vulnerability in Windows Could Allow Elevation of Privilege (926255)
Update Type:
Security Update
Severity:
Important
Date:
2006-12-12
Description:
This update resolves a privately identified vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-5585
Included Updates:
926255
Applies to:
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP

Bulletin ID:
MS06-074
Title:
Vulnerability in SNMP Could Allow Remote Code Execution (926247)
Update Type:
Security Update
Severity:
Important
Date:
2006-12-12
Description:
This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-5583
Included Updates:
926247
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-066
Title:
Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980)
Update Type:
Security Update
Severity:
Important
Date:
2006-12-12
Description:
This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-4688
CVE-2006-4689
Included Updates:
923980
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP

Bulletin ID:
MS06-061
Title:
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191)
Update Type:
Security Update
Severity:
Critical
Date:
2006-12-12
Description:
This update resolves two newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-4685
CVE-2006-4686
Included Updates:
924191
924424
925672
925673
Applies to:
Office 2003
SQL Server Feature Pack
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows Vista
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-059
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164)
Update Type:
Security Update
Severity:
Critical
Date:
2006-12-12
Description:
This update addresses several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Vulnerabilities:
CVE-2006-2387
CVE-2006-3431
CVE-2006-3867
CVE-2006-3875
Included Updates:
923088
923089
923275
924164
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS06-005
Title:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)
Update Type:
Security Update
Severity:
Critical
Date:
2006-11-28
Description:
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-0006
Included Updates:
911565
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP

Bulletin ID:
MS06-070
Title:
Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)
Update Type:
Security Update
Severity:
Critical
Date:
2006-11-14
Description:
This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-4691
Included Updates:
924270
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS06-055
Title:
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486)
Update Type:
Security Update
Severity:
Critical
Date:
2006-11-14
Description:
This update resolves a public vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-4868
Included Updates:
925486
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-065
Title:
Vulnerability in Windows Object Packager Could Allow Remote Execution (924496)
Update Type:
Security Update
Severity:
Moderate
Date:
2006-10-10
Description:
This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-4692
Included Updates:
924496
Applies to:
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-064
Title:
Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819)
Update Type:
Security Update
Severity:
Low
Date:
2006-10-10
Description:
This update resolves a publicly disclosed vulnerability as well as additional issues discovered through internal investigations.
Vulnerabilities:
CVE-2004-0230
CVE-2004-0790
CVE-2005-0688
Included Updates:
922819
Applies to:
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-063
Title:
Vulnerability in Server Service Could Allow Denial of Service and Remote Code Execution (923414)
Update Type:
Security Update
Severity:
Important
Date:
2006-10-10
Description:
This update resolves publicly and privately reported vulnerabilities. The vulnerabilities are documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-3942
CVE-2006-4696
Included Updates:
923414
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-062
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)
Update Type:
Security Update
Severity:
Critical
Date:
2006-10-10
Description:
This update addresses several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Vulnerabilities:
CVE-2006-3434
CVE-2006-3650
CVE-2006-3864
CVE-2006-3868
Included Updates:
922581
923272
923273
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS06-060
Title:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)
Update Type:
Security Update
Severity:
Critical
Date:
2006-10-10
Description:
This update addresses several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Vulnerabilities:
CVE-2006-3647
CVE-2006-3651
CVE-2006-4534
CVE-2006-4693
Included Updates:
920817
923094
923276
924554
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS06-058
Title:
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)
Update Type:
Security Update
Severity:
Critical
Date:
2006-10-10
Description:
This update addresses several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Vulnerabilities:
CVE-2006-3435
CVE-2006-3876
CVE-2006-3877
CVE-2006-4694
Included Updates:
923091
923092
924163
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS06-057
Title:
Vulnerability in Windows Explorer Could Allow Remote Execution (923191)
Update Type:
Security Update
Severity:
Critical
Date:
2006-10-10
Description:
This update resolves a newly discovered, publicly reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-3730
Included Updates:
923191
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-056
Title:
Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770)
Update Type:
Security Update
Severity:
Moderate
Date:
2006-10-10
Description:
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-3436
Included Updates:
922770
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS05-030
Title:
Vulnerability in Outlook Express Could Allow Remote Code Execution (897715)
Update Type:
Security Update
Severity:
Important
Date:
2006-10-10
Description:
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Vulnerabilities:
CAN-2005-1213
Included Updates:
897715
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP

