copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » By Operating... » Windows (all) » AU-2006.0018 -- AusCERT Update - [Win] - MS06-011 - ...
 

AU-2006.0018 -- AusCERT Update - [Win] - MS06-011 - Microsoft Security Bulletin Re-Release
Date: 15 June 2006
References: ESB-2006.0193  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

AusCERT Update AU-2006.0018 - [Win]
MS06-011 - Microsoft Security Bulletin Re-Release
15 June 2006

        AusCERT Update Summary
        ----------------------

Publisher:            Microsoft
Operating System:     Windows XP SP1
                      Windows Server 2003
Impact:               Increased Privileges
Access:               Existing Account
CVE Names:            CVE-2006-0023

Ref:                  ESB-2006.0193

Original Bulletin:    
  http://www.microsoft.com/technet/security/bulletin/ms06-011.mspx

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: June 13, 2006
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment. 
Please see the appropriate bulletin for more details.

  * MS06-011

Bulletin Information:
=====================

* MS06-011

 - http://www.microsoft.com/technet/security/bulletin/ms06-011.mspx
 - Reason for Revision: This update has been revised to include
    updated registry key values for the NetBT, RemoteAccess, and
    TCPIP services.  These values have been modified to be the
    same as Windows XP Service Pack 2 on Windows XP Service Pack
    1 systems, and the same as Windows 2003 Service Pack 1 on
    Windows 2003 systems with no service pack applied.  Customers
    are encouraged to apply this revised update for additional
    security from privilege elevation through the these services
    as described in the Vulnerability Details section of this
    security bulletin.  
 - Originally posted: March 14, 2006
 - Updated: June 13, 2006
 - Bulletin Severity Rating: Important
 - Version: 2.0
        
********************************************************************

Support:
========
Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131

International customers can get support from their local Microsoft
subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

Microsoft Support Lifecycle for Business and Developer Software
===============================================================
The Microsoft Support Lifecycle policy provides consistent and 
predictable guidelines for product support availability at the 
time that the product is released. Under this policy, Microsoft 
will offer a minimum of ten years of support. This includes five 
years of Mainstream Support and five years of Extended Support for 
Business and Developer products. Microsoft will continue to provide 
security update support, at a supported Service Pack level, for a 
minimum of ten years through the Extended support phase. For more 
information about the Microsoft Support Lifecycle, visit 
http://support.microsoft.com/lifecycle/ or contact your Technical 
Account Manager.


Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
  valuable information to help you protect your network. This
  newsletter provides practical security tips, topical security
  guidance, useful resources and links, pointers to helpful
  community resources, and a forum for you to provide feedback
  and ask security-related questions.
  You can sign up for the newsletter at:

  http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
  serves as a supplement to the Security Notification Service
  (this e-mail). The Microsoft Security Notification Service: 
  Comprehensive Version. It provides timely notification of any 
  minor changes or revisions to previously released Microsoft 
  Security Bulletins and Security Advisories. This new service 
  provides notifications that are written for IT professionals and 
  contain technical information about the revisions to security 
  bulletins. To register visit the following Web site:

  http://www.microsoft.com/technet/security/bulletin/notify.mspx

* Protect your PC: Microsoft has provided information on how you
  can help protect your PC at the following locations:

  http://www.microsoft.com/security/protect/

  If you receive an e-mail that claims to be distributing a
  Microsoft security update, it is a hoax that may be distributing a
  virus. Microsoft does not distribute security updates through
  e-mail. You can learn more about Microsoft's software distribution
  policies here:
  
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

********************************************************************
THE INFORMATION PROVIDED IN THE THIS EMAIL IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************

- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBRI83VBCvwTv3q93mAQKcig/+JneaP3yUZjGvWDbeBJWLBAeeabcIYXrS
qqbYJsY4QEP16bzKfSq80dwwe7CGMfxnRgR8oiqNZzIMyhIxVgrbzr+5sIvmt2c4
W/u7v8PQTnGN+RYZVvClWHW+ffwHFtz/QIPeTgXtVCmkOmMM7ePojp1um+MocpD9
yUwLw/sAu2JyvbMR7AFKTEyHZMU0rdBSNK0mRgXExwY3+c4O6LySB+VWKwU1qWN7
LknarMI5+vbBwkeMrLTJS85D+iyApDton4mYThk2PDVTfP9/1+vmpEiDrY+DkIY2
qOGHJ38hVNlb15Yh4g+jFukDlsUC9h1eqtG4eaedbOrhhHeUs5wxqPwqTFputp6q
nD8avk5MtMyIF+Ge90PvZj2UKpvsJzp6p/DozAVUZm86A8CWa5nHky/JszaMCU0V
MfI4CIFTKgF35BNGU1c6gBbH9n1kROvzbDRCn/hE+GCNYv/iQETkERGmBb6H9BuM
16Ef9vYt7cOCKN5JvwB3qfUNPNMoODu0qs9GTwdTd3nBRVXUOLdDtKHWGx7YOohE
WwQa4vYBCSvWnHkEc8Bn2Oe1QNfQm1CmRgNlO+nBr7TbqnXm+bPZk3JyX2Ycgs1R
K6tPOku0tFgB0RRJb8tUMWEddxaS5VvKyXnMnPYMaFMux92oEurIltQGhrTFnR//
OitmN79b/YY=
=2yvL
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRJDheSh9+71yA2DNAQKNtwP+M6xovGOkBzHlQP5qnvJABvviLS2RUPkO
JasWeicRJAl9zyFHz7CHIfjrdw0VyOuLXrJXg0tqcCWVHWhHdUoPO1alCF8pmfWK
/YxGRE6NahWTu5yjdlZ/PJ/NMaoVSCsPosoJtmxxSdLlFc9bTMU1Zafj6VVZrqBc
ZZe34LtezTY=
=qr8z
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=21&it=6406