Microsoft Updates for Multiple Vulnerabilities
Systems Affected
- Microsoft Windows
- Microsoft Visual Studio
- Microsoft Outlook Express
- Microsoft Media Player
- Microsoft Internet Explorer
Overview
Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows, Visual Studio, Microsoft Outlook Express,
Microsoft Media Player, and Microsoft Internet Explorer. Exploitation
of these vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code or cause a denial of service on a
vulnerable system.
Description
Microsoft has released updates to address vulnerabilities in Microsoft
Windows, Visual Studio, Microsoft Outlook Express, Microsoft Media
Player, and Microsoft Internet Explorer as part of the Microsoft
Security Bulletin Summary for December
2006. The most severe vulnerabilities could allow a remote,
unauthenticated attacker to execute arbitrary code or cause a denial
of service on a vulnerable system.
Updates for Office for Mac were accidentally released by Microsoft and
have since been retracted. More information can be found in the following Microsoft
Security Response Center Blog entry.
Further information about the vulnerabilities addressed by these
updates is available in the Vulnerability
Notes Database.
Impact
A remote, unauthenticated attacker could execute arbitrary code on a
vulnerable system. An attacker may also be able to cause a denial of
service.
Solution
Apply updates from Microsoft
Microsoft has provided updates for these vulnerabilities in the
December 2006 Security
Bulletins. The Security Bulletins describe any known issues
related to the updates. Note any known issues described in the
Bulletins and test for any potentially adverse affects in your
environment.
System administrators may wish to consider using an automated patch
distribution system such as Windows Server Update Services
(WSUS).
References
- US-CERT Vulnerability Notes for Microsoft December 2006 updates - http://www.kb.cert.org/vuls/byid?searchview&query=ms06-dec
- Microsoft Security Bulletin Summary for December 2006 - http://www.microsoft.com/technet/security/bulletin/ms06-dec.mspx
- Microsoft Update - https://update.microsoft.com/microsoftupdate/
- Windows Server Update Services - http://www.microsoft.com/windowsserversystem/updateservices/default.mspx
- Information from Microsoft regarding accidental release of security updates for Office products for Mac - http://blogs.technet.com/msrc/archive/2006/12/13/information-on-accidental-posting-of-pre-release-security-updates-for-office-for-mac.aspx
Securing Your Web Browser - http://www.us-cert.gov/reading_room/securing_browser/
-->
Revision History
-
December 12, 2006: Initial release
December 15, 2006: Replaced information about Mac updates with a reference to a Microsoft explanation about the error.
This product is provided subject to this Notification and this Privacy & Use policy.