[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 392/06 - Microsoft Security Bulletin Advanced Notification

To: <uniras@xxxxxxxxxxxx>
Subject: UNIRAS Brief - 392/06 - Microsoft Security Bulletin Advanced Notification
From: "UNIRAS \(HM Govt CERT\)" <uniras@xxxxxxxxxxxx>
Date: Fri, 9 Jun 2006 16:49:06 +0100
Cc: <interim@xxxxxxxxxxxxxxxxxx>
Delivered-to: mailing list interim@xxxxxxxxxxxxxxxxxx
Delivered-to: moderator for interim@xxxxxxxxxxxxxxxxxx
List-help: <mailto:interim-help@lists.niscc.gov.uk>
List-post: <mailto:interim@lists.niscc.gov.uk>
List-subscribe: <mailto:interim-subscribe@lists.niscc.gov.uk>
List-unsubscribe: <mailto:interim-unsubscribe@lists.niscc.gov.uk>
Mailing-list: contact interim-help@xxxxxxxxxxxxxxxxxx; run by ezmlm
Organization: NISCC
Reply-to: <uniras@xxxxxxxxxxxx>
Thread-index: AcaL0DoIdTmlq/z0STeGgxHjJeH/qA==

-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 392/06 dated 09.06.06  Time: 15:15  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Microsoft Security Bulletin Advanced Notification


Detail
====== 

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Advanced Notification
Issued: June 08, 2006
********************************************************************

Summary
=======

On 13 June 2006 Microsoft is planning to release:

Security Updates

.	Nine Microsoft Security Bulletins affecting Microsoft Windows. The
highest Maximum Severity rating for these is Critical. These updates
will be detectable using the Microsoft Baseline Security Analyzer and
the Enterprise Scan Tool. Some of these updates will require a
restart.

Note that, as discussed in Microsoft Security Bulletin MS06-013, with
the release of one of these bulletins, support for the compatibility
patch discussed in Microsoft Knowledge Base Article 917425 will
cease. 

This means that all users who apply this security update will receive
the ActiveX update discussed in Microsoft Knowledge Base Article
912945 regardless of whether or not they have applied the
compatibility patch discussed in Microsoft Knowledge Base Article
917425.

Administrators are encouraged to review the following articles prior
to release and take appropriate steps for their environment:

 - Microsoft Security Advisory 912945 - Non-Security Update for
Internet Explorer:
   http://www.microsoft.com/technet/security/advisory/912945.mspx

 - Microsoft Knowledge Base Article 912945:
   http://support.microsoft.com/kb/912945

 - Microsoft Knowledge Base Article 917425:
   http://support.microsoft.com/kb/917425

 - Information for Developers about Internet Explorer:
   http://msdn.microsoft.com/ieupdate 

.	One Microsoft Security Bulletin affecting Microsoft Exchange. The
highest Maximum Severity rating for this is Important. These updates
will be detectable using the Microsoft Baseline Security Analyzer.
These updates may require a restart.

Note that this update will include the functionality change discussed
in Microsoft Knowledge Base Article 912918. Administrators are urged
to review this Knowledge Base article prior to release and take steps
appropriate for their environment.

.	Two Microsoft Security Bulletins affecting Microsoft Office. The
highest Maximum Severity rating for these is Critical. These updates
will be detectable using the Microsoft Baseline Security Analyzer.
These updates may require a restart.


Microsoft Windows Malicious Software Removal Tool

.	Microsoft will release an updated version of the Microsoft Windows
Malicious Software Removal Tool on Windows Update, Microsoft Update,
Windows Server Update Services and the Download Center. 
Note that this tool will NOT be distributed using Software Update
Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS

.	Microsoft will release 1 NON-SECURITY High-Priority Updates for
Windows on Windows Update (WU) and Software Update Services (SUS).

.	Microsoft will release two NON-SECURITY High-Priority Updates on
Microsoft Update (MU) and Windows Server Update Services (WSUS).

Although we do not anticipate any changes, the number of bulletins,
products affected, restart information and severities are subject to
change until released. 

