HATTIFNATTOR
10.01.2006, 23:55
Microsoft Security Bulletin MS06-002
Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)
Summary
Who should read this document: Customers who use Microsoft Windows
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Tested Software and Security Update Download Locations:
Affected Software:
Microsoft Windows 2000 Service Pack 4
• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
• Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
• Microsoft Windows Server 2003 x64 Edition
http://www.microsoft.com/technet/security/Bulletin/MS06-002.mspx
Microsoft Security Bulletin MS06-003
Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)
Summary
Who should read this document: Customers who use Microsoft Outlook, Microsoft Exchange, or customers who have the Microsoft Office Multilingual User Interface (MUI) Packs, Microsoft Multilanguage Packs or Microsoft Office 2003 Language Interface Packs (LIPS) installed.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: None
Affected Software:
• Microsoft Office 2000 Service Pack 3
Microsoft Office 2000 Software:
• Microsoft Outlook 2000
• Microsoft Office 2000 MultiLanguage Packs
• Microsoft Outlook 2000 English MultiLanguage Packs
• Microsoft Office XP Service Pack 3
Microsoft Office XP Software:
• Microsoft Outlook 2002
• Microsoft Office XP Multilingual User Interface Packs
Note Multilingual User Interface Packs are for non- English packages.
• Microsoft Office 2003 Service Pack 1 and Service Pack 2
Microsoft Office 2003 Software:
• Microsoft Outlook 2003
• Microsoft Office 2003 Multilingual User Interface Packs
• Microsoft Office 2003 Language Interface Packs
Note Multilingual User Interface Packs are for non- English packages
• Microsoft Exchange Server
• Microsoft Exchange Server 5.0 Service Pack 2
• Microsoft Exchange Server 5.5 Service Pack 4
• Microsoft Exchange 2000 Server Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004
http://www.microsoft.com/technet/security/Bulletin/MS06-003.mspx
Microsoft Security Bulletin Summary for January, 2006 (http://www.microsoft.com/technet/security/Bulletin/ms06-Jan.mspx)
Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)
Summary
Who should read this document: Customers who use Microsoft Windows
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Tested Software and Security Update Download Locations:
Affected Software:
Microsoft Windows 2000 Service Pack 4
• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
• Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
• Microsoft Windows Server 2003 x64 Edition
http://www.microsoft.com/technet/security/Bulletin/MS06-002.mspx
Microsoft Security Bulletin MS06-003
Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)
Summary
Who should read this document: Customers who use Microsoft Outlook, Microsoft Exchange, or customers who have the Microsoft Office Multilingual User Interface (MUI) Packs, Microsoft Multilanguage Packs or Microsoft Office 2003 Language Interface Packs (LIPS) installed.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: None
Affected Software:
• Microsoft Office 2000 Service Pack 3
Microsoft Office 2000 Software:
• Microsoft Outlook 2000
• Microsoft Office 2000 MultiLanguage Packs
• Microsoft Outlook 2000 English MultiLanguage Packs
• Microsoft Office XP Service Pack 3
Microsoft Office XP Software:
• Microsoft Outlook 2002
• Microsoft Office XP Multilingual User Interface Packs
Note Multilingual User Interface Packs are for non- English packages.
• Microsoft Office 2003 Service Pack 1 and Service Pack 2
Microsoft Office 2003 Software:
• Microsoft Outlook 2003
• Microsoft Office 2003 Multilingual User Interface Packs
• Microsoft Office 2003 Language Interface Packs
Note Multilingual User Interface Packs are for non- English packages
• Microsoft Exchange Server
• Microsoft Exchange Server 5.0 Service Pack 2
• Microsoft Exchange Server 5.5 Service Pack 4
• Microsoft Exchange 2000 Server Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004
http://www.microsoft.com/technet/security/Bulletin/MS06-003.mspx
Microsoft Security Bulletin Summary for January, 2006 (http://www.microsoft.com/technet/security/Bulletin/ms06-Jan.mspx)