Microsoft Updates for Multiple Vulnerabilities
Original release date: December 12, 2006
Last revised: December 15, 2006
Source: US-CERT
Systems Affected
- Microsoft Windows
- Microsoft Visual Studio
- Microsoft Outlook Express
- Microsoft Media Player
- Microsoft Internet Explorer
Overview
Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows, Visual Studio, Microsoft Outlook Express,
Microsoft Media Player, and Microsoft Internet Explorer. Exploitation
of these vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code or cause a denial of service on a
vulnerable system.
I. Description
Microsoft has released updates to address vulnerabilities in Microsoft
Windows, Visual Studio, Microsoft Outlook Express, Microsoft Media
Player, and Microsoft Internet Explorer as part of the Microsoft
Security Bulletin Summary for December
2006. The most severe vulnerabilities could allow a remote,
unauthenticated attacker to execute arbitrary code or cause a denial
of service on a vulnerable system.
Updates for Office for Mac were accidentally released by Microsoft and
have since been retracted. More information can be found in the following Microsoft
Security Response Center Blog entry.
Further information about the vulnerabilities addressed by these
updates is available in the Vulnerability
Notes Database.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code on a
vulnerable system. An attacker may also be able to cause a denial of
service.
III. Solution
Apply updates from Microsoft
Microsoft has provided updates for these vulnerabilities in the
December 2006 Security
Bulletins. The Security Bulletins describe any known issues
related to the updates. Note any known issues described in the
Bulletins and test for any potentially adverse affects in your
environment.
System administrators may wish to consider using an automated patch
distribution system such as Windows Server Update Services
(WSUS).
IV. References
Feedback can be directed to US-CERT.
Produced 2006 by US-CERT, a government organization. Terms of use
Revision History
December 12, 2006: Initial release
December 15, 2006: Replaced information about Mac updates with a reference to a Microsoft explanation about the error.