Microsoft Updates For June: Twelve Security Bulletins - Fixes 21 Security Holes
Thursday, 15 June 2006 by Michel Roth
That's right: Microsoft has released twelve security bulletins that cover a total of 21 security holes in its Windows, Exchange and Office. Eat your heart out:

MS06-032: Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)
There is a remote code execution vulnerability in the TCP/IP Protocol driver that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.

MS06-031: Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736)
A spoofing vulnerability exists in the RPC service that could enable an attacker to spoof trusted network resource.

MS06-030: Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)
Each vulnerability is documented in this bulletin in its own Vulnerability Details section of this bulletin.

MS06-029: Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)
The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited the vulnerability could perform script injection attacks.

MS06-028: Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS06-027: Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)
A remote code execution vulnerability exists in Word using a malformed object pointer.

MS06-026: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (918547)
The vulnerability is documented in the Vulnerability Details section of this bulletin. We recommend that customers apply the update immediately.

MS06-025: Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)
Each vulnerability is documented in this bulletin in its own Vulnerability Details section of this bulletin.

MS06-024: Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

MS06-023: Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS06-022: Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)
A remote code execution vulnerability exists in the way AOL ART images are handled. This vulnerability could allow an attacker to take complete control of an affected system. The vulnerability is documented in the Vulnerability Details section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS06-021: Cumulative Security Update for Internet Explorer (916281)
If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Related Items:

Microsoft Security Bulletin For March 2006 (15 March 2006)
Security Updates Summary For May 2006 (9 May 2006)
Microsoft Security Updates For February (15 February 2006)
Microsoft Security Updates For July 2005 (13 July 2005)
November's Hotfix: Microsoft Security Bulletin MS05-053 (10 November 2005)
Microsoft Security Patches For June 2005 (15 June 2005)
Microsoft Security Updates For January 2006 (11 January 2006)
Microsoft Security Bulletin For February (9 February 2005)
Microsoft Security Bulletins Summary For July (12 July 2006)
Here are the extra Microsoft security updates for december 2004 (14 December 2004)
Comments (0)add feed
Show/Hide comment formtoggle
password
 

busy