(direct from our data team)
On Tuesday Microsoft released 10 security bulletins. Eight of the ten bulletins released this month deal with vulnerabilities that could be exploited should a user visit an evil website or open a malformed Office document. The remaining two issues are Denial of Service attacks that can be launched remotely and don't require user intervention. Shavlik believes that MS06-057 and MS06-061 patches should be placed at the top of the list to investigate and patch, followed closely by MS06-063, then the four bulletins for Office patches.
MS06-056 - Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770)
http://www.microsoft.com/technet/security/bulletin/ms06-056.mspx
Microsoft Severity: Moderate
If you are running .NET 2.0 on your system and you visit and evil website or read an evil email AND you click a link on the website or email, an attacker may be able to inject code into your browser window to read information from your system or trick your browser into thinking you're on a secure website. This attack may be more prevalent in phishing attacks. The threat is listed as Moderate because it requires the user to perform several steps before any evil action may occur. Shavlik recommends patching this issue within your normal systems update routine.
MS06-057 - Vulnerability in Windows Explorer Could Allow Remote Execution (923191)
http://www.microsoft.com/technet/security/bulletin/ms06-057.mspx
Severity: Critical
There is a vulnerability in the Windows Shell (the GUI interface of the Operating System) that could allow an attacker to take complete control over your system if you visit an evil website or read an evil email. The attacker would have the same level of access to your system as you have when you are logged on to your system. Exploit code exists on the Internet and Microsoft reports that some users have been exploited by this issue. Shavlik recommends applying this patch as soon as possible.
MS06-058 - Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)
MS06-059 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164) MS06-060 - Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)
http://www.microsoft.com/technet/security/bulletin/ms06-058.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-059.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-060.mspx
Severity: Critical
Three bulletins with similar issues affecting PowerPoint, Excel, and Word. In each case, opening a maliciously created PowerPoint, Excel, or Word document could give an attacker complete access to your system. The attacker would have the same level of access to your system as you have when you are logged on to your system. Exploit code for the PowerPoint and Word flaws exist on the Internet and Microsoft reports that some users have been exploited by this issue. Proof of concept code for the Excel issue has been posted to the Internet. Shavlik recommends applying these three patches as soon as possible. Office 2000 systems have the least built-in protection and should be patched first.
MS06-061 - Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191)
http://www.microsoft.com/technet/security/bulletin/ms06-061.mspx
Severity: Critical
A flaw exists in the MSXML parser (present on every Microsoft system) that may allow an attacker to take complete control of your system, should you visit the attacker's evil website. The attacker would have the same level of access to your system as you have when you are logged on to your system. Microsoft has not received any reports that this has been exploited on the Internet, however, Shavlik recommends installing this update as soon as possible. Note: Every version of the MSXML parser is vulnerable - you may have as many as four different versions installed on your system - meaning there are four separate patches to install to protect yourself from this issue.
MS06-062 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)
http://www.microsoft.com/technet/security/bulletin/ms06-062.mspx
Severity: Critical
Similar to the 58, 59, 60 bulletins above, opening a malformed Office document may allow an attacker to gain complete control of your system. The attacker would have the same level of access to your system as you have when you are logged on to your system. Microsoft has not seen any exploits on the Internet for this issue. Shavlik recommends installing this patch over the next month. Office 2000 systems have the least built-in protection and should be patched first.
MS06-063 - Vulnerability in Server Service Could Allow Denial of Service (923414)
http://www.microsoft.com/technet/security/bulletin/ms06-063.mspx
Severity: Important
This patch fixes another bug in the Server Service. A remote attacker can send a specially crafted packet to a system and cause that system to stop responding, or in extreme cases, may be able to execute code on the remote system (though this has not been confirmed). The remote attacker would need to have access to NetBIOS ports TCP 139 or TCP 445. Blocking these ports on your Internet firewall will help protect against this attack. Proof of concept exploit code has been published to the Internet for this exploit. Shavlik recommends installing this patch as soon as possible to help prevent Denial of Service attacks.
MS06-064 - Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819)
http://www.microsoft.com/technet/security/bulletin/ms06-064.mspx
Severity: Low
This is a vulnerability in Microsoft's implementation of IPv6. XP and 2003 systems running IPv6 may be subject to a Denial of Service by an attacker who is on the same local network. Systems that are not running IPv6 are not vulnerable. Proof of concept exploit code exists on the Internet for this exploit. Shavlik recommends installing this patch on systems where IPv6 is installed, though the patch will show as available and can be installed on IPv4 systems.
MS06-065 - Vulnerability in Windows Object Packager Could Allow Remote Execution (924496)
http://www.microsoft.com/technet/security/bulletin/ms06-065.mspx
Severity: Moderate
This is a very complex attack that could allow a remote attacker to gain control of your system - they would receive the same level of access to your system as you have when you are logged on to your computer. In this attack, a user must open an evil .rtf document (or similar), click on an embedded object within that document, and then click to acknowledge a warning message. Microsoft is not aware of any exploit code for this issue. Shavlik believe the risk of attack is low given the number of steps required for the end user to take in order to be exploited and therefore recommends installing this patch within your normal systems update routine.
Additional information about these new security bulletins can be found on Microsoft’s TechNet Web site at:
http://www.microsoft.com/technet/security/bulletin/ms06-oct.mspx
Shavlik recommends installation of these patches to ensure networks are secure. Deployment is simple with Shavlik NetChk(TM) Protect, our integrated patch and spyware management solution. Handle two of the most persistent network problems through one console! For more information about Shavlik NetChk Protect, or to watch a live demo, click
http://www.shavlik.com/netchk-protect.aspx
For more information about October Patch Tuesday, please visit CEO Mark Shavlik's blog at
http://shavlik.typepad.com/mark_shavliks_blog/2006/10/shavlik_data_re.html
----
Coming Soon! Shavlik NetChk Protect 5.8.
The simplest way to secure complex enterprise networks!
Shavlik NetChk Protect 5.8 Features:
Flexible Architecture to Meet Your Needs
Integrates Seamlessly in Your Environment
Comprehensive Active Vulnerability Management
For more information about how to secure your network with Shavlik NetChk Protect 5.8, call your Shavlik representative at (800) 690-6911 or +1 (612) 331-6737 (international), or email sales@shavlik.com.
