ZDNet UK / News and Analysis / Workspace IT / Desktop OS

Tackling Microsoft's August patches: Part 1

By John McCormick, TechRepublic, 22 August, 2006 12:20

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

Topics

Microsoft, security bulletin, Patch

…adds up to a critical threat, most are only moderate or low-level threats to fully patched IE 6 versions on Windows XP SP2, Windows Server 2003, and Windows Server 2003 SP1.

MS06-047
Microsoft Security Bulletin MS06-047, "Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution", also deserves immediate attention because attackers are actively exploiting this flaw. This is a critical threat for Microsoft Office 2000 users.

MS06-047 addresses the Visual Basic for Applications Vulnerability (CVE-2006-3649). While this vulnerability also affects Office XP and Visual Basic for Applications SDK 6.0, 6.2, 6.3, and 6.4, it's only an important threat for these versions.

The only recommended workaround is not to open unexpected Office files or any Office files from untrusted sources.

MS06-048
Microsoft Security Bulletin MS06-048, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution", doesn't appear to pose a great threat at first glace. It only affects PowerPoint users — and it's only critical for PowerPoint 2000. (It's an important threat for all other affected versions.)

However, attackers are already exploiting the Mso.dll vulnerability, which is why I'm addressing it. MS06-048 addresses two vulnerabilities: Microsoft PowerPoint Mso.dll Vulnerability (CVE-2006-3590) and Microsoft PowerPoint Malformed Records Vulnerability (CVE-2006-3449).

This security bulletin replaces Microsoft Security Bulletin MS06-038. It affects PowerPoint 2000, PowerPoint 2002, PowerPoint 2003, PowerPoint 2004 for Mac and PowerPoint 2004 v. X for Mac.

Final word
What a lovely way to spend the dog days of August — so many security bulletins that I can't even fit all the critical threats into one article!

I've tried to prioritise these threats because I think readers have slightly different priorities (as each subset of users and managers generally does) than Microsoft's necessarily generalised ratings. I will focus on the remaining five critical threats, as well as the three important threats, in a future article.

John McCormick is a security consultant and well-known author in the field of IT, with more than 17,000 published articles. He has written the IT Locksmith column for TechRepublic for more than four years.

Related stories

'Patch Tuesday' proves busy for Microsoft

Google offers shopping coupons

Unfinished Vista already gets security updates

Microsoft issues 'hotfix' for patch flaw

Linux Mint 13 ramps up for KDE release

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

Philip Charles Cohen

Read about it and weep, John Donahoe ... In addition to Visa’s V.me, there is now MasterCard’s PayPass digital wallet soon to arrive; another...

2 hours ago by Philip Charles Cohen via Facebook on PayPal takes phone-based payments to the high street
apexwm

Leslie Satenstein : Where have you ever seen Mozilla even mention this? Firefox is the most popular browser in the GNU/Linux OS, so I don't see...

3 hours ago by apexwm on Firefox rapid release improves Fedora Linux
songmaster

SHleG: Do you remember building a clockwork scorpion kit (I'm pretty sure I have a photo of it somewhere) — I think it was called something like...

5 hours ago by songmaster on Software with everything
Chris Wortman

Good I love Yahoo! Their search engine is getting better than Google as of late. I find more of what I want on the first page, and usually within...

5 hours ago by Chris Wortman via Facebook on Linux Mint 13 ramps up for KDE release
PatrickG

openhgs has made the point for Windows 8 multiple monitors without realising it! With Windows 7 you have to switch the mouse and so your focus...

7 hours ago by PatrickG on Windows 8 could speed multi-monitor uptake
Leslie Satenstein

Mozilla has threatened to stop supporting Linux. I guess that UBUNTU is going with another browser. I indicated that if Mozilla stops supporting...

9 hours ago by Leslie Satenstein via Facebook on Firefox rapid release improves Fedora Linux
Andy Bolstridge

Much as I abhor Microsoft's licensing practices, this is almost certainly down to purchasing IT equipment via 3rd party consultants - you get the...

9 hours ago by Andy Bolstridge via Facebook on 6 million wasted licences and £1,200 PCs: welcome to government IT
Jack Schofield

@openhgs Windows users have had multiple desktops since Linus started writing Linux. They just haven't shipped as standard because not enough...

