|
Sorry for the long message... My instructions should work for XP Pro. Under Windows 2000, you don't see the install date. Here is some text on the MS breaks, er, fixes. You should be able to ID the relevant Knowledge Base KB numbers to the 6 digit numbers in the descriptions and uninstall that way. ======================== New Security Bulletins ======================== Microsoft is releasing the following security bulletins for newly discovered vulnerabilities: * Critical MS06-021 Microsoft Windows Remote Code Execution * Critical MS06-022 Microsoft Windows Remote Code Execution * Critical MS06-023 Microsoft Windows Remote Code Execution * Critical MS06-024 Windows Media Player Remote Code Execution * Critical MS06-025 Microsoft Windows Remote Code Execution * Critical MS06-026 Microsoft Windows Remote Code Execution * Critical MS06-027 Microsoft Word Remote Code Execution * Critical MS06-028 Microsoft PowerPoint Remote Code Execution * Important MS06-029 Microsoft Exchange+ OWA Remote Code Execution * Important MS06-030 Microsoft Windows Elevation of Privilege * Moderate MS06-031 Microsoft Windows Spoofing * Important MS06-032 Microsoft Windows Remote Code Execution The Summary for these new bulletins may be found at the following page: * http://www.microsoft.com/technet/security/bulletin/ms06-Jun.mspx ======================== Re-released Bulletins ======================== In addition, Microsoft is re-releasing the following security bulletin: * Important MS06-011 Microsoft Windows Elevation of Privilege Information on this re-released bulletin may be found at the following page: * http://www.microsoft.com/technet/security/Bulletin/MS06-011.mspx Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable. ======================== Microsoft Windows Malicious Software Removal Tool ======================== Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here: * http://go.microsoft.com/fwlink/?LinkId=40573 ======================== High-Priority Non-Security Updates on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS) ======================== Microsoft is today also making the following High-Priority NON-SECURITY updates available on WU, MU, SUS and/or WSUS: * 914784 Update to improve Kernel patch protection WU/MU * 917149 Update for Outlook 2003 Junk E-Mail Filter MU/WSUS ======================== TechNet Webcast: Information about Microsoft June 2006 Security Bulletins ======================== * Wednesday, 14 June 2006 11:00 AM (GMT-08:00) Pacific Time (US & Canada) * http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US &EventID=1032297371 The on-demand version of the Webcast will be available 24 hours after the live Webcast at: * http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US &EventID=1032297371 ======================== Security Bulletin Details ======================== MS06-021 Title: Cumulative Security Update for Internet Explorer (916281) Affected Software: * Microsoft Windows 2000 Service Pack 4 * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 * Microsoft Windows XP Professional x64 Edition * Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 * Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems * Microsoft Windows Server 2003 x64 Edition * Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) - Review the FAQ section of this bulletin for details about these operating systems. Affected Components: * Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 * Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1 * Internet Explorer 6 for Microsoft Windows XP Service Pack 2 * Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 * Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems * Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition * Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition * Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition - Review the FAQ section of this bulletin for details about this version. Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site: http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle Note: The security updates for Microsoft Windows Server 2003, Windows Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also apply to Windows Server 2003 R2. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Restart requirement: You must restart your system after you apply this security update. Update can be uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel. System administrators can also use the Spuninst.exe utility to remove this security update. More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS06-021.mspx ****************************************************************** MS06-022 Title: Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439) Affected Software: * Microsoft Windows XP Service Pack 1 * Microsoft Windows XP Service Pack 2 * Microsoft Windows XP Professional x64 Edition * Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 * Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems * Microsoft Windows Server 2003 x64 Edition * Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) - Review the FAQ section of this bulletin for details about these operating systems. Affected Components: * Windows 2000 with the Windows 2000 AOL Image Support Update installed: * Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 * Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site: http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle. Note: The security updates for Microsoft Windows Server 2003, Windows Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also apply to Windows Server 2003 R2. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Restart requirement: In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a reboot will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012: http://support.microsoft.com/kb/887012. Update can be uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel. System administrators can also use the Spuninst.exe utility to remove this security update. More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS06-022.mspx ****************************************************************** MS06-023 Title: Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344) Affected Software: * Microsoft Windows 2000 Service Pack 4 * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 * Microsoft Windows XP Professional x64 Edition * Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 * Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems * Microsoft Windows Server 2003 x64 Edition * Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) - Review the FAQ section of this bulletin for details about these operating systems. Affected Components: * Microsoft JScript 5.1 on Microsoft Windows 2000 Service Pack 4 * Microsoft JScript 5.6 and 5.5 when installed on Windows 2000 Service Pack 4 * Microsoft JScript 5.6 on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 * Microsoft JScript 5.6 on Microsoft Windows XP Professional x64 Edition * Microsoft JScript 5.6 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 * Microsoft JScript 5.6 on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems * Microsoft JScript 5.6 on Microsoft Windows Server 2003 x64 Edition * Microsoft JScript 5.6 on Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) - Review the FAQ section of this bulletin for details about these operating systems. Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site: http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle. Note: The security updates for Microsoft Windows Server 2003, Windows Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also apply to Windows Server 2003 R2. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Restart requirement: In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012: http://support.microsoft.com/kb/887012. Update can be uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel. System administrators can also use the Spuninst.exe utility to remove this security update. More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS06-023.mspx ****************************************************************** MS06-024 Title: Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734) Affected Software: * Windows Media Player for XP on Microsoft Windows XP Service Pack 1 * Windows Media Player 9 on Microsoft Windows XP Service Pack 2 * Windows Media Player 10 on Microsoft Windows XP Professional x64 Edition * Windows Media Player 9 on Microsoft Windows Server 2003 * Windows Media Player 10 on Microsoft Windows Server 2003 Service Pack 1 * Windows Media Player 10 on Microsoft Windows Server 2003 x64 Edition * Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) - Review the FAQ section of this bulletin for details about these operating systems. Affected Components: * Microsoft Windows Media Player 7.1 when installed on Windows 2000 Service Pack 4 * Microsoft Windows Media Player 9 when installed on Windows 2000 Service Pack 4 or Windows XP Service Pack 1 * Microsoft Windows Media Player 10 when installed on Windows XP Service Pack 1 or Windows XP Service Pack 2 Non-Affected Software: * Windows Media Player 6.4 on all Microsoft Windows operating systems * Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems Note: The "Affected Software" section applies to Windows Media Player that shipped with a Microsoft Windows operating system. The "Affected Components" section applies to Windows Media Player that was downloaded and installed onto Microsoft Windows. Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site: http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle. Note: The security updates for Microsoft Windows Server 2003, Windows Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also apply to Windows Server 2003 R2. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Restart requirement: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012: http://support.microsoft.com/kb/887012. Update can be uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel. System administrators can also use the Spuninst.exe utility to remove this security update. More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS06-024.mspx ****************************************************************** MS06-025 Title: Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280) Affected Software: * Microsoft Windows 2000 Service Pack 4 * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 * Microsoft Windows XP Professional x64 Edition * Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 * Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems * Microsoft Windows Server 2003 x64 Edition Non-Affected Software: * Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me). Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site: http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle. Note: The security updates for Microsoft Windows Server 2003, Windows Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also apply to Windows Server 2003 R2. