* PGP Signed by an unverified key: 05/09/06 at 13:47:06<br /><br />********************************************************************<br />Title: Microsoft Security Bulletin Summary for May 2006<br />Issued: May 9, 2006<br />Version Number: 1.0<br />Bulletin:
http://go.microsoft.com/fwlink/?LinkId=66474<br />********************************************************************<br /><br />Summary:<br />========<br />This advisory contains information about all security updates<br />released this month. It is broken down by security bulletin severity.<br /><br />Critical Security Bulletins<br />===========================<br /><br />MS06-019 - Vulnerability in Microsoft Exchange Could Allow Remote <br /> Code Execution (916803)<br /><br /><br /> - Affected Software: <br /> - Microsoft Exchange Server 2003 Service Pack 1<br /> - Microsoft Exchange Server 2003 Service Pack 2<br /> - Microsoft Exchange Server 2000 with the Exchange 2000 <br /> Post-Service Pack 3 Update Rollup of August 2004<br /><br /> - Impact: Remote Code Execution<br /> - Version Number: 1.0 <br /><br /><br />MS06-020 - Vulnerabilities in Macromedia Flash Player from Adobe <br /> Could Allow Remote Code Execution (913433)<br /><br /><br /> - Affected Software: <br /> - Windows XP Service Pack 1<br /> - Windows XP Service Pack 2<br /><br /> - Review the FAQ section of bulletin MS06-O20 for information <br /> about these operating systems:<br /> - Windows 98<br /> - Windows 98 Second Edition (SE)<br /> - Windows Millennium Edition (ME)<br /><br /> - Impact: Remote Code Execution<br /> - Version Number: 1.0 <br /><br /><br />Moderate Security Bulletins<br />===========================<br /><br />MS06-018 - Vulnerability in Microsoft Distributed Transaction <br /> Coordinator Could Allow Denial of Service (913580)<br /><br /><br /> - Affected Software: <br /> - Windows 2000 Service Pack 4<br /> - Windows XP Service Pack 1<br /> - Windows XP Service Pack 2<br /> - Windows Server 2003<br /> - Windows Server 2003 for Itanium-based Systems<br /><br /> - Impact: Denial of Service<br /> - Version Number: 1.0 <br /><br /><br />Update Availability:<br />===================<br />Updates are available to address these issues.<br />For additional information, including Technical Details,<br />Workarounds, answers to Frequently Asked Questions,<br />and Update Deployment Information please read<br />the Microsoft Security Bulletin Summary for this<br />month at:
http://go.microsoft.com/fwlink/?LinkId=64680<br /><br />Support:<br />========<br />Technical support is available from Microsoft Product Support<br />Services at 1-866-PC SAFETY (1-866-727-2338). There is no<br />charge for support calls associated with security updates.<br />International customers can get support from their local Microsoft<br />subsidiaries. Phone numbers for international support can be found<br />at:
http://support.microsoft.com/common/international.aspx<br /> <br />Microsoft Support Lifecycle for Business and Developer Software<br />===============================================================<br />The Microsoft Support Lifecycle policy provides consistent and <br />predictable guidelines for product support availability at the <br />time that the product is released. Under this policy, Microsoft <br />will offer a minimum of ten years of support. This includes five <br />years of Mainstream Support and five years of Extended Support for <br />Business and Developer products. Microsoft will continue to provide <br />security update support, at a supported Service Pack level, for a <br />minimum of ten years through the Extended support phase. For more <br />information about the Microsoft Support Lifecycle, visit <br />
http://support.microsoft.com/lifecycle/ or contact your Technical <br />Account Manager.<br /><br />Additional Resources:<br />=====================<br />* Microsoft has created a free monthly e-mail newsletter containing<br /> valuable information to help you protect your network. This<br /> newsletter provides practical security tips, topical security<br /> guidance, useful resources and links, pointers to helpful<br /> community resources, and a forum for you to provide feedback<br /> and ask security-related questions.<br /> You can sign up for the newsletter at:<br /><br />
http://www.microsoft.com/technet/security/secnews/default.mspx<br /><br />* Microsoft has created a free e-mail notification service that<br /> serves as a supplement to the Security Notification Service<br /> (this e-mail). The Microsoft Security Notification Service: <br /> Comprehensive Version. It provides timely notification of any <br /> minor changes or revisions to previously released Microsoft <br /> Security Bulletins and Security Advisories. This new service <br /> provides notifications that are written for IT professionals and <br /> contain technical information about the revisions to security <br /> bulletins. To register visit the following Web site:<br /><br />
http://www.microsoft.com/technet/security/bulletin/notify.mspx<br /><br />* Join Microsoft's webcast for a live discussion of the technical<br /> details of these security bulletins and steps you can take<br /> to protect your environment. Details about the live webcast<br /> can be found at: <br /><br />
www.microsoft.com/technet/security/bulletin/summary.mspx<br /><br /> The on-demand version of the webcast will be available 24 hours<br /> after the live webcast at:<br /><br />
www.microsoft.com/technet/security/bulletin/summary.mspx<br /><br />* Protect your PC: Microsoft has provided information on how you<br /> can help protect your PC at the following locations:<br /><br />
http://www.microsoft.com/security/protect/<br /><br /> If you receive an e-mail that claims to be distributing a<br /> Microsoft security update, it is a hoax that may be distributing a<br /> virus. Microsoft does not distribute security updates through<br /> e-mail. You can learn more about Microsoft's software distribution<br /> policies here:<br /> <br />
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx<br /><br />Acknowledgments:<br />================<br />Microsoft thanks the following for working with us to protect<br />customers:<br /><br />- eEye Digital Security (
http://www.eeye.com/html/)<br /> for reporting with an issue described in MS06-018.<br /><br />- Xiao Chen of McAfee (
http://www.mcafee.com/) for reporting an issue<br /> described in MS06-018.<br /><br />- Kai Zhang of VenusTech (
http://www.venustech.com.cn/) for reporting<br /> an issue described in MS06-018.<br /><br />********************************************************************<br />THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS<br />PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT<br />DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING<br />THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR<br />PURPOSE.<br />IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE<br />LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,<br />INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL<br />DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN<br />ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.<br />SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY<br />FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING<br />LIMITATION MAY NOT APPLY.<br />********************************************************************<br /><br /><br />* Microsoft Security Response Center <secure@microsoft.com><br />* 0xF7ABDDE6 - Unverified (L)<br /><br /><br /><br />To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at the Microsoft.com web site <http://www.microsoft.com/misc/unsubscribe.htm>. You can manage all your Microsoft.com communication preferences at this site.<br /><br />Legal Information <http://www.microsoft.com/info/legalinfo/default.mspx>.<br /><br />This newsletter was sent by the Microsoft Corporation<br />1 Microsoft Way<br />Redmond, Washington, USA<br />98052