Bulletin ID:
MS06-049
Title:
Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958)
Update Type:
Security Update
Severity:
Important
Date:
2006-09-26
Description:
This update resolves a newly discovered, publicly reported vulnerability and additional issues discovered through internal investigations.
Vulnerabilities:
CVE-2006-3444
Included Updates:
920958
Applies to:
Windows 2000

Bulletin ID:
MS05-021
Title:
Vulnerability in Exchange Server Could Allow Remote Code Execution (894549)
Update Type:
Security Update
Severity:
Critical
Date:
2006-09-26
Description:
This update resolves a newly-discovered, privately-reported vulnerability in Microsoft Exchange Server that could allow an attacker to run arbitrary code on the system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Vulnerabilities:
CAN-2005-0560
Included Updates:
894549
Applies to:
Exchange 2000 Server
Exchange Server 2003

Bulletin ID:
MS06-054
Title:
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729)
Update Type:
Security Update
Severity:
Critical
Date:
2006-09-12
Description:
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-0001
Included Updates:
894541
894542
910729
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS06-053
Title:
Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685)
Update Type:
Security Update
Severity:
Moderate
Date:
2006-09-12
Description:
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-0032
Included Updates:
920685
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-052
Title:
Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007)
Update Type:
Security Update
Severity:
Important
Date:
2006-09-12
Description:
This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-3442
Included Updates:
919007
Applies to:
Windows XP

Bulletin ID:
MS06-042
Title:
Cumulative Security Update for Internet Explorer (918899)
Update Type:
Security Update
Severity:
Critical
Date:
2006-09-12
Description:
This update resolves several newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin.
Vulnerabilities:
CVE-2004-1166
CVE-2006-3280
CVE-2006-3450
CVE-2006-3451
CVE-2006-3637
CVE-2006-3638
CVE-2006-3639
CVE-2006-3640
CVE-2006-3869
CVE-2006-3873
Included Updates:
918899
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-040
Title:
Vulnerability in Server Service Could Allow Remote Code Execution (921883)
Update Type:
Security Update
Severity:
Critical
Date:
2006-09-12
Description:
This update resolves a privately disclosed vulnerability as well as additional issues discovered through internal investigations.
Vulnerabilities:
CVE-2006-3439
Included Updates:
921883
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-038
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
Update Type:
Security Update
Severity:
Critical
Date:
2006-09-12
Description:
This update resolves several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Vulnerabilities:
CVE-2006-1316
CVE-2006-1318
CVE-2006-1540
CVE-2006-2389
Included Updates:
917150
917151
917284
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS06-034
Title:
Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)
Update Type:
Security Update
Severity:
Important
Date:
2006-09-12
Description:
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-0026
Included Updates:
917537
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-051
Title:
Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422)
Update Type:
Security Update
Severity:
Critical
Date:
2006-08-08
Description:
This update resolves newly discovered, privately reported vulnerabilities and additional issues discovered through internal investigations.
Vulnerabilities:
CVE-2006-3443
CVE-2006-3648
Included Updates:
917422
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-050
Title:
Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)
Update Type:
Security Update
Severity:
Important
Date:
2006-08-08
Description:
This update resolves two newly discovered vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-3086
CVE-2006-3438
Included Updates:
920670
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-048
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968)
Update Type:
Security Update
Severity:
Critical
Date:
2006-08-08
Description:
This update resolves two newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Vulnerabilities:
CVE-2006-3449
CVE-2006-3590
Included Updates:
921566
921567
922968
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS06-047
Title:
Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645)
Update Type:
Security Update
Severity:
Critical
Date:
2006-08-08
Description:
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-3649
Included Updates:
920821
921645
Applies to:
Office 2002/XP

Bulletin ID:
MS06-046
Title:
Vulnerability in HTML Help Could Allow Remote Code Execution (922616)
Update Type:
Security Update
Severity:
Critical
Date:
2006-08-08
Description:
This update resolves a newly discovered, publicly reported vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CAN-2006-3357
CVE-2006-3357
Included Updates:
922616
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-045
Title:
Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)
Update Type:
Security Update
Severity:
Important
Date:
2006-08-08
Description:
This update resolves a newly-discovered, publicly-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-3281
Included Updates:
921398
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-044
Title:
Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008)
Update Type:
Security Update
Severity:
Critical
Date:
2006-08-08
Description:
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-3643
Included Updates:
917008
Applies to:
Windows 2000

