April 2006 - Posts
http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx
Frequently asked questions (FAQ) related to this security update
I've heard of issues with this security update. Does Microsoft plan to release a revised security update to address these issues?
Microsoft has completed its initial investigation into issues involving old third party software that customers may have experienced after the installation of this security update. On Tuesday, April 25, Microsoft will issue a targeted re-release of the MS06-015 update.
Note Customers who have already applied the MS06-015 update who are not experiencing the problem need take no action.
Microsoft Security Bulletin MS06-017
Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)
Published: April 11, 2006
Executive Summary:
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Issues that the security update fixes
The installation of Outlook Express Patch 911567 prevents saved unsent message eml files from being opened as unsent messages. Instead, they open as sent messages and cannot be resent. This is because the patch causes Outlook Express to ignore the unsent flag in the message, so the message opens as a sent message, even though it has not been sent.
Uninstall Outlook Express Patch 911567 (April 11, 2006) to restore unsent message functionality
On April 11, Microsoft released a security update via Automatic Updates & Windows / Microsoft Update to fix some security issues.
See http://support.microsoft.com/kb/908531/
This update applies to Win2000, SBS systems, Win XP, and Windows Server 2003.
Subsequent to this fix, many users have reported various problems in Windows Explorer and also with Internet Explorer, as well as other programs & functions. Many examples can be seen in the MS public newsgroups (and likely elsewhere).
This post, at AumHa Forums, has a list of reported problems, and suggestions on how to resolve them.
April 11, 2006
Today Microsoft released the following Security Bulletin(s).
Bulletin Summary:
http://www.microsoft.com/technet/security/Bulletin/ms06-Apr.mspx
Critical Bulletins:
Cumulative Security Update for Internet Explorer (912812)
http://www.microsoft.com/technet/security/Bulletin/ms06-013.mspx
Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)
http://www.microsoft.com/technet/security/Bulletin/ms06-014.mspx
Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)
http://www.microsoft.com/technet/security/Bulletin/ms06-015.mspx
Important Bulletins:
Cumulative Security Update for Outlook Express (911567)
http://www.microsoft.com/technet/security/Bulletin/ms06-016.mspx
Moderate Bulletins:
Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)
http://www.microsoft.com/technet/security/Bulletin/ms06-017.mspx
Re-Released Bulletins:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)
http://www.microsoft.com/technet/security/Bulletin/ms06-005.mspx