Skip navigation
Menu
End-User Platforms>Windows 7/8

6 Microsoft Security Bulletins for November 2006

Microsoft released six security updates, five of which replace updates released in prior security bulletins. Microsoft rates five of these updates as critical. Here's a brief description of each update; for more information, go to

http://www.microsoft.com/technet/security/bulletin/ms06-nov.mspx

MS06-067--Cumulative Security Update for Internet Explorer

This bulletin replaces bulletin MS06-042. It provides updates that block remote code execution attacks propagated through Web pages. The severity of the attack will depend on the privileges of the logged-on user.

Applies to: IE in Windows Server 2003, Windows XP, and Windows 2000.

Recommendation: Test and install as quickly as possible.

MS06-068--Vulnerability in Microsoft Agent Could Allow Remote Code Execution

This bulletin replaces bulletin MS05-032. It relates to a remote code execution vulnerability that can be exploited through specially crafted .acf files. The attack vector would be a specially crafted Web page.

Applies to: Windows Server 2003, Windows XP, and Windows 2000.

Recommendation: Test and install as quickly as possible.

MS06-069--Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution

This vulnerability is in the version of Flash Player that ships with Windows XP. Updating to the most recent version of Flash or applying this update will resolve this vulnerability.

Applies to: Windows XP.

Recommendation: Test and install as part of the normal patch management cycle.

MS06-070--Vulnerabilities in Workstation Service Could Allow Remote Code Execution

This bulletin replaces bulletins MS03-049 and MS06-040. A remote code execution vulnerability exists in the workstation service. The attacker would need to send specifically crafted traffic to the target computer in order to exploit this vulnerability. Clients behind good firewalls would be protected.

Applies to: Windows XP and Windows 2000.

Recommendation: Test and install as part of the normal patch management cycle.

MS06-071--Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution

This bulletin replaces last month's MS06-061. The attack vector is a specially crafted Web page or email message. If a user access the Web page or email message, remote code could be executed.

Applies to: XML Core Services.

Recommendation: Test and install as part of the normal patch management cycle.

MS06-066: Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution

This bulletin replaces MS05-046. This vulnerability applies only to environments that use NetWare. Exploitation of this vulnerability could allow remote code to be executed by an attacker.

Applies to: NetWare in Windows Server 2003, Windows XP, and Windows 2000.

Recommendation: If your organization uses NetWare, test and deploy as part of your normal patch management cycle.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
PowerShell screenshot shows Where-Object cmdlet
How to Use the PowerShell Where-Object Cmdlet
Aug 04, 2022
shield_icon_laptop.jpg
What To Do When Windows Defender Is Not Working
Mar 15, 2022
Computer Screen Showing Password Dialog Box
Microsoft Edge Downloads Updated for Azure AD Sign-In & Sync
Aug 22, 2019
mktg-wp-nolabel5
How to Approach the Windows 7 to 10 Migration
Aug 01, 2019