-----BEGIN PGP SIGNED MESSAGE-----<br />Hash: SHA1<br /><br />********************************************************************<br />Title: Microsoft Security Bulletin Summary for July 2006<br />Issued: July 11, 2006<br />Version Number: 1.0<br />Bulletin:
http://go.microsoft.com/fwlink/?LinkId=69768<br />********************************************************************<br /><br />Summary:<br />========<br />This advisory contains information about all security updates<br />released this month. It is broken down by security bulletin severity.<br /><br />Critical Security Bulletins<br />===========================<br /><br />MS06-035 - Vulnerability in Server Service Could Allow Remote Code<br />Execution<br /> (917159)<br /><br /> - Affected Software: <br /> - Windows Server 2003 Service Pack 1<br /> - Windows Server 2003<br /> - Windows Server 2003 with SP1 for Itanium-based Systems <br /> - Windows Server 2003 for Itanium-based Systems <br /> - Windows Server 2003 x64 Edition<br /> - Windows XP Professional Service Pack 2<br /> - Windows XP Professional Service Pack 1<br /> - Windows XP Professional x64 Edition<br /> - Windows XP Home Service Pack 2<br /> - Windows XP Home Service Pack 1<br /> - Windows 2000 Service Pack 4<br /><br /> - Impact: Remote Code Execution<br /> - Version Number: 1.0<br /><br /><br />MS06-036 - Vulnerability in DHCP Client Service Could Allow Remote<br />Code<br /> Execution (914388)<br /><br /> - Affected Software: <br /> - Windows Server 2003 Service Pack 1<br /> - Windows Server 2003<br /> - Windows Server 2003 with SP1 for Itanium-based Systems <br /> - Windows Server 2003 for Itanium-based Systems <br /> - Windows Server 2003 x64 Edition<br /> - Windows XP Professional Service Pack 2<br /> - Windows XP Professional Service Pack 1<br /> - Windows XP Professional x64 Edition<br /> - Windows XP Home Service Pack 2<br /> - Windows XP Home Service Pack 1<br /> - Windows 2000 Service Pack 4<br /><br /> - Impact: Remote Code Execution<br /> - Version Number: 1.0<br /><br /><br />MS06-037 - Vulnerabilities in Microsoft Excel Could Allow Remote Code<br />Execution<br /> (917285)<br /><br /> - Affected Software: <br /> - Excel 2003<br /> - Excel Viewer 2003<br /> - Excel 2002<br /> - Excel 2000<br /> - Excel v.X for Mac<br /> - Excel 2004 for Mac<br /><br /> - Impact: Remote Code Execution<br /> - Version Number: 1.0<br /><br /><br />MS06-038 - Vulnerabilities in Microsoft Office Could Allow Remote<br />Code Execution<br /> (917284)<br /><br /> - Affected Software: <br /> - Office 2003 Service Pack 2<br /> - Office 2003 Service Pack 1<br /> - Office XP Service Pack 3<br /> - Office 2000 Service Pack 3<br /> - Office v.X for Mac<br /> - Office 2004 for Mac<br /> - Project 2002<br /> - Project 2000<br /> - Visio 2002<br /> - Works Suite 2006<br /> - Works Suite 2005<br /> - Works Suite 2004<br /><br /> - Impact: Remote Code Execution<br /> - Version Number: 1.0<br /><br /><br />MS06-039 - Vulnerabilities in Microsoft Office Filters Could Allow<br />Remote Code<br /> Execution (915384)<br /><br /> - Affected Software: <br /> - Office 2003 Service Pack 2<br /> - Office 2003 Service Pack 1<br /> - Office XP Service Pack 3<br /> - Office 2000 Service Pack 3<br /> - Project 2002<br /> - Project 2000<br /> - Works Suite 2006<br /> - Works Suite 2005<br /> - Works Suite 2004<br /><br /> - Impact: Remote Code Execution<br /> - Version Number: 1.0<br /><br /><br />Important Security Bulletins<br />============================<br /><br />MS06-033 - Vulnerability in ASP.NET Could Allow Information<br />Disclosure (917283)<br /><br /> - Affected Software: <br /> - Windows Server 2003 Service Pack 1<br /> - Windows Server 2003<br /> - Windows Server 2003 with SP1 for Itanium-based Systems <br /> - Windows Server 2003 for Itanium-based Systems <br /> - Windows Server 2003 x64 Edition<br /> - Windows XP Professional Service Pack 2<br /> - Windows XP Professional Service Pack 1<br /> - Windows XP Professional x64 Edition<br /> - Windows XP Home Service Pack 2<br /> - Windows XP Home Service Pack 1<br /> - Windows 2000 Service Pack 4<br /> - .NET Framework 2.0<br /><br /> - Impact: Information Disclosure<br /> - Version Number: 1.0<br /><br /><br />MS06-034 - Vulnerability in Microsoft Internet Information Services<br />using Active<br /> Server Pages Could Allow Remote Code Execution (917537)<br /><br /> - Affected Software: <br /> - Windows Server 2003 Service Pack 1<br /> - Windows Server 2003<br /> - Windows Server 2003 with SP1 for Itanium-based Systems <br /> - Windows Server 2003 for Itanium-based Systems <br /> - Windows Server 2003 x64 Edition<br /> - Windows XP Professional Service Pack 2<br /> - Windows XP Professional Service Pack 1<br /> - Windows XP Professional x64 Edition<br /> - Windows 2000 Service Pack 4<br /><br /> - Impact: Remote Code Execution<br /> - Version Number: 1.0<br /><br /><br />Update Availability:<br />===================<br />Updates are available to address these issues.