5 Microsoft Security Bulletins for April 2006

Microsoft released five security bulletins for the month of April:

MS06-013--Cumulative Security Update for Internet Explorer (912812)

MS06-014--Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)

MS06-015--Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)

MS06-016--Cumulative Security Update for Outlook Express (911567)

MS06-017--Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)

The first four of these bulletins are primarily workstation risks. I recommend deploying MS06-013 and MS06-015 as soon as possible. MS06-013 is especially urgent because details of some exploits are public and attackers are already using them.

You might consider workarounds for MS06-014 and MS06-016, rather than deploying the updates for these two bulletins. MS06-014 includes a workaround, and I developed a workaround for MS06-016 (which you can read about at the URL below).

The final bulletin, MS06-017, impacts Microsoft IIS servers running Microsoft FrontPage Server Extensions or Microsoft SharePoint Team Services. Although Microsoft rates the severity of this exposure as only moderate, I recommend loading the update on all affected servers as soon as possible.

For more of my thoughts on all of these bulletins, go to


Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.