[BigFix-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: EnterpriseSecurity

autonotify at bigfix.com autonotify at bigfix.com
Sat May 20 02:06:12 PDT 2006 

Fixlet Site - EnterpriseSecurity
Current Version: 736	Published: Fri, 19 May 2006 17:12:43 GMT


***************************************************************
Title: MS05-050: Vulnerability in DirectShow Could Allow Remote Code Execution - Windows XP/2003 (x64)
Severity: Critical
Fixlet ID: 505008
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS05-050.mspx

Fixlet Description: Microsoft has released a patch eliminating security vulnerabilities in DirectShow. A remote code execution vulnerability exists in DirectShow that could allow an attacker who successfully exploited this vulnerability to take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. After downloading and installing this patch, affected computers will no longer be susceptible to these vulnerabilities.

***************************************************************
Title: MS05-050: CORRUPT PATCH - Windows XP/2003 (x64)
Severity: Critical
Fixlet ID: 505027
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS05-050.mspx


***************************************************************
Title: MS05-051: Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution - Windows XP/2003 (x64)
Severity: Important
Fixlet ID: 505108
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS05-051.mspx

Fixlet Description: Microsoft has released a patch eliminating security vulnerabilities in MSDTC and COM+. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system.After downloading and installing this patch, affected computers will no longer be susceptible to these vulnerabilities. 

***************************************************************
Title: MS05-051: CORRUPT PATCH - Windows XP/2003 (x64)
Severity: Important
Fixlet ID: 505109
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS05-051.mspx


***************************************************************
Title: MS05-053: Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution - Windows XP/2003 (x64)
Severity: Critical
Fixlet ID: 505308
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS05-053.mspx

Fixlet Description:  Microsoft has released a patch eliminating security vulnerabilities in GDI. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft recommends that customers apply the update immediately.After downloading and installing this patch, affected computers will no longer be susceptible to these vulnerabilities. 

***************************************************************
Title: MS05-053: CORRUPT PATCH - Windows XP/2003 (x64)
Severity: Critical
Fixlet ID: 505309
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS05-053.mspx


***************************************************************
Title: MS06-001: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution - Windows XP/2003 (x64)
Severity: Critical
Fixlet ID: 600108
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS06-001.mspx

Fixlet Description:  Microsoft has released a patch eliminating a remote code execution vulnerability in the Graphics Rendering Engine, relating to the way that it handles Windows Metafile (WMF) images. An attacker could exploit the vulnerability by constructing a specially crafted WMF image that could potentially allow remote code execution if a user visited a malicious Web site or opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system. After downloading and installing this patch, affected computers will no longer be susceptible to these vulnerabilities. 

***************************************************************
Title: MS06-001: CORRUPT PATCH - Windows XP/2003 (x64)
Severity: Critical
Fixlet ID: 600109
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS06-001.mspx


***************************************************************
Title: MS06-002: Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution - Windows XP/2003 (x64)
Severity: Critical
Fixlet ID: 600208
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS06-002.mspx

Fixlet Description: A remote code execution vulnerability exists in Windows because of the way that it handles malformed embedded Web fonts. An attacker could exploit the vulnerability by constructing a malicious embedded Web font that could potentially allow remote code execution if a user visited a malicious Web site or viewed a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS06-002: CORRUPT PATCH - Windows XP/2003 (x64)
Severity: Critical
Fixlet ID: 600213
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS06-002.mspx


***************************************************************
Title: MS06-006: Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution - Windows XP/2003 (x64)
Severity: Important
Fixlet ID: 600604
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms06-006.mspx

Fixlet Description: Microsoft has released a patch eliminating security vulnerabilities in a Windows Media Player Plugin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights After downloading and installing this patch, affected computers will no longer be susceptible to these vulnerabilities. 

***************************************************************
Title: MS06-006: CORRUPT PATCH - Windows XP/2003 (x64)
Severity: Important
Fixlet ID: 600605
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms06-006.mspx


***************************************************************
Title: MS06-007: Vulnerability in TCP/IP Could Allow Denial of Service - Windows XP/2003 (x64)
Severity: Important
Fixlet ID: 600705
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms06-007.mspx

Fixlet Description:  Microsoft has released a patch eliminating security vulnerabilities in TCP/IP. An attacker who successfully exploited this vulnerability could execute code on an affected system. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. 

