ZDNet UK / News and Analysis / Workspace IT / Desktop OS

Microsoft's February security bulletins

By John McCormick, TechRepublic, 21 February, 2006 14:30

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

Topics

February, Flaw, Bulletin, Security, Microsoft, Patch

...2003 disables the Web Client Service by default.

Fix
Install the update. As a workaround, disable the Web Client Service in Windows XP. (To do so, go to Control Panel | Administrative Tools | Services | WebClient.) Blocking TCP Ports 139 and 445 will also stop some attacks.

MS06-009
Microsoft Security Bulletin MS06-009, Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege, addresses the Korean IME vulnerability (CVE-2006-0008). This is a newly disclosed threat, and no exploits have appeared in the wild.

Applicability
While this threat affects a variety of Microsoft software, it only affects the Korean language version of these applications. Read the entire security bulletin for more details.

Risk level
This is an important threat for all affected versions.

Mitigating factors
In addition to only affecting the Korean language versions, there's a variety of mitigating factors. See the security bulletin for more details.

Fix
Install the update. A variety of Microsoft-approved workarounds are available, including blocking TCP port 3389 at the enterprise perimeter firewall.

MS06-010
Microsoft Security Bulletin MS06-010, Vulnerability in PowerPoint 2000 Could Allow Information Disclosure, also fixes a threat that affects only a small amount of users. This update addresses the PowerPoint Temporary Internet Files Information Disclosure vulnerability (CVE-2006-0004). This is a newly disclosed threat, and no exploits have appeared in the wild.

Applicability
This only affects PowerPoint 2000, which is part of Microsoft Office 2000 Service Pack 3. This threat doesn't affect any other versions of PowerPoint.

Risk level
Microsoft has rated this an important threat.

Mitigating factors
In addition to only affecting one version of PowerPoint, potential attackers would have to convince users to visit a malicious Web site or open a suspicious email.

Fix
Install the update. Some Microsoft-approved workarounds are available. Read the entire security bulletin for more details.

Final word
Is anyone out there still using IE 5.01? If so, it really is time to upgrade — not just install the MS06-004 patch. Likewise, the other critical bulletin shouldn't be much threat to computers in a corporate environment.

Related stories

Linux Mint 13 ramps up for KDE release

Nvidia: Windows on ARM a 'genius' idea from Microsoft

Why Linux is forging ahead on the desktop

Ubuntu gets a facelift with Precise Pangolin 12.04

Talkback

I would like to know why we call the bulletins "Security Bulletins"? I believe that the right term is "Insecurity Bulletins" which MS publishes and serves to list the ubiquitous security breeches found in the Microsoft Software offerings.

I would like to think that a security bulletin is a praise for the robustness of a product, and not the listinjg of the flaws.

Please change the headings for future insecurity listings.

via Facebook 21 February, 2006 03:09
Reply

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

Philip Charles Cohen

Read about it and weep, John Donahoe ... In addition to Visa’s V.me, there is now MasterCard’s PayPass digital wallet soon to arrive; another...

1 hour ago by Philip Charles Cohen via Facebook on PayPal takes phone-based payments to the high street
apexwm

Leslie Satenstein : Where have you ever seen Mozilla even mention this? Firefox is the most popular browser in the GNU/Linux OS, so I don't see...

2 hours ago by apexwm on Firefox rapid release improves Fedora Linux
songmaster

SHleG: Do you remember building a clockwork scorpion kit (I'm pretty sure I have a photo of it somewhere) — I think it was called something like...

4 hours ago by songmaster on Software with everything
Chris Wortman

Good I love Yahoo! Their search engine is getting better than Google as of late. I find more of what I want on the first page, and usually within...

4 hours ago by Chris Wortman via Facebook on Linux Mint 13 ramps up for KDE release
PatrickG

openhgs has made the point for Windows 8 multiple monitors without realising it! With Windows 7 you have to switch the mouse and so your focus...

6 hours ago by PatrickG on Windows 8 could speed multi-monitor uptake
Leslie Satenstein

Mozilla has threatened to stop supporting Linux. I guess that UBUNTU is going with another browser. I indicated that if Mozilla stops supporting...

8 hours ago by Leslie Satenstein via Facebook on Firefox rapid release improves Fedora Linux
Andy Bolstridge

Much as I abhor Microsoft's licensing practices, this is almost certainly down to purchasing IT equipment via 3rd party consultants - you get the...

