Security Bulletins for September 2006

Update: 28 September 2006

Microsoft has issued security bulletin MS06-055 rated "critical", in addition to the security patches issued in this month's release of its Security Bulletin Summary. This security patch was issued two weeks earlier than its scheduled release date due to the urgent need to prevent further exploitation of the recently discovered serious Vector Markup Language (VML) vulnerability in Windows. This is an unusual step and is an indication of the significance of the issue.

The vulnerability lies in the way Internet Explorer handles vector graphics. A malicious attacker could exploit the vulnerability by constructing a specially crafted webpage or HTML e-mail message that allows remote code execution if a user visited the webpage or viewed the e-mail message. An attacker who successfully exploited the vulnerability could gain complete control of an affected computer. This security vulnerability is also discussed in the Microsoft Security Advisory (925568).

In addition, security bulletin MS06-049, originally released in August of this year, has been re-released. This update introduces revised patch for Windows 2000 against vulnerability discussed in Microsoft KB925308.

Users are advised to patch their systems against these vulnerabilities immediately. Patches can be downloaded via links posted within the appropriate Security Bulletins or by visiting Microsoft Update.

14 September 2006

Adobe and Microsoft have issued separate security advisories regarding an Adobe Flash Player update released to resolve serious vulnerabilities. Microsoft Security Bulletins for September report the release of three security updates, one of which is rated "critical", one rated "important" and one rated "moderate". Also, two security bulletins released last month have been revised and re-released.

Adobe Security Bulletin APSB06-11 reports the release of a critical patch against multiple security vulnerabilities in the Adobe Flash Player that could potentially allow an attacker to gain complete control of an affected computer. These security vulnerabilities are also discussed in the Microsoft Security Advisory (925143)

Adobe recommends that all users of Flash Player 8.0.24.0 and earlier versions upgrade to Flash Player 9.0.16.0. Updates are available at the Flash Player Download Center.

Microsoft Security Bulletin Summary for September reports the release of three security updates, one rated "critical", one rate "important" and one rated "moderate". These updates patch against security vulnerabilities that could potentially allow for remote code execution on affected computers. An end-user version of this update summary is also available.

Security bulletins MS06-042 and MS06-040, originally released in August of this year, have been re-released. These updates introduce revised patches against vulnerabilities included in Security Bulletins for August 2006.

Microsoft has also issued Security Advisory 922582 announcing the availability of an update resolving a "0x80070002" error when trying to update a computer running on Microsoft Windows. This update does not address a security vulnerability but is important in order for users to keep their computers updated.

Users are advised to patch their systems against these vulnerabilities immediately. Patches can be downloaded via links posted within the appropriate Security Bulletins or by visiting Microsoft Update.

Apple has announced the release of Quicktime 7.1.3, which provides a patch against a vulnerability that could allow for remote code execution or cause application crashes while viewing maliciously-crafted H.264 movies, QuickTime movies, FLC movies, FlashPix files or SGI images. All users are advised to apply this security patch, which can be downloaded from Apple Quicktime Downloads. For further information, see About the security content of QuickTime 7.1.3.

Important:
We recommend that users patch their systems by downloading and installing critical Microsoft updates as soon as possible.

Users are also encouraged to update their antivirus software daily and to install a firewall on their computers, if they have not done so already. For more information on firewalls, please read Microsoft's tutorial on how to protect your PC.

Security Bulletins for September 2006 Severity

Critical:

Important:

Moderate:

Re-released Security Bulletins:

Information from Microsoft:

Information from Adobe:

Information from Apple:

Third party information:

Commtouch® is a leading developer of anti virus software and anti spam filtering services. Commtouch's anti virus computer software, F-PROT Antivirus, is available for a number of operating systems such as Windows, Linux, BSD, Solaris, and AIX as well as the Microsoft Exchange groupware.

1993-2013 © CYREN