***************************************************************
Title: MS06-007: CORRUPT PATCH - Windows XP/2003 (x64)
Severity: Important
Fixlet ID: 600706
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms06-007.mspx


***************************************************************
Title: MS06-008: Vulnerability in Web Client Service Could Allow Remote Code Execution - Windows XP/2003 (x64)
Severity: Important
Fixlet ID: 600806
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS06-008.mspx

Fixlet Description:  A remote code execution vulnerability exists in the way that Windows processes Web Client requests that could allow an attacker who successfully exploited this vulnerable to take complete control of the affected system. After downloading and installing this patch, affected computers will no longer be susceptible to these vulnerabilities. 

***************************************************************
Title: MS06-008: CORRUPT PATCH - Windows XP/2003 (x64)
Severity: Important
Fixlet ID: 600807
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS06-008.mspx


***************************************************************
Title: MS06-009: Vulnerability in the Korean IME Could Allow Elevation of Privilege - Windows XP/2003 (x64)
Severity: Important
Fixlet ID: 600931
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS06-009.mspx

Fixlet Description: Microsoft has released a patch eliminating a privilege elevation vulnerability in the Korean IME Language Bar in Windows XP. An attacker who successfully exploited this vulnerability could take complete control of an affected system. For an attack to be successful, the attacker must be able to interactively logon to the affected system. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability.After downloading and installing this patch, affected computers will no longer be susceptible to these vulnerabilities. 

***************************************************************
Title: MS06-009: CORRUPT PATCH - Windows XP/2003 (x64)
Severity: Important
Fixlet ID: 600932
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS06-009.mspx


***************************************************************
Title: MS06-013: Cumulative Security Update for Internet Explorer - IE 6.0 - Windows XP/2003 (x64)
Severity: Critical
Fixlet ID: 601309
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx

Fixlet Description:  Microsoft has released a cumulative patch for Internet Explorer that resolves several newly-discovered, publicly and privately reported vulnerabilities, as well as eliminating all vulnerabilities covered by earlier patches. If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. Microsoft recommends that customers apply the update immediately. After downloading and installing this patch, affected computers will no longer be susceptible to these vulnerabilities. 

***************************************************************
Title: MS06-013: CORRUPT PATCH - IE 6.0 - Windows XP/2003 (x64)
Severity: Critical
Fixlet ID: 601310
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx


***************************************************************
Title: MS06-014: Vulnerability in the MDAC Function Could Allow Code Execution - Windows XP/2003 (x64)
Severity: Critical
Fixlet ID: 601413
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms06-014.mspx

Fixlet Description:  Microsoft has released a patch eliminating a newly-discovered, privately-reported security vulnerability in the Microsoft Data Access Components (MDAC) Function.  If a user is logged on with administrative rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. After downloading and installing this patch, affected computers will no longer be susceptible to these vulnerabilities. 

***************************************************************
Title: MS06-014: CORRUPT PATCH - Windows XP/2003 (x64)
Severity: Critical
Fixlet ID: 601414
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms06-014.mspx


***************************************************************
Title: MS06-015: Vulnerability in Windows Explorer Could Allow Remote Code Execution - Windows XP/2003 (x64)
Severity: Critical
Fixlet ID: 601516
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx

Fixlet Description:  Microsoft has released a patch eliminating security vulnerabilities in Windows Shell. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. After downloading and installing this patch, affected computers will no longer be susceptible to these vulnerabilities.

***************************************************************
Title: MS06-015: CORRUPT PATCH - Windows XP/2003 (x64)
Severity: Critical
Fixlet ID: 601517
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx


***************************************************************
Title: MS06-016: Cumulative Security Update for Outlook Express - OE 6 - Windows XP/2003 (x64)
Severity: Important
Fixlet ID: 601609
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS06-016.mspx

Fixlet Description:  Microsoft has released a cumulative patch for Outlook Express that resolves a newly-discovered, privately reported vulnerability, as well as eliminating all vulnerabilities covered by earlier patches. If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system.After downloading and installing this patch, affected computers will no longer be susceptible to these vulnerabilities. 

***************************************************************
Title: MS06-016: CORRUPT PATCH - OE 6 - Windows XP/2003 (x64)
Severity: Important
Fixlet ID: 601610
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS06-016.mspx


***************************************************************
Title: MS06-017: Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting - FPSE 2002 - Windows XP/2003 (x64)
Severity: Moderate
Fixlet ID: 601704
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms06-017.mspx

Fixlet Description:  Microsoft has released a patch eliminating a security vulnerability in FrontPage Server Extensions (FPSE 2002). If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. After applying this patch, affected computers will no longer be susceptible to this vulnerability.

More information about the BigFix-Announcements mailing list