PDA

Ïðîñìîòð ïîëíîé âåðñèè : Microsoft Security Bulletin MS06-002, MS06-003 (January)


HATTIFNATTOR
10.01.2006, 23:55
Microsoft Security Bulletin MS06-002
Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)

Summary
Who should read this document: Customers who use Microsoft Windows
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Tested Software and Security Update Download Locations:

Affected Software:
Microsoft Windows 2000 Service Pack 4
• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
• Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
• Microsoft Windows Server 2003 x64 Edition

http://www.microsoft.com/technet/security/Bulletin/MS06-002.mspx



Microsoft Security Bulletin MS06-003
Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)


Summary
Who should read this document: Customers who use Microsoft Outlook, Microsoft Exchange, or customers who have the Microsoft Office Multilingual User Interface (MUI) Packs, Microsoft Multilanguage Packs or Microsoft Office 2003 Language Interface Packs (LIPS) installed.

Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: None

Affected Software:
• Microsoft Office 2000 Service Pack 3
Microsoft Office 2000 Software:
• Microsoft Outlook 2000
• Microsoft Office 2000 MultiLanguage Packs
• Microsoft Outlook 2000 English MultiLanguage Packs

• Microsoft Office XP Service Pack 3
Microsoft Office XP Software:
• Microsoft Outlook 2002
• Microsoft Office XP Multilingual User Interface Packs
Note Multilingual User Interface Packs are for non- English packages.

• Microsoft Office 2003 Service Pack 1 and Service Pack 2
Microsoft Office 2003 Software:
• Microsoft Outlook 2003
• Microsoft Office 2003 Multilingual User Interface Packs
• Microsoft Office 2003 Language Interface Packs
Note Multilingual User Interface Packs are for non- English packages


• Microsoft Exchange Server
• Microsoft Exchange Server 5.0 Service Pack 2
• Microsoft Exchange Server 5.5 Service Pack 4
• Microsoft Exchange 2000 Server Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004

http://www.microsoft.com/technet/security/Bulletin/MS06-003.mspx



Microsoft Security Bulletin Summary for January, 2006 (http://www.microsoft.com/technet/security/Bulletin/ms06-Jan.mspx)
Shu_b
11.01.2006, 08:57
Microsoft Security Bulletin Summary for January, 2006

Microsoft Security Bulletin MS06-001, MS06-002, MS06-003

Windows: MS06-001, MS06-002
Exchange and Office MS06-003

Ïðèìå÷àíèå: Äëÿ çàãðóçêè ïàò÷åé èñïîëüçóéòå ññûëêó íà ñòàòüþ áþëëåòåíÿ, èç êîòîðîé âûáèðàéòå ññûëêó íà çàãðóçêó ïðèìåíèòåëüíî ê âàøåé ÎÑ èëè êîìïîíåíòó.
Shu_b
11.01.2006, 09:03
Microsoft Security Bulletin MS06-001
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx
Âûïîëíåíèå ïðîèçâîëüíîãî êîäà â Microsoft Windows ïðè îáðàáîòêå WMF ôàéëîâ
http://www.securitylab.ru/vulnerability/243581.php

Critical

Îïèñàíèå:
Óÿçâèìîñòü ïîçâîëÿåò óäàëåííîìó ïîëüçîâàòåëþ âûïîëíèòü ïðîèçâîëüíûé êîä íà öåëåâîé ñèñòåìå.

Óÿçâèìîñòü ñóùåñòâóåò â "Windows Picture and Fax Viewer" ïðè îáðàáîòêå Windows ìåòàôàéëîâ (".wmf"), ñîäåðæàùèõ ñïåöèàëüíî ñôîðìèðîâàííûå SETABORTPROC "Escape" çàïèñè. Ýòè çàïèñè ïîçâîëÿþò âûïîëíèòü ïðîèçâîëüíûå ôóíêöèè, åñëè ïðîöåññ ãåíåðàöèè WMF ôàéëà çàêàí÷èâàåòñÿ íåóäà÷íî. Óäàëåííûé ïîëüçîâàòåëü ìîæåò ñ ïîìîùüþ ñïåöèàëüíî ñôîðìèðîâàííîãî WMF ôàéëà âûïîëíèòü ïðîèçâîëüíûé êîä íà öåëåâîé ñèñòåìå ñ ïðèâèëåãèÿìè ïîëüçîâàòåëÿ, îòêðûâøåãî çëîíàìåðåííûé ôàéë.

Affected Software:
• Microsoft Windows 2000 Service Pack 4
• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
• Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
• Microsoft Windows Server 2003 x64 Edition
• Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Shu_b
11.01.2006, 09:10
Microsoft Security Bulletin MS06-002
Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)
http://www.microsoft.com/technet/security/Bulletin/MS06-002.mspx

Ïåðåïîëíåíèå áóôåðà âî âñòðîåííûõ Web øðèôòàõ â ðàçëè÷íûõ âåðñèÿõ Microsoft Windows
http://www.securitylab.ru/vulnerability/246042.php

Critical

Îïèñàíèå: Óÿçâèìîñòü â Microsoft Windows ïîçâîëÿåò óäàëåííîìó ïîëüçîâàòåëþ ñêîìïðîìåòèðîâàòü óÿçâèìóþ ñèñòåìó.