Bulletin ID:
MS06-043
Title:
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)
Update Type:
Security Update
Severity:
Critical
Date:
2006-08-08
Description:
This update resolves a newly-discovered, publicly-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin
Vulnerabilities:
CVE-2006-2766
Included Updates:
920214
Applies to:
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-041
Title:
Vulnerabilities in DNS Resolution Could Allow Remote Code Execution (920683)
Update Type:
Security Update
Severity:
Critical
Date:
2006-08-08
Description:
This update resolves several newly discovered, privately reported, vulnerabilities.
Vulnerabilities:
CVE-2006-3440
CVE-2006-3441
Included Updates:
920683
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-037
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)
Update Type:
Security Update
Severity:
Critical
Date:
2006-08-08
Description:
This update resolves several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Vulnerabilities:
CVE-2006-1301
CVE-2006-1302
CVE-2006-1304
CVE-2006-1306
CVE-2006-1308
CVE-2006-1309
CVE-2006-2388
CVE-2006-3059
Included Updates:
917285
918419
918420
918425
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS06-036
Title:
Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)
Update Type:
Security Update
Severity:
Critical
Date:
2006-07-11
Description:
This update resolves a newly discovered, privately reported vulnerability as well as additional issues discovered through internal investigations. The privately reported vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-2372
Included Updates:
914388
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-035
Title:
Vulnerability in Server Service Could Allow Remote Code Execution (917159)
Update Type:
Security Update
Severity:
Critical
Date:
2006-07-11
Description:
This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-1314
CVE-2006-1315
Included Updates:
917159
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-033
Title:
Vulnerability in ASP.NET Could Allow Information Disclosure (917283)
Update Type:
Security Update
Severity:
Important
Date:
2006-07-11
Description:
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-1300
Included Updates:
917283
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-028
Title:
Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)
Update Type:
Security Update
Severity:
Critical
Date:
2006-07-11
Description:
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in this bulletin in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-0022
Included Updates:
916518
916519
916768
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS06-027
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)
Update Type:
Security Update
Severity:
Critical
Date:
2006-07-11
Description:
This update resolves a newly discovered, public vulnerability. The vulnerability is documented in this bulletin in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-2492
Included Updates:
917334
917335
917336
917346
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS06-025
Title:
Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)
Update Type:
Security Update
Severity:
Critical
Date:
2006-06-27
Description:
This update resolves several newly discovered, privately reported vulnerability. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-2370
CVE-2006-2371
Included Updates:
911280
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-020
Title:
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433)
Update Type:
Security Update
Severity:
Critical
Date:
2006-06-27
Description:
This update resolves publicly reported vulnerabilities. The vulnerabilities are documented in the "Vulnerability Details" section of this bulletin. These vulnerabilities are also documented in Macromedia Security Bulletin MPSB05-07 for customers using Flash Player 5 and 6. Customers who have installed Flash Player 7 and higher are advised to download the latest version from the Adobe website. Customers that have followed the guidance in Adobe Security Bulletin APSB06-03 are not at risk from the vulnerability.
Vulnerabilities:
CVE-2005-2628
CVE-2006-0024
Included Updates:
913433
Applies to:
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-032
Title:
Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)
Update Type:
Security Update
Severity:
Important
Date:
2006-06-13
Description:
This update resolves a privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-2379
Included Updates:
917953
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-031
Title:
Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736)
Update Type:
Security Update
Severity:
Moderate
Date:
2006-06-13
Description:
This update resolves a newly discovered, privately reported vulnerability. A spoofing vulnerability exists in the RPC service that could enable an attacker to spoof trusted network resource. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-2380
Included Updates:
917736
Applies to:
Windows 2000

Bulletin ID:
MS06-030
Title:
Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)
Update Type:
Security Update
Severity:
Important
Date:
2006-06-13
Description:
This update resolves several newly discovered, privately reported vulnerability. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-2373
CVE-2006-2374
Included Updates:
914389
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-024
Title:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)
Update Type:
Security Update
Severity:
Critical
Date:
2006-06-13
Description:
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-0025
Included Updates:
917734
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-023
Title:
Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)
Update Type:
Security Update
Severity:
Critical
Date:
2006-06-13
Description:
This update resolves a newly discovered vulnerability. A remote code execution vulnerability exists in Microsoft JScript that could allow an attacker to take complete control of an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-1313
Included Updates:
917344
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-022
Title:
Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)
Update Type:
Security Update
Severity:
Critical
Date:
2006-06-13
Description:
This update resolves a newly discovered, privately reported vulnerability. A remote code execution vulnerability exists in the way AOL ART images are handled. This vulnerability could allow an attacker to take complete control of an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-2378
Included Updates:
918439
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-018
Title:
Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580)
Update Type:
Security Update
Severity:
Moderate
Date:
2006-06-13
Description:
This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-0034
CVE-2006-1184
Included Updates:
913580
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP

