Thursday, October 19, 2006

Alert - Security Bulletin MS06-061 Re-Release

Microsoft updated Security Bulletin MS06-061: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191) to include information detailed in the Summary section below.

========================================
Summary
========================================

• On Thursday, October 19th, Microsoft issued a targeted re-release of the MS06-061 update for Windows 2000. While the original version of this security update for Windows 2000 did protect against all vulnerabilities discussed in the bulletin, it did not correctly set the kill bit for Microsoft XML Parser 2.6.

• The new version of MS06-061 for Windows 2000 protects against all vulnerabilities discussed in the bulletin and correctly sets the kill bit for Microsoft XML Parser 2.6.

Questions & Answers

  • Why did Microsoft reissue this bulletin on October 19, 2006?
The original version of this security update for Windows 2000 did protect against all vulnerabilities discussed in the bulletin; however, it did not correctly set the kill bit for Microsoft XML Parser 2.6.
  • What is the scope of the vulnerability?
If the vulnerability that was addressed by MS06-061 was successfully exploited, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.
  • What systems are primarily at risk from the vulnerability addressed by MS06-061?
Microsoft Windows 2000 is primarily at risk from the vulnerability.
  • What does the update do?
The new version of MS06-061 for Windows 2000 protects against the vulnerabilities discussed in the bulletin and correctly sets the kill bit for Microsoft XML Parser 2.6.
  • What can you tell me about MS06-061?
Today, October 19, 2006, Microsoft issued a targeted re-release of the MS06-061 update for Windows 2000. While the original version of this security update for Windows 2000 did protect against all vulnerabilities discussed in the bulletin, it did not correctly set the kill bit for Microsoft XML Parser 2.6. The new version of MS06-061 for Windows 2000 protects against all vulnerabilities discussed in the bulletin and correctly sets the kill bit for Microsoft XML Parser 2.6. Windows 2000 customers should deploy the new version of this update.
  • What is the nature of the problem?
While the original version of this security update for Windows 2000 did protect against all vulnerabilities discussed in the bulletin, it did not correctly set the kill bit for Microsoft XML Parser 2.6.
  • Are there any active exploits out for MS06-061?
No. Microsoft has not received any information to indicate that this vulnerability had been publicly used to attack customers.
.

No comments: