These remaining updates are both critical and important. They either present a low-level threat or haven't been the target of an active exploit, making them less dangerous than the first four.
MS06-041
Microsoft
Security Bulletin MS06-041, "Vulnerabilities in DNS Resolution Could
Allow Remote Code Execution," fixes two vulnerabilities: Winsock Hostname
Vulnerability (CVE-2006-3440) and DNS Client Buffer Overrun Vulnerability (CVE-2006-3441). Both are remote code execution threats.
This update affects Windows 2000 Service Pack 4, all versions of Windows XP, and all versions of Windows Server 2003. This is a critical threat for all affected versions. Both vulnerabilities are previously undisclosed threats, and there had been no reports of active exploits for either at the time of publishing.
In addition, an attacker can only exploit the buffer overrun vulnerability on a subnet between the host and the DNS server. Workarounds include blocking DNS record types ATMA, TXT, X25, HINFO, and ISDN DNS at network gateways.
A workaround for the Winsock vulnerability is to modify the Autodial DLL in the registry. See the security bulletin for more details.
MS06-043
Microsoft
Security Bulletin MS06-043, "Vulnerability in Microsoft Windows Could
Allow Remote Code Execution," addresses the MHTML Parsing Vulnerability (CVE-2006-2766).
While this is a critical threat, it only affects Outlook Express 6 on Windows XP
SP2 (including the x64 version) and Outlook Express 6 on Windows Server 2003
SP1 (also including the x64 version).
This is a publicly disclosed threat, but there had been no reports of active exploits at the time of publishing. Internet Explorer runs in a restricted security mode on Windows Server 2003, and Outlook Express opens HTML e-mails in the Restricted Sites security zone; both factors mitigate the potential risk.
MS06-044
Microsoft
Security Bulletin MS06-044, "Vulnerability in Microsoft Management
Console Could Allow Remote Code Execution," fixes the MMC Redirect
Cross-Site Scripting Vulnerability (CVE-2006-3643). This is a newly disclosed threat, and there
had been no reports of active exploits at the time of publishing.
While this is a critical threat, it only affects Windows 2000 SP4. The best way to mitigate this threat is to run IE 6. A good workaround is to disable Active Scripting in the My Computer zone.
MS06-046
Microsoft
Security Bulletin MS06-046, "Vulnerability in HTML Help Could Allow
Remote Code Execution," addresses the Buffer Overrun in HTML Help
Vulnerability (CVE-2006-3357).
This is a publicly disclosed threat, and there had been no reports of active
exploits at the time of publishing.
This update affects Windows 2000 SP4, all versions of Windows XP, and all versions of Windows Server 2003. It is a critical threat for Windows 2000 and Windows XP versions, but it's only a moderate threat for Windows Server 2003 versions.
Using the latest, fully patched version of Internet Explorer or Outlook will mitigate this threat, and the security bulletin offers several workarounds. The most useful one is to disable the HTML Help ActiveX control.
MS06-051
Microsoft
Security Bulletin MS06-051, "Vulnerability in Windows Kernel Could
Result in Remote Code Execution," addresses two threats. The User Profile
Elevation of Privilege Vulnerability (CVE-2006-3443) is a low-threat elevation of privilege
threat, while the Unhandled Exception Vulnerability (CVE-2006-3648) is a critical remote code execution threat.
Both vulnerabilities are previously undisclosed threats, and there had been no
reports of active exploits for either at the time of publishing.
This update affects Windows 2000 SP4, all versions of Windows XP, and all versions of Windows Server 2003. Because of the Unhandled Exception Vulnerability, this is a critical threat for all affected versions.
There are multiple mitigating factors. First of all, an attacker would need valid logon credentials to exploit the user profile vulnerability. In addition, applying all patches and leaving Outlook's default setting to open HTML e-mails in the Restricted Sites security zone would block the remote code execution threat.
Well, that sums up this month's critical security bulletins. Now, let's look at the three bulletins rated as important threats.
MS06-045
Microsoft
Security Bulletin MS06-045, "Vulnerability in Windows Explorer Could
Allow Remote Code Execution," fixes the Folder GUID Code Execution
Vulnerability (CVE-2006-3281). While this is a publicly disclosed threat,
there had been no reports of active exploits at the time of publishing.
This update affects Windows 2000 SP4, all versions of Windows XP, and all versions of Windows Server 2003. It's an important threat for all affected versions.
Firewall best practices would likely block an attack on this vector. By default, many programs open HTML e-mails in the Restricted Sites security zone. A workaround is to disable the Web Client service.
MS06-049
Microsoft
Security Bulletin MS06-049, "Vulnerability in Windows Kernel Could
Result in Elevation of Privilege," addresses the Windows 2000 Kernel
Elevation of Privilege vulnerability (CVE-2006-3444). While this is a publicly disclosed threat,
there had been no reports of active exploits at the time of publishing.
As the name implies, this important-rated threat is only an elevation of privilege threat, and it only affects Windows 2000. Valid logon credentials are required to conduct an attack on this vector.
Microsoft reports no workarounds. This security bulletin replaces MS05-055.
MS06-050
Microsoft
Security Bulletin MS06-050, "Vulnerabilities in Microsoft Windows
Hyperlink Object Library Could Allow Remote Code Execution," addresses two
vulnerabilities: Hyperlink Object Buffer Overflow Vulnerability (CVE-2006-3086)
and Hyperlink Object Function Vulnerability (CVE-2006-3438).
While one of these is a publicly disclosed threat, no reports of active
exploits had surfaced for either vulnerability at the time of publishing.
This update affects Windows 2000 SP4, all versions of Windows XP, and all versions of Windows Server 2003. It's an important threat for all affected versions. This security bulletin replaces MS05-015.
Final word
Well, that's definitely a lot of security patches for August.
Looking on the bright side, many of them won't be of too much concern for a lot
of managers.
In my experience, while Windows 2000 still sees heavy use in government, most corporate users have moved on, which eliminates some of the threats entirely. Using best practices will block some others, and there have been no reports of active exploits for any of the ones in this article.
TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to firewalls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.
Ã,©2006 TechRepublic, Inc.
4%
4%