<br />For additional information, including Technical Details,<br />Workarounds, answers to Frequently Asked Questions,<br />and Update Deployment Information please read<br />the Microsoft Security Bulletin Summary for this<br />month at:
http://go.microsoft.com/fwlink/?LinkId=69768<br /><br />Support:<br />========<br />Technical support is available from Microsoft Product Support<br />Services at 1-866-PC SAFETY (1-866-727-2338). There is no<br />charge for support calls associated with security updates.<br />International customers can get support from their local Microsoft<br />subsidiaries. Phone numbers for international support can be found<br />at:
http://support.microsoft.com/common/international.aspx<br /> <br />Microsoft Support Lifecycle for Business and Developer Software<br />===============================================================<br />The Microsoft Support Lifecycle policy provides consistent and <br />predictable guidelines for product support availability at the <br />time that the product is released. Under this policy, Microsoft <br />will offer a minimum of ten years of support. This includes five <br />years of Mainstream Support and five years of Extended Support for <br />Business and Developer products. Microsoft will continue to provide <br />security update support, at a supported Service Pack level, for a <br />minimum of ten years through the Extended support phase. For more <br />information about the Microsoft Support Lifecycle, visit <br />
http://support.microsoft.com/lifecycle/ or contact your Technical <br />Account Manager.<br /><br />Additional Resources:<br />=====================<br />* Microsoft has created a free monthly e-mail newsletter containing<br /> valuable information to help you protect your network. This<br /> newsletter provides practical security tips, topical security<br /> guidance, useful resources and links, pointers to helpful<br /> community resources, and a forum for you to provide feedback<br /> and ask security-related questions.<br /> You can sign up for the newsletter at:<br /><br />
http://www.microsoft.com/technet/security/secnews/default.mspx<br /><br />* Microsoft has created a free e-mail notification service that<br /> serves as a supplement to the Security Notification Service<br /> (this e-mail). The Microsoft Security Notification Service: <br /> Comprehensive Version. It provides timely notification of any <br /> minor changes or revisions to previously released Microsoft <br /> Security Bulletins and Security Advisories. This new service <br /> provides notifications that are written for IT professionals and <br /> contain technical information about the revisions to security <br /> bulletins. To register visit the following Web site:<br /><br />
http://www.microsoft.com/technet/security/bulletin/notify.mspx<br /><br />* Join Microsoft's webcast for a live discussion of the technical<br /> details of these security bulletins and steps you can take<br /> to protect your environment. Details about the live webcast<br /> can be found at: <br /><br />
www.microsoft.com/technet/security/bulletin/summary.mspx<br /><br /> The on-demand version of the webcast will be available 24 hours<br /> after the live webcast at:<br /><br />
www.microsoft.com/technet/security/bulletin/summary.mspx<br /><br />* Protect your PC: Microsoft has provided information on how you<br /> can help protect your PC at the following locations:<br /><br />
http://www.microsoft.com/security/protect/<br /><br /> If you receive an e-mail that claims to be distributing a<br /> Microsoft security update, it is a hoax that may be distributing a<br /> virus. Microsoft does not distribute security updates through<br /> e-mail. You can learn more about Microsoft's software distribution<br /> policies here:<br />
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx<br /><br />Acknowledgments:<br />================<br />Microsoft thanks the following for working with us to protect<br />customers:<br /><br />- - Pedram Amini of the TippingPoint Security Research Team in<br />collaboration with<br /> H D Moore<br /> (
