* PGP Signed by an unverified key: 03/14/06 at 13:33:21<br /><br />********************************************************************<br />Title: Microsoft Security Bulletin Summary for March 2006<br />Issued: March 14, 2006<br />Version Number: 1.0<br />Bulletin:
http://go.microsoft.com/fwlink/?LinkId=63209<br />********************************************************************<br /><br />Summary:<br />========<br />This advisory contains information about all security updates<br />released this month. It is broken down by security bulletin severity.<br /><br />Critical Security Bulletins<br />===========================<br /><br />MS06-012 - Vulnerabilities in Microsoft Office Could Allow Remote<br /> Code Execution (905413)<br /><br /> - Affected Software: <br /><br /> - Microsoft Word 2000<br /> - Microsoft Excel 2000<br /> Microsoft Outlook 2000<br /> - Microsoft PowerPoint 2000<br /> - Microsoft Office 2000 MultiLanguage Packs<br /> - Microsoft Word 2002<br /> - Microsoft Excel 2002<br /> - Microsoft Outlook 2002<br /> - Microsoft PowerPoint 2002<br /> - Microsoft Office XP Multilingual User Interface Packs<br /> - Microsoft Excel 2003 <br /> - Microsoft Excel 2003 Viewer<br /> - Microsoft Works Suite 2000<br /> - Microsoft Works Suite 2001<br /> - Microsoft Works Suite 2002<br /> - Microsoft Works Suite 2003<br /> - Microsoft Works Suite 2004<br /> - Microsoft Works Suite 2005<br /> - Microsoft Works Suite 2006<br /> - Microsoft Excel X for Mac<br /> - Microsoft Excel 2004 for Mac<br /><br /><br /> - Impact: Remote Code Execution<br /> - Version Number: 1.0 <br /><br /><br />Important Security Bulletins<br />============================<br /><br />MS06-011 - Permissive Windows Services DACLs Could Allow Elevation <br /> of Privilege (914798)<br /><br /> - Affected Software: <br /> - Windows XP Service Pack 1<br /> - Windows Server 2003<br /> - Windows Server 2003 for Itanium-based Systems <br /><br /><br /> - Impact: Remote Elevation of Privilege<br /> - Version Number: 1.0 <br /><br /><br /><br />Update Availability:<br />===================<br />Updates are available to address these issues.<br />For additional information, including Technical Details,<br />Workarounds, answers to Frequently Asked Questions,<br />and Update Deployment Information please read<br />the Microsoft Security Bulletin Summary for this<br />month at:
http://go.microsoft.com/fwlink/?LinkId=63209<br /><br />Support:<br />========<br />Technical support is available from Microsoft Product Support<br />Services at 1-866-PC SAFETY (1-866-727-2338). There is no<br />charge for support calls associated with security updates.<br />International customers can get support from their local Microsoft<br />subsidiaries. Phone numbers for international support can be found<br />at:
http://support.microsoft.com/common/international.aspx<br /> <br />Microsoft Support Lifecycle for Business and Developer Software<br />===============================================================<br />The Microsoft Support Lifecycle policy provides consistent and <br />predictable guidelines for product support availability at the <br />time that the product is released. Under this policy, Microsoft <br />will offer a minimum of ten years of support. This includes five <br />years of Mainstream Support and five years of Extended Support for <br />Business and Developer products. Microsoft will continue to provide <br />security update support, at a supported Service Pack level, for a <br />minimum of ten years through the Extended support phase. For more <br />information about the Microsoft Support Lifecycle, visit <br />
http://support.microsoft.com/lifecycle/ or contact your Technical <br />Account Manager.<br /><br />Additional Resources:<br />=====================<br />* Microsoft has created a free monthly e-mail newsletter containing<br /> valuable information to help you protect your network. This<br /> newsletter provides practical security tips, topical security<br /> guidance, useful resources and links, pointers to helpful<br /> community resources, and a forum for you to provide feedback<br /> and ask security-related questions.<br /> You can sign up for the newsletter at:<br /><br />
http://www.microsoft.com/technet/security/secnews/default.mspx<br /><br />* Microsoft has created a free e-mail notification service that<br /> serves as a supplement to the Security Notification Service<br /> (this e-mail). The Microsoft Security Notification Service: <br /> Comprehensive Version. It provides timely notification of any <br /> minor changes or revisions to previously released Microsoft <br /> Security Bulletins and Security Advisories. This new service <br /> provides notifications that are written for IT professionals and <br /> contain technical information about the revisions to security <br /> bulletins. To register visit the following Web site:<br /><br />
http://www.microsoft.com/technet/security/bulletin/notify.mspx<br /><br />* Join Microsoft's webcast for a live discussion of the technical<br /> details of these security bulletins and steps you can take<br /> to protect your environment. Details about the live webcast<br /> can be found at: <br /><br />
www.microsoft.com/technet/security/bulletin/summary.mspx<br /><br /> The on-demand version of the webcast will be available 24 hours<br /> after the live webcast at:<br /><br />
www.microsoft.com/technet/security/bulletin/summary.mspx<br /><br />* Protect your PC: Microsoft has provided information on how you<br /> can help protect your PC at the following locations:<br /><br />
http://www.microsoft.com/security/protect/<br /><br /> If you receive an e-mail that claims to be distributing a<br /> Microsoft security update, it is a hoax that may be distributing a<br /> virus. Microsoft does not distribute security updates through<br /> e-mail. You can learn more about Microsoft's software distribution<br /> policies here:<br /> <br />
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx<br /><br />Acknowledgments:<br />================<br />Microsoft thanks the following for working with us to protect<br />customers:<br /><br />- Andres Tarasco of SIA Group.<br /> (
http://www.siainternational.com/)<br /> for working with Microsoft on the issue described in MS06-011.<br /><br />- Ollie Whitehouse of Symantec.<br /> (
http://symantec.com/)<br /> for reporting the issue described in MS06-012.<br /><br />- Peter Winter-Smith of NGS Software.<br /> (
http://www.ngssoftware.com)<br /> for reporting the issue described in MS06-012.<br /><br />- Tipping Point and the Zero Day Initiative.<br />
http://www.zerodayinitiative.com)" target="_blank">http:/
/www.tippingpoint.com/)(http://www.zerodayinitiative.com)<br /> for reporting the issue described in MS06-012.<br /><br />- Dejun of Fortinet Security Response Team.<br /> (http://www.fortinet.com/)<br /> for reporting the issue described in MS06-012.<br /><br />- Eyas of XFOCUS Security Team.<br /> (http://www.xfocus.org)<br /> for reporting the issue described in MS06-012.<br /><br />- FelicioX.<br /> (feliciox@gmail.com)<br /> for working with Microsoft on the issue described in MS06-012.<br /><br />********************************************************************<br />THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS<br />PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT<br />DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING<br />THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR<br />PURPOSE.<br />IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE<br />LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,<br />INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL<br />DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN<br />ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.<br />SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY<br />FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING<br />LIMITATION MAY NOT APPLY.<br />********************************************************************<br /><br /><br />* Microsoft Security Response Center <secure@microsoft.com><br />* 0xF7ABDDE6 - Unverified (L)