Ïåðåïîëíåíèå áóôåðà îáíàðóæåíî ïðè îáðàáîòêå ñïåöèàëüíî îáðàáîòàííûõ âíåäðåííûõ øðèôòîâ. Â ðåçóëüòàòå âîçìîæíî óäàëåííî âûïîëíèòü ïðîèçâîëüíûé êîä êîãäà ïîëüçîâàòåëü ïîñåùàåò ñïåöèàëüíî îáðàáîòàííûé Web ñàéò èëè ïðîñìàòðèâàåò email ñîîáùåíèå ñîäåðæàùåå ñïåöèàëüíî îáðàáîòàííûé âñòðîåííûé Web øðèôò.

Affected Software:
• Microsoft Windows 2000 Service Pack 4
• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
• Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
• Microsoft Windows Server 2003 x64 Edition
• Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Shu_b
11.01.2006, 09:24
Microsoft Security Bulletin MS06-003
Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)
http://www.microsoft.com/technet/security/Bulletin/MS06-003.mspx
Ïåðåïîëíåíèå áóôåðà ïðè îáðàáîòêå ñïåöèàëüíî îáðàáîòàííûõ MIME âëîæåíèé â Microsoft Outlook / Exchange
http://www.securitylab.ru/vulnerability/246043.php

Critical

Îïèñàíèå: Óÿçâèìîñòü â Microsoft Outlook / Exchange ïîçâîëÿåò çëîíàìåðåííîìó ïîëüçîâàòåëþ ñêîìïðîìåòèðîâàòü óÿçâèìóþ ñèñòåìó.

Ïåðåïîëíåíèå áóôåðà îáíàðóæåíî ïðè äåêîäèðîâàíèè Transport Neutral Encapsulation Format (TNEF) MIME âëîæåíèé. Â ðåçóëüòàòå âîçìîæíî óäàëåííî âûïîëíèòü ïðîèçâîëüíûé êîä êîãäà ïîëüçîâàòåëü îòêðûâàåò èëè ïðîñìàòðèâàåò ñïåöèàëüíî îáðàáîòàííîå TNEF email ñîîáùåíèå èëè êîãäà Microsoft Exchange Server Information Store îáðàáàòûâàåò ýòî ñîîáùåíèå.

Affected Software:
• Microsoft Office 2000 Service Pack 3
Microsoft Office 2000 Software:
_ • Microsoft Outlook 2000 update (KB892842)
_ • Microsoft Office 2000 MultiLanguage Packs update (KB892842)
_ • Microsoft Outlook 2000 English MultiLanguage Packs update (KB892842)

• Microsoft Office XP Service Pack 3
Microsoft Office XP Software:
_ • Microsoft Outlook 2002 (KB892841)
_ • Microsoft Office XP Multilingual User Interface Packs update (KB892841)
Note Multilingual User Interface Packs are for non- English packages.

• Microsoft Office 2003 Service Pack 1 and Service Pack 2
Microsoft Office 2003 Software:
_ • Microsoft Outlook 2003 (KB892843)
_ • Microsoft Office 2003 Multilingual User Interface Packs update (KB892843)
_ • Microsoft Office 2003 Language Interface Packs update (KB887617)
Note Multilingual User Interface Packs are for non- English packages

• Microsoft Exchange Server
• Microsoft Exchange Server 5.0 Service Pack 2 update (KB894689)
• Microsoft Exchange Server 5.5 Service Pack 4 update (KB894689)
• Microsoft Exchange 2000 Server Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004 update (894689)

Non-Affected Software:
• Microsoft Exchange Server 2003 Service Pack 1
• Microsoft Exchange Server 2003 Service Pack 2
HATTIFNATTOR
11.01.2006, 15:49
File Name: Windows-KB913086-200601-1.iso
Version: 913086
Date Published: 1/10/2006
Language: English
Download Size: 98.7 MB

ISO-9660 CD image âêëþ÷àåò â ñåáÿ ÿíâàðñêèå îáíîâëåíèÿ áåçîïàñíîñòè îò Microsoft è ïðåäíàçíà÷åí äëÿ àäìèíèñòðàòîðîâ êðóïíûõ êîðïîðàòèâíûõ ñåòåé âêëþ÷àþùèõ ðàçíîîáðàçíîå ìíîãîÿçûêîâîå ÏÎ.

Ñòðàíèöà çàãðóçêè (http://www.microsoft.com/downloads/details.aspx?familyid=27eb2d43-5f8e-4c93-b2dc-7954d7624758&displaylang=en)