November 2006 Monthly Security Bulletin Release

Posted by bink on November 15 2006, 1:47 AM. Posted in Security.

Microsoft is releasing six new security bulletins today:<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /?><o:p></o:p>

· Microsoft Windows (MS06-066)<o:p></o:p>

· maximum severity rating of Important<o:p></o:p>

· vulnerabilities could allow an attacker to remotely take complete control of an affected system.<o:p></o:p>

· Microsoft Windows (MS06-067)<o:p></o:p>

· maximum severity rating of Critical<o:p></o:p>

· vulnerabilities could allow an attacker to remotely take complete control of an affected system.<o:p></o:p>

· Microsoft Windows (MS06-068)<o:p></o:p>

· maximum severity rating of Critical<o:p></o:p>

· vulnerabilities could allow an attacker to remotely take complete control of an affected system.<o:p></o:p>

· Microsoft Windows (MS06-069)<o:p></o:p>

· maximum severity rating of Critical<o:p></o:p>

· vulnerabilities could allow an attacker to remotely take complete control of an affected system.<o:p></o:p>

· Microsoft Windows (MS06-070)<o:p></o:p>

· maximum severity rating of Critical<o:p></o:p>

· vulnerabilities could allow an attacker to remotely take complete control of an affected system.<o:p></o:p>

· Microsoft XML Core Services (MS06-071)<o:p></o:p>

· maximum severity rating of Critical<o:p></o:p>

· vulnerabilities could allow an attacker to remotely take complete control of an affected system.<o:p></o:p>

MSRC Blog: Regarding MS06-071, I wanted to call out a couple of things.This update addresses an issue we first discussed in Microsoft Security Advisory (927892).

First, with this month’s release, Microsoft has changed the servicing model for Microsoft XML Core Services to include Windows Update in addition to Microsoft Update. This means that customers will now be able to obtain security updates for Microsoft XML Core Services through Windows Update, and Software Update Services (SUS) in addition to Microsoft Update, and Windows Software Update Services (WSUS).<o:p></o:p>

Now, because this update is on Windows Update for distribution, we don’t want customers to be confused and think this is a vulnerability in any version of Windows: the vulnerability is actually in Microsoft XML Core Services not in Windows.<o:p></o:p>

But we’ve gone ahead and put this update on Windows update to give the broadest possible coverage to protect customers for this issue and any possible future issues in Microsoft XML Core Services.<o:p></o:p>