[Dshield] XP Problem: Microsoft Security Bulletin Summary for

Kevin Ottalini ottalini at mindspring.com
Tue Feb 14 20:20:57 GMT 2006


I was also was unable to install KB913446 on XP Pro SP2 with auto update, so 
I ran a baseline security 2.0 scan 
(http://www.microsoft.com/technet/security/tools/mbsa2/default.mspx) which 
identified the missing update and then manually downloaded the patch 
(http://www.microsoft.com/technet/security/bulletin/ms06-007.mspx) and it 
installed without problem.

KevinO

----- Original Message ----- 
From: "Fergie"
To: <list at lists.dshield.org>
Sent: Tuesday, February 14, 2006 11:05 AM
Subject: [Dshield] XP Problem: Microsoft Security Bulletin Summary for


> Patches now available.
>
> http://www.microsoft.com/technet/security/bulletin/ms06-feb.mspx
>
> Note: One problem has been detected in downloading and installing 
> KB913446 -- it failed on three (3) XP SP2 machines that I tried it on 
> (failed on download). Waiting to hear something about it elsewhere but 
> nothing further to report at this time (12:40 CST -06:00 UTC).
>
> - ferg
>
>
> Critical (2)
>
> MS06-004
> Cumulative Security Update for Internet Explorer (910620)
> A vulnerability exists in the Graphics Rendering Engine that could allow 
> remote code execution.
>
> MS06-005
> Vulnerability in Windows Media Player Could Allow Remote Code Execution 
> (911565)
> A vulnerability exists in the way that Windows Media Player processes 
> certain files that could allow remote code execution.
>
>
> Important (5)
>
> MS06-006
> Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet 
> Browsers Could Allow Remote Code Execution (911564)
> A remote code execution vulnerability exists in the Windows Media Player 
> plug-in for non-Microsoft Internet browsers that can allow remote code 
> execution.
>
> MS06-007
> Vulnerability in TCP/IP Could Allow Denial of Service (913446)
> A vulnerability exists that could allow an attacker to send a specially 
> crafted IGMP that could cause an affected system to stop responding.
>
> MS06-008
> Vulnerability in Web Client Service Could Allow Remote Code Execution 
> (911927)
> A vulnerability exists in the Windows Web Client Service that could allow 
> an attacker to take complete control of an affected system. An attacker 
> must have valid logon credentials and be able to log on locally to exploit 
> this vulnerability.
>
> MS06-009
> A vulnerability exists in the Windows and Office in the Korean Input 
> Method Editor Could Allow Elevation of Privilege (901190)
> A vulnerability exists in the Windows and Office Korean Input Method 
> Editor that could allow an attacker to take complete control of an 
> affected system. For an attack to be successful an attacker must be able 
> to interactively log on to the affected system.
>
> MS06-010
> Vulnerability in PowerPoint 2000 Could Allow Information Disclosure 
> (889167)
> A vulnerability exists PowerPoint that could allow information disclosure.
>
> --
> "Fergie", a.k.a. Paul Ferguson
> Engineering Architecture for the Internet
> ferg's tech blog: http://fergdawg.blogspot.com/



More information about the list mailing list