This month's Patch Tuesday was a busy one. Redmond released a total of 12 security bulletins, rating nine of them as critical threats. (The remaining three bulletins are important threats.) The updates collectively fix 20 flaws in Windows and patch three flaws in Office.
Details
Microsoft released so many critical security bulletins for August's Patch Tuesday that I couldn't address them all immediately. I have covered the four critical security bulletins that I felt presented the most threat in a previous article. In this feature, I'll bring you up to speed on the remaining updates, both critical and important. These bulletins either present a low-level threat or haven't been the target of an active exploit, making them less dangerous than the first four.
MS06-041
Microsoft Security Bulletin MS06-041, "Vulnerabilities in DNS Resolution Could Allow Remote Code Execution", fixes two vulnerabilities: Winsock Hostname Vulnerability (CVE-2006-3440) and DNS Client Buffer Overrun Vulnerability (CVE-2006-3441). Both are remote code execution threats.
This update affects Windows 2000 Service Pack 4, all versions of Windows XP, and all versions of Windows Server 2003. This is a critical threat for all affected versions. Both vulnerabilities are previously undisclosed threats, and there had been no reports of active exploits for either at the time of publishing.
In addition, an attacker can only exploit the buffer overrun vulnerability on a subnet between the host and the DNS server. Workarounds include blocking DNS record types ATMA, TXT, X25, HINFO, and ISDN DNS at network gateways.
A workaround for the Winsock vulnerability is to modify the Autodial DLL in the registry. See the security bulletin for more details.
MS06-043
Microsoft Security Bulletin MS06-043, "Vulnerability in Microsoft Windows Could Allow Remote Code Execution", addresses the MHTML Parsing Vulnerability (CVE-2006-2766). While this is a critical threat, it only affects Outlook Express 6 on Windows XP SP2 (including the x64 version) and Outlook Express 6 on Windows Server 2003 SP1 (also including the x64 version).
This is a publicly disclosed threat, but there had been no reports of active exploits at the time of publishing. Internet Explorer (IE) runs in a restricted security mode on Windows Server 2003, and Outlook Express opens HTML emails in the Restricted Sites security zone; both factors mitigate the potential risk.
MS06-044
Microsoft Security Bulletin MS06-044, "Vulnerability in Microsoft Management Console Could Allow Remote Code Execution", fixes the MMC Redirect Cross-Site Scripting Vulnerability (CVE-2006-3643). This is a newly disclosed threat, and there had been no reports of active exploits at the time of publishing.
While this is a critical threat, it only affects Windows 2000 SP4. The best way to mitigate this threat is to run IE 6. A good workaround is to disable Active Scripting in the My Computer zone.
MS06-046
Microsoft Security Bulletin MS06-046, "Vulnerability in HTML Help Could Allow Remote Code Execution", addresses the Buffer Overrun in HTML Help Vulnerability (CVE-2006-3357). This is a publicly disclosed threat, and there had been no reports of active exploits at the time of publishing.
This update affects Windows 2000 SP4, all versions of Windows XP, and all versions of Windows Server 2003. It is a critical threat for Windows 2000 and Windows XP versions, but it's only a moderate threat for Windows Server 2003 versions.
Using the latest, fully patched version of IE or Outlook will mitigate this threat, and the security bulletin offers several workarounds. The most useful one is to disable the HTML Help ActiveX control.
MS06-051
Microsoft Security Bulletin MS06-051, "Vulnerability in Windows Kernel Could Result in Remote Code Execution", addresses two threats. The User Profile Elevation of Privilege Vulnerability (CVE-2006-3443) is a low-threat elevation of privilege threat, while the Unhandled Exception Vulnerability (CVE-2006-3648) is a critical remote code execution threat. Both vulnerabilities are previously undisclosed threats, and there had been no reports of active exploits for either at the time of publishing.
This update affects Windows 2000 SP4, all versions of Windows XP, and all versions of Windows Server 2003. Because of the Unhandled Exception Vulnerability, this is a critical threat for all affected versions.
There are multiple mitigating factors. First of all, an attacker would need valid log-on credentials to exploit the user profile vulnerability. In addition, applying all patches…