1 day ago by Jack Schofield on Windows 8 could speed multi-monitor uptake
Jack Schofield

@Phil at Cloud4 What, Microsoft gets £1,200 per PC and £1,622 per server? Gosh, I'm amazed....

1 day ago by Jack Schofield on 6 million wasted licences and £1,200 PCs: welcome to government IT
craigsc

You guys have no idea what is going on at Autonomy. Autonomy could have been a much more profitable organization. The sales operations at Autonomy...

1 day ago by craigsc on HP cuts 27,000 staff as Autonomy chief Lynch leaves
Moley

How does this impact on dual or multi booting? Seems to me to more or less prohibit this, from Windows 8 anyway. Will Grub 2 recognise Windows 8,...

1 day ago by Moley on Windows 8 start-up speed forces USB boot workaround
apexwm

I don't understand why there cannot be a slight pause during the boot process so the user can press a key. Many operating systems do this, even if...

1 day ago by apexwm on Windows 8 start-up speed forces USB boot workaround
Gavin Goodman

You can now buy the Xi3 modular computer in the UK at http://www.ocdistribution.com . This can be bought with the Tand3m software, pricing and...

1 day ago by Gavin Goodman on CES 2012: Xi3 microSERV3R
Phil at Cloud4

I agree: Mike Lynch can clearly build a business and manage strategy. I suspect the exit of Mike is more likely the end of a planned handover...

1 day ago by Phil at Cloud4 on HP cuts 27,000 staff as Autonomy chief Lynch leaves
Phil at Cloud4

This is unbeleivable government wastage with only one winner... Microsoft 1 - Tax payer Nil!

1 day ago by Phil at Cloud4 on 6 million wasted licences and £1,200 PCs: welcome to government IT
Mispam

So what do you do when you can't boot into windows? Why can't I just hold Shift while I power up instead of having to boot into windows and click a...

1 day ago by Mispam on Windows 8 start-up speed forces USB boot workaround
apexwm

I've also seen that Mac OS X for Intel machines is supposed to run in VirtualBox, which would also be a nice solution. I've never tried it though.

1 day ago by apexwm on xTreme Triple Booting: Linux, Mac & Windows
dave heasman

What I wonder is why when companies are caught bang to rights in not providing contracted services, people bend over to smear the customers? Surely...

1 day ago by dave heasman on Virgin throttles broadband for high-speed customers
pjc158

Strange statement from HP regarding Mike Lynch and not capable of scaling a company. Autonomy was a $7bn purchase which started as a small company...

1 day ago by pjc158 on HP cuts 27,000 staff as Autonomy chief Lynch leaves
lojolondon

Or - possibly, they will destroy business by ensuring people do not invest where there is no return. Another socialist idea, well beyond it's...

2 days ago by lojolondon on Open Data Institute will act as biz incubator

Latest in Desktop OS

Linux Mint 13 ramps up for KDE release

Nvidia: Windows on ARM a 'genius' idea from Microsoft

Why Linux is forging ahead on the desktop

Featured white papers

Email security: A comparison of the major players

Mimecast

Email security: A comparison of the major players

This guide from Mimecast considers why email security is essential, who the major players are and their strengths and... Read more

Great British computers: A ZDNet UK retrospective

ZDNet UK

Great British computers: A ZDNet UK retrospective

Would you believe the first ever business computer totted up the price of cakes, bread and pies? You would if you knew it was operated by a British tea-shop company. Take a trip down computing memory lane with this guide to great British... Read more

Seven Keys to Making or Breaking Your Exchange Infrastructure

Quest Software

Seven Keys to Making or Breaking Your Exchange Infrastructure

Are you getting maximum performance out of your Exchange infrastructure? This white paper looks at seven key aspects of controlling an Exchange email... Read more

Inside ZDNet UK

Indoor navigation coming to a mobile near you soon

Indoor navigation coming to a mobile near you soon

Software with everything

Software with everything

Asus Transformer Pad TF300T

Asus Transformer Pad TF300T

How IT is ganging up on organised cybercrime

How IT is ganging up on organised cybercrime

HTC One V: First take

HTC One V: First take

SharePoint deployment: The final chapter

SharePoint deployment: The final chapter

Ten IT jobs to save up for those rare lulls

Ten IT jobs to save up for those rare lulls