http://www.tippingpoint.com/security/)<br /> for reporting an issue described in MS06-035.<br /><br />- - Shaun Colley of NGSS Consulting<br /> (
http://www.ngssoftware.com/)<br /> for reporting an issue described in MS06-037.<br /><br />- - Mariano Nuņez Di Croce of Cybsec Security Systems<br /> (
http://www.cybsec.com/)<br /> for reporting an issue described in MS06-036.<br /><br />- - Arnaud Dovi<br /> (ad@heapoverflow.com)<br /> for reporting an issue described in MS06-037.<br /><br />- - Arnaud Dovi working with Zero Day Initiative (ZDI) and TippingPoint<br /> (
http://www.zerodayinitiative.com/)<br /> (
http://www.tippingpoint.com/)<br /> for reporting an issue described in MS06-037.<br /><br />- - Urs Eichmann of PRISMA Informatik<br /> (
http://www.prismanet.ch/)<br /> for reporting an issue described in MS06-033.<br /><br />- - Elia Florio of Symantec<br /> (
http://www.symantec.com/)<br /> for reporting an issue described in MS06-038.<br /><br />- - Fortinet<br /> (
http://www.fortinet.com/)<br /> for reporting an issue described in MS06-039.<br /><br />- - Costin Ionescu of Symantec<br /> (
http://www.symantec.com/)<br /> for reporting an issue described in MS06-037.<br /><br />- - Brett Moore of Security-Assessment.com<br /> (
http://www.security-assessment.com/)<br /> for reporting an issue described in MS06-034.<br /><br />- - NSFocus Security Team<br /> (
http://www.nsfocus.com/)<br /> for reporting issues described in MS06-037 and MS06-039.<br /><br />- - Xin Ouyang of Nevis Networks<br /> (
http://www.nevisnetworks.com/)<br /> for reporting an issue described in MS06-037.<br /><br />- - Posidron<br /> (posidron@tripbit.net)<br /> for reporting an issue described in MS06-037.<br /><br />- - Nicolas Pouvesle of Tenable Network Security<br /> (
http://www.tenablesecurity.com/)<br /> for reporting an issue described in MS06-035.<br /><br />- - Mike Price and Rafal Wojtczuk of McAfee Avert Labs<br /> (
http://www.mcafee.com/us/threat_center/)<br /> for reporting an issue described in MS06-035.<br /><br />- - Sowhat of Nevis Labs<br /> (isowhat@gmail.com)<br /> for reporting an issue described in MS06-037.<br /><br /><br />********************************************************************<br />THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS<br />PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT<br />DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING<br />THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR<br />PURPOSE.<br />IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE<br />LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,<br />INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL<br />DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN<br />ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.<br />SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY<br />FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING<br />LIMITATION MAY NOT APPLY.<br />********************************************************************<br /><br />-----BEGIN PGP SIGNATURE-----<br />Version: PGP 8.1<br /><br />iQIVAwUBRLQJthCvwTv3q93mAQLZ5w//YBws3FO4m3DRjsNsDSIF5Ve76X6SEELY<br />lExxjbqdmsauU+jicZfWtZXCLaMlbRXHjoMICAhNJBiQkG9hPlLx7S7n9M3blpfj<br />5SIVkyor42rQFOnSVqMOi+mIC2G3fJ2773OBndZwh23wcklU8Iji9id1hLk4fORS<br />SVZqtVRS13HhGPA1puCI7CsimxpXBfNjLNqs2/MQZTnUf7cCYsShd3twJnQZeGPw<br />1LPQqnU14ln9UQ8zmhhBQzuzXAUdbdAFrvwJ69SORswLbqlttgqDwknhwWL/D36h<br />qKbUczbw7bdeJl1OpOJQ7zmy1/xOubB+ez2abML0RxRc9VRpRHcyRJ3gg3W+GF3b<br />CMiZy2B0hE7iF4YdOPmeWWnkvLrU/tMFnWTiA6pv+Er+2WnZlOWPXvZmKKTea72I<br />ujoNU+EVP11mgGRYiut5I3a9lgmvwjTcT/Hm0cv97mdoXo+uFh71b1fuyJHMZ/z+<br />MLMoRNvKZTv7svDRu2LkrTseJFiR9B/q2Z9UDJnhRtrGl9xRyCSOBWkdIqhmSMTw<br />bDureFgEWEhjEQo1VyjJ92VqklWP0MCcvDvX/wcU5AP9BU4OQAAtSiu5M2Kavny8<br />5sVs7+3TWomfiif2POKRJfzvNDHe8EwBR8hHBCulmW/HmzVu2Sz4ufMrLPPnfm5q<br />CuwuOjMgLgQ=<br />=IWUW<br />-----END PGP SIGNATURE-----<br /><br /><br />To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at the Microsoft.com web site <http://www.microsoft.com/misc/unsubscribe.htm>. You can manage all your Microsoft.com communication preferences at this site.<br /><br />Legal Information <http://www.microsoft.com/info/legalinfo/default.mspx>.<br /><br />This newsletter was sent by the Microsoft Corporation<br />1 Microsoft Way<br />Redmond, Washington, USA<br />98052
