February 2006 Patch Tuesday > Forums > Viruswarn Website

Viruswarn Website

Tuesday, February 07, 2012

Our sponsors

OS-Cubed, Inc.

WizardWrx

Periwinkle Communications

Nick Francesco

Users currently online

	Membership:
	Latest: kevin
	New Today: 0
	New Yesterday: 0
	Overall: 56

	People Online:
	Visitors: 5
	Members: 0
	Total: 5

Online Now:

Wizardwrx

Viruswarn banner

Home

Forums

Meet the Authors

Troubleshooting

Store

you are here: Forums

Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....

But at least it's all here.

Enjoy!

Viruswarn Forums

Forums

Search

Forums > Viruswarning Forum > Viruswarning archive

Subject: February 2006 Patch Tuesday

Email me when someone replies to this thread.

You are not authorized to post a reply.

Author

Messages

David Gray
Posts:22

02/15/2006 5:59 PM
What Is It? Microsoft sent everyone a Valentine, of sorts. In other words, yesterday was Patch Tuesday, and Microsoft released four updates, two of which they rated as Critical, and two rated Important. However, we think you should treat the second item listed below as a critical update if your default Web browser is anything but Internet Explorer. Windows Media Player. If you use Windows Media Player, version 9 or 10, alone or with any Web browser, on any version of Windows earlier than Windows Server 2003, there is an unchecked buffer that could allow an attacker to take control of your computer. According to Microsoft, Windows Media Player 6.4 is unaffected, and Windows Media Player 10 is unaffected if you are running Windows Server 2003, which is not intended for end user machines. Windows Media Player Plug-in for Non-Microsoft browsers. If you use Windows Media Player (WMP) with third party Web browsers, such as Mozilla Firefox, Netscape Navigator, and Opera, an attacker could take over your machine and use it for his own purposes, such as spreading worms and sending spam email. Although Microsoft rates this matter as Important, if your default Web browser is anything besides Internet Explorer, you should probably consider it Critical. Web Client Service. This service enables you to publish documents, such as Word documents, Excel spreadsheets, and PowerPoint presentations, to Web sites that support the WebDAV protocol. Best security practice is to confine use of this service to the local subnet (your private network). However, if an attack breaches one machine, that machine can be used to attack others in the same private network. Because an attacker needs local logon credentials in order to exploit this vulnerability, Microsoft rates this matter as Important. TCP/IP on All Versions of Windows Derived from Windows NT. Windows 2000 (Server and Workstation), Windows XP (Home and Professional), and Windows Server 2003, contain a vulnerability that allows a remote attacker to cause them to stop responding by sending a specially formed IGMP (Ping) packet. Microsoft rates this this matter as Important. What Should I Do? Verify that your machine received and installed the four updates identified above (and below, in the references) yesterday. The fourth update, for TCP/IP (Q913446);, was re-released at 8:30 PM PST (04:30 UTC) on Tuesday February 14th, to correct a problem that caused that update to be omitted from some installations. Therefore, depending on your update schedule, your machine may have missed the TCP/IP update. You may want to manually visit Windows Update, http://update.microsoft.com, or http://windowsupdate.microsoft.com, and check for new critical updates, or simply watch for new updates over the next several days. References http://www.microsoft.com/technet/security/Bulletin/MS06-005.mspx is Microsoft Security Bulletin MS06-005, "Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)," a Critical update. http://www.microsoft.com/technet/security/Bulletin/MS06-006.mspx is Microsoft Security Bulletin MS06-006, "Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)," an Important update, according to Microsoft, but Critical, in my opinion. http://www.microsoft.com/technet/security/bulletin/ms06-008.mspx is Microsoft Security Bulletin MS06-008, "Vulnerability in Web Client Service Could Allow Remote Code Execution (911927)," an Important update. http://www.microsoft.com/technet/security/bulletin/ms06-007.mspx is Microsoft Security Bulletin MS06-007, "Vulnerability in TCP/IP Could Allow Denial of Service (913446)," an Important update. http://www.us-cert.gov/cas/alerts/SA06-045A.html is Cyber Security Alert SA06-045A, "Microsoft Windows, Windows Media Player, and Internet Explorer Vulnerabilities," from US-CERT, formerly CERT/CC. http://www.us-cert.gov/cas/techalerts/TA06-045A.html is Technical Cyber Security Alert TA06-045A, "Microsoft Windows, Windows Media Player, and Internet Explorer Vulnerabilities," from US-CERT, formerly CERT/CC. This is the geek's version of the previous reference. This concludes this VirusWarning bulletin.

You are not authorized to post a reply.

Forums > Viruswarning Forum > Viruswarning archive > February 2006 Patch Tuesday

ActiveForums 3.6

Register or Login

User Name:

Password:

Remember Login


Forgot Password ?

Copyright 2006 by OS-Cubed, Inc. Terms Of Use Privacy Statement