...2003 disables the Web Client Service by default.
Fix
Install the update. As a workaround, disable the Web Client Service in Windows XP. (To do so, go to Control Panel | Administrative Tools | Services | WebClient.) Blocking TCP Ports 139 and 445 will also stop some attacks.
MS06-009
Microsoft Security Bulletin MS06-009, Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege, addresses the Korean IME vulnerability (CVE-2006-0008). This is a newly disclosed threat, and no exploits have appeared in the wild.
Applicability
While this threat affects a variety of Microsoft software, it only affects the Korean language version of these applications. Read the entire security bulletin for more details.
Risk level
This is an important threat for all affected versions.
Mitigating factors
In addition to only affecting the Korean language versions, there's a variety of mitigating factors. See the security bulletin for more details.
Fix
Install the update. A variety of Microsoft-approved workarounds are available, including blocking TCP port 3389 at the enterprise perimeter firewall.
MS06-010
Microsoft Security Bulletin MS06-010, Vulnerability in PowerPoint 2000 Could Allow Information Disclosure, also fixes a threat that affects only a small amount of users. This update addresses the PowerPoint Temporary Internet Files Information Disclosure vulnerability (CVE-2006-0004). This is a newly disclosed threat, and no exploits have appeared in the wild.
Applicability
This only affects PowerPoint 2000, which is part of Microsoft Office 2000 Service Pack 3. This threat doesn't affect any other versions of PowerPoint.
Risk level
Microsoft has rated this an important threat.
Mitigating factors
In addition to only affecting one version of PowerPoint, potential attackers would have to convince users to visit a malicious Web site or open a suspicious email.
Fix
Install the update. Some Microsoft-approved workarounds are available. Read the entire security bulletin for more details.
Final word
Is anyone out there still using IE 5.01? If so, it really is time to upgrade — not just install the MS06-004 patch. Likewise, the other critical bulletin shouldn't be much threat to computers in a corporate environment.
Talkback
I would like to know why we call the bulletins "Security Bulletins"? I believe that the right term is "Insecurity Bulletins" which MS publishes and serves to list the ubiquitous security breeches found in the Microsoft Software offerings.
I would like to think that a security bulletin is a praise for the robustness of a product, and not the listinjg of the flaws.
Please change the headings for future insecurity listings.