Microsoft August Updates
Incidents.org has an initial list of the updates today from Microsoft, there is also a brief from Microsoft on the updates. It appears as though one is Powerpoint specific, another is Office releated, one is tagged as an Internet Explorer update and the rest Windows. More details later in the day. Hopefully we can get more details from the technet security page when it’s updated.
Update…. Details time…
In addition to Sans (Incidents.org) having updated the first diary entry above… they have a good chart of upgrade priorities which distinguishes between system roles. Obviously Office vulnerabilities might not be a critical issue on a server, while a vulnerability that could allow for worm propogation is critical on everything.
There are non-critical non-security updates from Microsoft this month as well. (Junk mail filter for Outlook update, Infopath 2003, Malicious software removal tool.) US-CERT has information on active in the wild exploitation of at least one of the vulnerabilities. The most critical of the vulnerabilities is MS06-040 which is a vulnerability in the server service and has been reported as the most likely to be exploited by a worm or self-replicating virus.
The security Fix get’s into the details as well. Brian notes that the updates patch 23 flaws, one of the oldest Internet Explorer related flaws was reported in 2004. Also, he reminds that for Office 2000 users, they will have to manually check for updates.
Several that post on the Security Fix site have asked about any known problems with the updates. That is not yet known, however in recent months there have been problems with at least one update a month it seems. Let’s hope that MS06-040 is one that they got right the first patch.