8 hours ago by Andy Bolstridge via Facebook on 6 million wasted licences and £1,200 PCs: welcome to government IT
Jack Schofield

@openhgs Windows users have had multiple desktops since Linus started writing Linux. They just haven't shipped as standard because not enough...

1 day ago by Jack Schofield on Windows 8 could speed multi-monitor uptake
Jack Schofield

@Phil at Cloud4 What, Microsoft gets £1,200 per PC and £1,622 per server? Gosh, I'm amazed....

1 day ago by Jack Schofield on 6 million wasted licences and £1,200 PCs: welcome to government IT
craigsc

You guys have no idea what is going on at Autonomy. Autonomy could have been a much more profitable organization. The sales operations at Autonomy...

1 day ago by craigsc on HP cuts 27,000 staff as Autonomy chief Lynch leaves
Moley

How does this impact on dual or multi booting? Seems to me to more or less prohibit this, from Windows 8 anyway. Will Grub 2 recognise Windows 8,...

1 day ago by Moley on Windows 8 start-up speed forces USB boot workaround
apexwm

I don't understand why there cannot be a slight pause during the boot process so the user can press a key. Many operating systems do this, even if...

1 day ago by apexwm on Windows 8 start-up speed forces USB boot workaround
Gavin Goodman

You can now buy the Xi3 modular computer in the UK at http://www.ocdistribution.com . This can be bought with the Tand3m software, pricing and...

1 day ago by Gavin Goodman on CES 2012: Xi3 microSERV3R
Phil at Cloud4

I agree: Mike Lynch can clearly build a business and manage strategy. I suspect the exit of Mike is more likely the end of a planned handover...

1 day ago by Phil at Cloud4 on HP cuts 27,000 staff as Autonomy chief Lynch leaves
Phil at Cloud4

This is unbeleivable government wastage with only one winner... Microsoft 1 - Tax payer Nil!

1 day ago by Phil at Cloud4 on 6 million wasted licences and £1,200 PCs: welcome to government IT
Mispam

So what do you do when you can't boot into windows? Why can't I just hold Shift while I power up instead of having to boot into windows and click a...

1 day ago by Mispam on Windows 8 start-up speed forces USB boot workaround
apexwm

I've also seen that Mac OS X for Intel machines is supposed to run in VirtualBox, which would also be a nice solution. I've never tried it though.

1 day ago by apexwm on xTreme Triple Booting: Linux, Mac & Windows
dave heasman

What I wonder is why when companies are caught bang to rights in not providing contracted services, people bend over to smear the customers? Surely...

1 day ago by dave heasman on Virgin throttles broadband for high-speed customers
pjc158

Strange statement from HP regarding Mike Lynch and not capable of scaling a company. Autonomy was a $7bn purchase which started as a small company...

1 day ago by pjc158 on HP cuts 27,000 staff as Autonomy chief Lynch leaves
lojolondon

Or - possibly, they will destroy business by ensuring people do not invest where there is no return. Another socialist idea, well beyond it's...

2 days ago by lojolondon on Open Data Institute will act as biz incubator

Latest in Desktop OS

Linux Mint 13 ramps up for KDE release

Nvidia: Windows on ARM a 'genius' idea from Microsoft

Why Linux is forging ahead on the desktop

Featured white papers

Email security: A comparison of the major players

Mimecast

Email security: A comparison of the major players

This guide from Mimecast considers why email security is essential, who the major players are and their strengths and... Read more

Great British computers: A ZDNet UK retrospective

ZDNet UK

Great British computers: A ZDNet UK retrospective

Would you believe the first ever business computer totted up the price of cakes, bread and pies? You would if you knew it was operated by a British tea-shop company. Take a trip down computing memory lane with this guide to great British... Read more

Seven Keys to Making or Breaking Your Exchange Infrastructure

Quest Software

Seven Keys to Making or Breaking Your Exchange Infrastructure

Are you getting maximum performance out of your Exchange infrastructure? This white paper looks at seven key aspects of controlling an Exchange email... Read more

Inside ZDNet UK

Indoor navigation coming to a mobile near you soon

Indoor navigation coming to a mobile near you soon

Software with everything

Software with everything

Asus Transformer Pad TF300T

Asus Transformer Pad TF300T

How IT is ganging up on organised cybercrime

How IT is ganging up on organised cybercrime

HTC One V: First take

HTC One V: First take

SharePoint deployment: The final chapter

SharePoint deployment: The final chapter

Ten IT jobs to save up for those rare lulls

Ten IT jobs to save up for those rare lulls