Microsoft will host a webcast next week to address customer questions
on these bulletins. For more information on this webcast please see
below:
.	TechNet Webcast: Information about Microsoft's Security Bulletins
(Level 100)   
.	Wednesday, 14 June 2006 11:00 AM (GMT-08:00) Pacific Time (US &
Canada) 
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=103
2297371&EventCategory=4&culture=en-US&CountryCode=US

At this time no additional information on these bulletins such as
details regarding severity or details regarding the vulnerability
will be made available until 13 June 2006.
********************************************************************

Support: 
========
Technical support is available from Microsoft Product Support 
Services at 1-866-PC SAFETY (1-866-727-2338). There is no 
charge for support calls associated with security updates. 
International customers can get support from their local Microsoft 
subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx
 
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
  valuable information to help you protect your network. This
  newsletter provides practical security tips, topical security
  guidance, useful resources and links, pointers to helpful
  community resources, and a forum for you to provide feedback
  and ask security-related questions.
  You can sign up for the newsletter at:

  http://www.microsoft.com/technet/security/secnews/default.mspx

* Protect your PC: Microsoft has provided information on how you 
  can help protect your PC at the following locations: 

  http://www.microsoft.com/security/protect/

  If you receive an e-mail that claims to be distributing a 
  Microsoft security update, it is a hoax that may be distributing a 
  virus. Microsoft does not distribute security updates via e-mail. 
  You can learn more about Microsoft's software distribution 
  policies here: 

http://www.microsoft.com/technet/security/topics/policy/swdist.mspx


********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS 
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT 
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING 
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE 
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, 
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL 
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN 
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY 
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING 
LIMITATION MAY NOT APPLY.
********************************************************************

- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBRIhohBCvwTv3q93mAQL/OQ//effoS4jdbjLt7id/EIxHEmB5fQFhjCeH
my35mBkzmRbTlc7QKENE1Dpp7kbC61vZwG4NpCneC5nMtZiq2phgL1XRt0ApSKfN
0ZTz+xqdp4hiLCv0o5ZZqNQoxZdHJrN8STa0jl9lliek6M7pMtM7lFSdnkVZMeKA
qOOaM1oyn3N9tgaPvQgBCLyJWgtNDoi4DTvT9hdpHbK+oErQIrdRKD/gjzZVQpUs
kCU5xkhjIwzUTeQ+w82WxC0Z20B1sWINL5J0HMXnubqOaY0eK235DIIgebv3ABWp
h75PlqSRmPqYNfch3mbOIqWji4YDWOV1NbCE9crWby4gmSwehp+sccpNJwjPMOVC
JSrNhbtLH++W5xawXniCi2T0YtT0WT/hrB6Gmp9Pkhl2InFHd0c21Fcbu8AQT16I
y4VAbTAKq8mSaWWSHAxev98J100QfnOAvmZGX1N5JIlKD1ZT+8Ebotjieii2XuOq
rzaoZ/7WCxAUt2SS1qaKZeQ/9/4wSe0t9ZzlsUHjfD+9Z1+sRtWYr907lcVddB4B
nDkA3Oh9ebvAKpViM/gi5S6WuUekm7IL+CYovg7gc1a6dKsc+52yjHQLFAxCb7Kl
YFD/nhd89ik8fzQN1qDUr0coUCaed1FdhP2JB/VxK/zfF8OcdOJDBhyYe0rVJkEk
kG5HfF7DKg8=
=CHTN
- -----END PGP SIGNATURE-----

- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Microsoft for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the site of the
original source to ensure that you receive the most current information concerning 
that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQCVAwUBRImEQ4pao72zK539AQFMkwP/cSl6ke1w5KzEMq2nuJ//qypgA3prIjOi
LEYeTMvLCiLxWwxa/7yOwPTbIt7DfXOvvKlSDw4H2ktDjtjWqwmK2xnc8yLSUxom
r87DRNJk69HXRya2pqQoEGYd2/sS1jlRtxVDiufxBYGwMkPOKbkwC9FpAM/1r6D/
XYoLRHxKz8k=
=OZiJ
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

Prev by Date: UNIRAS Brief - 391/06 - Four Debian Security Advisories - DSA 1091-1, DSA 1092-1, DSA 1093-1, DSA 1094-1
Next by Date: UNIRAS Brief - 394/06 - Eight Gentoo Linux Security Advisories:
Previous by thread: UNIRAS Brief - 391/06 - Four Debian Security Advisories - DSA 1091-1, DSA 1092-1, DSA 1093-1, DSA 1094-1
Next by thread: UNIRAS Brief - 394/06 - Eight Gentoo Linux Security Advisories:
Index(es):
- Date
- Thread