Bulletin ID:
MS06-011
Title:
Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798)
Update Type:
Security Update
Severity:
Important
Date:
2006-06-13
Description:
This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CAN-2006-0023
CVE-2006-0023
Included Updates:
914798
Applies to:
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP

Bulletin ID:
MS06-017
Title:
Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)
Update Type:
Security Update
Severity:
Moderate
Date:
2006-04-11
Description:
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-0015
Included Updates:
908981
911701
917627
Applies to:
Office 2002/XP
Windows Server 2003
Windows Server 2003, Datacenter Edition

Bulletin ID:
MS06-016
Title:
Cumulative Security Update for Outlook Express (911567)
Update Type:
Security Update
Severity:
Important
Date:
2006-04-11
Description:
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-0014
Included Updates:
911567
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS04-018
Title:
Cumulative Security Update for Outlook Express (823353)
Update Type:
Security Update
Severity:
Moderate
Date:
2006-04-11
Description:
This update resolves a public vulnerability. A denial of service vulnerability exists in Outlook Express because of a lack of robust verification for malformed e-mail headers. The vulnerability is documented in the Vulnerability Details section of this bulletin. This update also changes the default security settings for Outlook Express 5.5 Service Pack 2 (SP2). This change is documented in the Frequently Asked Questions related to this security update section of this bulletin.
Vulnerabilities:
CAN-2004-0215
Included Updates:
823353
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS06-012
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)
Update Type:
Security Update
Severity:
Critical
Date:
2006-03-14
Description:
This update resolves several newly-discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2005-4131
CVE-2006-0009
CVE-2006-0028
CVE-2006-0029
CVE-2006-0030
CVE-2006-0031
Included Updates:
905413
905649
905754
905755
905756
905758
914451
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS06-007
Title:
Vulnerability in TCP/IP Could Allow Denial of Service (913446)
Update Type:
Security Update
Severity:
Important
Date:
2006-02-15
Description:
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:

Included Updates:
913446
Applies to:
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-009
Title:
Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)
Update Type:
Security Update
Severity:
Important
Date:
2006-02-14
Description:
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-0008
Included Updates:
901190
905645
909115
909118
Applies to:
Office 2003
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-008
Title:
Vulnerability in Web Client Service Could Allow Remote Code Execution (911927)
Update Type:
Security Update
Severity:
Important
Date:
2006-02-14
Description:
This update resolves a newly-discovered, privately-reported vulnerability.
Vulnerabilities:
CVE-2006-0013
Included Updates:
911927
Applies to:
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-006
Title:
Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)
Update Type:
Security Update
Severity:
Important
Date:
2006-02-14
Description:
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2006-0005
Included Updates:
911564
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS03-042
Title:
Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232)
Update Type:
Security Update
Severity:
Critical
Date:
2006-02-14
Description:
Microsoft re-issued this bulletin on October 29, 2003 to advise on the availability of an updated Windows 2000 patch. This revised patch corrects the Debug Programs (SeDebugPrivilege) user right issue that some customers experienced with the original patch that is discussed in Knowledge Base Article 830846. This problem is unrelated to the security vulnerability discussed in this bulletin. If you have previously applied this security patch, this update does not need to be installed.
Vulnerabilities:

Included Updates:
826232
Applies to:
Windows 2000

Bulletin ID:
MS06-003
Title:
Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)
Update Type:
Security Update
Severity:
Critical
Date:
2006-01-10
Description:
This update resolves a newly-discovered, privately-reported vulnerability that could allow an attacker to run arbitrary code on the system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Vulnerabilities:
CVE-2006-0002
Included Updates:
892841
892843
894689
902412
Applies to:
Exchange 2000 Server
Office 2002/XP
Office 2003

Bulletin ID:
MS06-002
Title:
Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)
Update Type:
Security Update
Severity:
Critical
Date:
2006-01-10
Description:
This update resolves a newly-discovered, privately-reported vulnerability.
Vulnerabilities:
CVE-2006-0010
Included Updates:
908519
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-001
Title:
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
Update Type:
Security Update
Severity:
Critical
Date:
2006-01-05
Description:
This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Vulnerabilities:
CVE-2005-4560
Included Updates:
912919
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP
Windows XP x64 Edition