- home
- reviews
- news
- downloads
- cnet tv
On MovieTome: See the villain of IRON MAN 2!
- log in
- join CNET
- welcome,
- my profile
- log out

Robert Vamosi
Senior editor

Meet the editors

Hardware

Software & services

Networking & communications

Buying guides

Rob Vamosi's
award-winning
column on Internet threats and how to counter them
Delivered Mondays

All free newsletters

CNET Security Center: Your complete source of antivirus and Internet security information.

Microsoft patches 23 flaws in Windows and Office
Nine patches are deemed critical by the software giant.
By Robert Vamosi (August 8, 2006)

QUICK FACTS

Name: August 2006 Microsoft security bulletins

Date first reported: 8/8/06

Software vulnerable: Windows 2000, Windows XP, and Windows Server 2003; Microsoft Office 2000, XP, and 2003; plus Microsoft Office for Mac OS X.

What it does: Critical flaws left unpatched could allow remote exploitation of your PC.

Recommendations: Download and install these patches as soon as possible.

Microsoft has released its August 2006 security bulletin, which includes 12 updates: 9 are listed by Microsoft as critical and 3 are important. Two of the critical updates this month are specific to Microsoft Office, including one specific to PowerPoint that includes the Mac versions of Office. Users of Windows 98 and Windows Me will notice that Microsoft longer offers technical support for these two operating systems. To keep your Windows 98 and Me systems secure, see our roundup of compatible third-party security applications. All Microsoft security patches for Windows and Office software are available via Microsoft Update or the individual bulletins detailed below. For more details, see our coverage on News.com.

MS06-040: Critical

Entitled "Vulnerability in Server Service Could Allow Remote Code Execution (921883)," this advisory affects Windows 2000 and XP; it also affects Windows Server 2003. Exploitation could lead to remote code execution.

MS06-041: Critical

Entitled "Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683)," this advisory affects Windows 2000 and XP; it also affects Windows Server 2003. Exploitation could lead to remote code execution.

MS06-042: Critical

Entitled "Cumulative Security Update for Internet Explorer (918899)," this advisory affects Internet Explorer versions 5.01 through 6 running on Windows 2000 and XP; it also affects Windows Server 2003. Exploitation could lead to remote code execution.

MS06-043: Critical

Entitled "Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)," this advisory affects Outlook Express 6 running Windows XP SP2, XP x64, and Windows Server 2003 SP1; it does not affect Windows 2000, XP SP1. Exploitation could lead to remote code execution.

MS06-044: Critical

Entitled "Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008)," this advisory affects Windows 2000 SP4; it does not affect Windows XP, XP x64, or Windows Server 2003. Exploitation could lead to remote code execution.

MS06-045: Important

Entitled "Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)," this advisory affects Windows 2000 SP4, XP, and Windows Server 2003. Exploitation could lead to remote code execution.

MS06-046: Critical

Entitled "Vulnerability in HTML Help Could Allow Remote Code Execution (922616)," this advisory affects Windows 2000 SP4, XP, and Windows Server 2003. Exploitation could lead to remote code execution.

MS06-047: Critical

Entitled "Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645)," this advisory affects Microsoft Office 2000 SP3, Microsoft Project SP1, Microsoft Access SP3, Microsoft Project 2002, Microsoft Visio 2002, plus Microsoft Works Suites 2004, 2005, and 2006; it does not affect Microsoft Office 2003 SP1 and SP2. Exploitation could lead to remote code execution.

MS06-048: Critical

Entitled "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968)," this advisory affects Microsoft Office 2000 SP3, specifically PowerPoint 2000; Microsoft Office XP SP3, specifically PowerPoint 2002; Microsoft Office 2003, specifically PowerPoint 2003; and Microsoft Office for Mac OS X, specifically PowerPoint 2004. It does not affect Microsoft Powerpoint Viewer 2003, or Microsoft Works Suites 2004, 2005, and 2006. Exploitation could lead to remote code execution.

MS06-049: Important

Entitled "Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958)," this advisory affects Windows 2000 SP4; it does not affect Windows XP or Windows Server 2003. Exploitation could lead to escalation of privileges on a compromised machine.

MS06-050: Important

Entitled "Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)," this advisory affects Windows 2000 and XP; it also affects Windows Server 2003. Exploitation could lead to remote code execution.

MS06-051: Critical

Entitled "Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422)," this advisory affects Windows 2000 and XP; it also affects Windows Server 2003. Exploitation could lead to remote code execution.

Reviews & advice: Site map; Editorial policies; Meet the editors; How we test; Forums; Internet speed test

Popular topics: Apple iPhone; Apple iPod; Cell phones; Dell; GPS; LCD TV

CNET sites: CNET Site map; CNET TV; Downloads; News; Reviews; Shopper.com

More information: Newsletters; CNET Mobile; Customer Help Center; RSS; CNET Widgets; About CNET

Privacy policy
Terms of use
Visit other CBS Interactive sites:

#networkSites {display:none;}BNET | CHOW | CNET.com | CNET Channel | GameSpot | International Media | mySimon | Search.com | TechRepublic | TV.com | ZDNet