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Restart requirement: You must restart your system after you apply this security update. Update can be uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel. System administrators can also use the Spuninst.exe utility to remove this security update. More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS06-025.mspx ****************************************************************** MS06-026 Title: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (918547) Affected Software: * Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) * See "FAQ Related to This Security Update" section in the bulletin for more information. Non-Affected Software: * Microsoft Windows 2000 Service Pack 4 * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 * Microsoft Windows XP Professional x64 Edition * Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 * Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems * Microsoft Windows Server 2003 x64 Edition Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site: http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Restart requirement: You must restart your system after you apply this security update. Update can be uninstalled: Yes More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS06-026.mspx ****************************************************************** MS06-027 Title: Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336) Affected Software: * Microsoft Office 2000 Service Pack 3 * Microsoft Word 2000 * Microsoft Office XP Service Pack 3 * Microsoft Word 2002 * Microsoft Office 2003 Service Pack 1 or Service Pack 2 * Microsoft Word 2003 * Microsoft Word Viewer 2003 * Microsoft Works Suites: * Microsoft Works Suite 2000 * Microsoft Works Suite 2001 * Microsoft Works Suite 2002 * Microsoft Works Suite 2003 * Microsoft Works Suite 2004 * Microsoft Works Suite 2005 * Microsoft Works Suite 2006 Non-Affected Software: * Microsoft Word v. X for Mac * Microsoft Word 2004 for Mac Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site: http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Restart requirement: To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012: http://support.microsoft.com/kb/887012. Update can be uninstalled: This depends on the target application being updated. See the Bulletin for more details. More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS06-027.mspx ****************************************************************** MS06-028 Title: Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768) Affected Software: * Microsoft Office 2000 Service Pack 3 * Microsoft PowerPoint 2000 * Microsoft Office XP Service Pack 3 * Microsoft PowerPoint 2002 * Microsoft Office 2003 Service Pack 1 or Service Pack 2 * Microsoft PowerPoint 2003 * Microsoft Office 2004 for Mac * Microsoft PowerPoint 2004 for Mac * Microsoft Office v. X for Mac * Microsoft PowerPoint v. X for Mac Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site: http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Restart requirement: To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012: http://support.microsoft.com/kb/887012. Update can be uninstalled: This depends on the target application being updated. See the Bulletin for more details. More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS06-028.mspx ****************************************************************** MS06-029 Title: Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442) Affected Software: * Microsoft Exchange 2000 Server Pack 3 with the August 2004 Exchange 2000 Server Post-Service Pack 3 Update Rollup * Microsoft Exchange Server 2003 Service Pack 1 * Microsoft Exchange Server 2003 Service Pack 2 Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site: http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle. Note: For more information about the August 2004 Exchange 2000 Server Post-Service Pack 3 Update Rollup see Microsoft Knowledge Base Article 870540: http://support.microsoft.com/kb/870540. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Important Restart requirement: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a reboot will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012: http://support.microsoft.com/kb/887012. Update can be uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel. System administrators can also use the Spuninst.exe utility to remove this security update. More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS06-029.mspx ****************************************************************** MS06-030 Title: Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389) Affected Software: * Microsoft Windows 2000 Service Pack 4 * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 * Microsoft Windows XP Professional x64 Edition * Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 * Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems * Microsoft Windows Server 2003 x64 Edition Non-Affected Software: * Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site: http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle. Note: The security updates for Microsoft Windows Server 2003, Windows Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also apply to Windows Server 2003 R2. Impact of Vulnerability: Elevation of Privilege Maximum Severity Rating: Important Restart requirement: You must restart your system after you apply this security update. Update can be uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel. System administrators can also use the Spuninst.exe utility to remove this security update. More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS06-030.mspx ****************************************************************** MS06-031 Title: Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736) Affected Software: * Microsoft Windows 2000 Service Pack 4 Non-Affected Software: * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 * Microsoft Windows XP Professional x64 Edition * Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 * Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems * Microsoft Windows Server 2003 x64 Edition * Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site: http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle. Impact of Vulnerability: Spoofing Maximum Severity Rating: Moderate Restart requirement: You must restart your system after you apply this security update. Update can be uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel. System administrators can also use the Spuninst.exe utility to remove this security update. More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS06-031.mspx ****************************************************************** MS06-032 Title: Vulnerability in TCP/IP Could Allow Remote Code Execution (917953) Affected Software: * Microsoft Windows 2000 Service Pack 4 * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 * Microsoft Windows XP Professional x64 Edition * Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 * Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems * Microsoft Windows Server 2003 x64 Edition Non-Affected Software: * Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site: http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle. Note: The security updates for Microsoft Windows Server 2003, Windows Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also apply to Windows Server 2003 R2. