copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » By Operating... » Windows (all) » AU-2006.0039 -- AusCERT Update - [Win] - Re-release ...
 

AU-2006.0039 -- AusCERT Update - [Win] - Re-release of software update for MS06-061
Date: 20 October 2006
References: AL-2006.0092  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

AusCERT Update AU-2006.0039 - [Win]
Re-release of software update for MS06-061
20 October 2006

        AusCERT Update Summary
        ----------------------

Product:              Microsoft XML Parser 2.6
                      Microsoft XML Core Services 3.0, 4.0 and 6.0
                      Microsoft Office 2003 SP1 or SP2 with XML Core Services 5.0 SP1
Publisher:            Microsoft
Operating System:     Windows
Impact:               Execute Arbitrary Code/Commands
                      Access Confidential Data
Access:               Remote/Unauthenticated
CVE Names:            CVE-2006-4685 CVE-2006-4686

Ref:                  AL-2006.0092

Original Bulletin:    
  http://www.microsoft.com/technet/security/Bulletin/ms06-061.mspx

Comment: The original security update fixing MS06-061 did not correctly
         set the kill bit on the XML Parser 2.6 ActiveX control.
         This re-released update fixes this issue.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: October 19, 2006
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment. 
Please see the appropriate bulletin for more details.

  * MS06-061

Bulletin Information:
=====================

* MS06-061

 - http://www.microsoft.com/technet/security/bulletin/ms06-061.mspx
 - Reason for Revision: Bulletin Updated: This bulletin has been
    re-released to re-offer the security update to customers with
    Windows 2000 Service Pack 4. The security update previously
    did not correctly set the kill bit for Microsoft XML Parser
    2.6. Additional information has also been included for
    customers wishing to remove the security update for Microsoft
    XML Core Services 4.0 and Microsoft XML Core Services 6.0.  
 - Originally posted: 
 - Updated: October 19, 2006
 - Bulletin Severity Rating: Critical
 - Version: 2.0
        
********************************************************************

Support:
========
Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131

International customers can get support from their local Microsoft
subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

Microsoft Support Lifecycle for Business and Developer Software
===============================================================
The Microsoft Support Lifecycle policy provides consistent and 
predictable guidelines for product support availability at the 
time that the product is released. Under this policy, Microsoft 
will offer a minimum of ten years of support. This includes five 
years of Mainstream Support and five years of Extended Support for 
Business and Developer products. Microsoft will continue to provide 
security update support, at a supported Service Pack level, for a 
minimum of ten years through the Extended support phase. For more 
information about the Microsoft Support Lifecycle, visit 
http://support.microsoft.com/lifecycle/ or contact your Technical 
Account Manager.


Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
  valuable information to help you protect your network. This
  newsletter provides practical security tips, topical security
  guidance, useful resources and links, pointers to helpful
  community resources, and a forum for you to provide feedback
  and ask security-related questions.
  You can sign up for the newsletter at:

  http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
  serves as a supplement to the Security Notification Service
  (this e-mail). The Microsoft Security Notification Service: 
  Comprehensive Version. It provides timely notification of any 
  minor changes or revisions to previously released Microsoft 
  Security Bulletins and Security Advisories. This new service 
  provides notifications that are written for IT professionals and 
  contain technical information about the revisions to security 
  bulletins. To register visit the following Web site:

  http://www.microsoft.com/technet/security/bulletin/notify.mspx

* Protect your PC: Microsoft has provided information on how you
  can help protect your PC at the following locations:

  http://www.microsoft.com/security/protect/

  If you receive an e-mail that claims to be distributing a
  Microsoft security update, it is a hoax that may be distributing a
  virus. Microsoft does not distribute security updates through
  e-mail. You can learn more about Microsoft's software distribution
  policies here:
  
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

********************************************************************
THE INFORMATION PROVIDED IN THE THIS EMAIL IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************

- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBRTey/hCvwTv3q93mAQIczg/6A4wrgVajDFqbjaLjcUlaJnit6r/P6n15
Dh2Jy95oVUyj4K5tzhdJmS1TICkdFPvj3Bg2qitgJGoGAY+FLj1Vaqv7i5VI2Pd/
k93hi8YuJWP9gtBj3nLT+01s3vUb4tRvjamzl3nZYJpWV3SUOdjUT4nxjxbnaMHz
GoobuBrA26YkozPguIATEnYA1ob7zinFpko+eQjrdFzRzDeSBV4PJphZ88ZT31m5
hAqptaQdkkgUhMeFlDo9o1OFZRY1P+bIGbr+8pwqRvAwMVCFqYdfMAhrf/fubnjw
DAU9iQlScrqU0bEB90Wm5LhMGJOrY/8ny3bCfTixfYEo4xDiK7FwhaDLsW/O4fmg
2wksBhDO3RwfVbWSNnnSaVyFEarH4L6aJ/o9Gs7BEjqKFuUWB6RR8Vrpcugxb5hH
theRg1hkbg5PfOynDucVtvzygttDzbiGXXs4GcTo5J3XLdWm3YDRTrj+XHCFaiaN
JkCGetleZDqCujZWIQLQ/yQgtgg9cUoSsTaHX7J1yK+Q1XXjoP4vAKB2rWChr0r3
pLl5TqStBUTsy/u22wAfNF/Hp70jpnmvuI/gm+y+mgX5mPvHQuboCZrGR2NRZIzz
heOZbKE1onUIHQ45usrBBLnrhQHZsy/OAwZ50j8YhTkZWeU99ndOcsbnPSgW37XL
zauJgZzRKo8=
=0Xvh
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRThNtSh9+71yA2DNAQKYGgP+OfE06Z6DK4sKQ7wBb+7hOl0IlwyUxZfy
9J1WU6mUNer40jyHJbHuPXvUb6jU+BzKEwc8kAxJJvjzwMPqtcVcFwlfULkX2/NB
mCO2vq5E/Tny0hCGng+RF7Q5gGhmdaBpdg2aJy2WFdAXvygbB06D6jkEnG5J6fmT
0ydPg9kn3JQ=
=EAiJ
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=21&it=6895