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Important Restart requirement: You must restart your system after you apply this security update. Update can be uninstalled: Yes. To remove this security update, use the Add or Remove Programs tool in Control Panel. System administrators can also use the Spuninst.exe utility to remove this security update. More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS06-032.mspx ****************************************************************** MS06-011 Title: Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798) Affected Software: * Microsoft Windows XP Service Pack 1 * Microsoft Windows Server 2003 * Microsoft Windows Server 2003 for Itanium-based Systems Non-Affected Software: * Microsoft Windows 2000 Service Pack 4 * Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) * Microsoft Windows XP Service Pack 2 * Microsoft Windows XP Professional x64 Edition * Microsoft Windows Server 2003 Service Pack 1 * Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems * Microsoft Windows Server 2003 x64 Edition Note: The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site: http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle. Note: The security updates for Microsoft Windows Server 2003, Windows Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also apply to Windows Server 2003 R2. Impact of Vulnerability: Elevation of Privilege Maximum Severity Rating: Important Frequently Asked Questions: Q: Why did Microsoft reissue this bulletin on June 13, 2006? A: Microsoft updated this bulletin and the associated security updates to include updated registry key values for the NetBT, RemoteAccess, and TCPIP services. These values have been modified to be the same as Windows XP Service Pack 2 on Windows XP Service Pack 1 systems, and the same as Windows 2003 Service Pack 1 on Windows 2003 systems with no service pack applied. Customers are encouraged to apply this revised update for additional security from privilege elevation through the these services as described in the Vulnerability Details section of this security bulletin. For more information, and the updated registry key values, see Microsoft Knowledge Base Article 914798. Q: What changes does the revised security update include? A: The revised security update contains no changes to the binaries included in the initial security update. During installation, the revised security update will update the registry values for the NetBT, RemoteAccess, and TCPIP services as indicated in Microsoft Knowledge Base Article 914798. Q: What are the known issues that customers may experience when they install this security update? A: Microsoft Knowledge Base Article 914798 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. Restart requirement: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012: http://support.microsoft.com/kb/887012. Update can be uninstalled: This update cannot be removed. To learn more about manually removing the changes made by this update, please see Microsoft Knowledge Base Article 914798: http://support.microsoft.com/kb/914798. Note: As this update is only modifying system properties for the identified services, no new binaries are applied to the system as a result of the update installation. More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS06-011.mspx ****************************************************************** If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant. Thank you, Microsoft PSS Security Team John A. Jones, CISSP Americas Information Security Officer Jones Lang LaSalle, Inc. V: +1-630-455-2787 F: +1-312-601-1782 john.jones@xxxxxxxxxx -----Original Message----- From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jeff Crosby Sent: Wednesday, June 14, 2006 1:42 PM To: 'Midrange Systems Technical Discussion' Subject: RE: Ops Console dead again (was Slip the LIC)
Back out the MS updates: Start - Control Panel - Add/Remove and make sure the Show updates box is checked. Look for items with an appropriate installed date.
1) There is no 'show updates' box to check that I can see, 2) Only 7 of the 10 updates even show at all, and 3) There are no dates on any of these 7 updates What do you make of that? -- Jeff Crosby Dilgard Frozen Foods, Inc. P.O. Box 13369 Ft. Wayne, IN 46868-3369 260-422-7531 The opinions expressed are my own and not necessarily the opinion of my company. Unless I say so. -- This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l. This email is for the use of the intended recipient(s) only. If you have received this email in error, please notify the sender immediately and then delete it. If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the author's prior permission. We have taken precautions to minimize the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message. We cannot accept liability for any loss or damage caused by software viruses. The information contained in this communication may be confidential and may be subject to the attorney-client privilege. If you are the intended recipient and you do not wish to receive similar electronic messages from us in the future then please respond to the sender to this effect.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
