Microsoft July Security Bulletin Review
A quick little, "where are we now" review.
Initial July Microsoft announcement:
http://www.microsoft.com/technet/security/bulletin/ms06-jul.mspx
MS06-033: Vulnerability in ASP.NET Could Allow Information Disclosure (917283)
CVE-2006-1300
CVSS base: 2.3
MS06-034: Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)
CVE-2006-0026
CVSS base: 4.2
initial ISC announement: http://isc.sans.org/diary.php?storyid=1473
reported to have some patch issues:
http://isc.sans.org/diary.php?storyid=1481
http://support.microsoft.com/kb/917537
Microsoft updated the .cab file:
http://isc.sans.org/diary.php?storyid=1494
http://blogs.technet.com/msrc/archive/2006/07/18/442388.aspx
exploit code is available
MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159)
aka "Mailslot"
CVE-2006-1314
CVSS base: 7.0
CVE-2006-1315
CVSS base: 2.3
initial ISC announement: http://isc.sans.org/diary.php?storyid=1471
exploit code is available
MS06-036: Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)
CVE-2006-2372
CVSS base: 7.0 temporal: 5.8
initial ISC announement: http://isc.sans.org/diary.php?storyid=1472
exploit code is available: http://isc.sans.org/diary.php?storyid=1502
MS06-037: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)
CVE-2006-1301
CVE-2006-1302
CVE-2006-1304
CVE-2006-1306
CVE-2006-1308
CVE-2006-1309
CVE-2006-2388
CVE-2006-3059
CVSS base: 5.6
initial ISC announement: http://isc.sans.org/diary.php?storyid=1474
MS06-038: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
CVE-2006-1316 ? Microsoft Office Parsing Vulnerability
CVSS base: 5.6
CVE-2006-1540 ? Microsoft Office Malformed String Parsing Vulnerability
CVSS base: 1.1
CVE-2006-2389 ? Microsoft Office Property Vulnerability
CVSS base: 6.5
initial ISC announement: http://isc.sans.org/diary.php?storyid=1475
MS06-039: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)
CVE-2006-0033
CVSS base: 3.7
CVE-2006-0007
CVSS base: 5.6
initial ISC announement: http://isc.sans.org/diary.php?storyid=1476
Initial July Microsoft announcement:
http://www.microsoft.com/technet/security/bulletin/ms06-jul.mspx
MS06-033: Vulnerability in ASP.NET Could Allow Information Disclosure (917283)
CVE-2006-1300
CVSS base: 2.3
MS06-034: Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)
CVE-2006-0026
CVSS base: 4.2
initial ISC announement: http://isc.sans.org/diary.php?storyid=1473
reported to have some patch issues:
http://isc.sans.org/diary.php?storyid=1481
http://support.microsoft.com/kb/917537
Microsoft updated the .cab file:
http://isc.sans.org/diary.php?storyid=1494
http://blogs.technet.com/msrc/archive/2006/07/18/442388.aspx
exploit code is available
MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159)
aka "Mailslot"
CVE-2006-1314
CVSS base: 7.0
CVE-2006-1315
CVSS base: 2.3
initial ISC announement: http://isc.sans.org/diary.php?storyid=1471
exploit code is available
MS06-036: Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)
CVE-2006-2372
CVSS base: 7.0 temporal: 5.8
initial ISC announement: http://isc.sans.org/diary.php?storyid=1472
exploit code is available: http://isc.sans.org/diary.php?storyid=1502
MS06-037: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)
CVE-2006-1301
CVE-2006-1302
CVE-2006-1304
CVE-2006-1306
CVE-2006-1308
CVE-2006-1309
CVE-2006-2388
CVE-2006-3059
CVSS base: 5.6
initial ISC announement: http://isc.sans.org/diary.php?storyid=1474
MS06-038: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
CVE-2006-1316 ? Microsoft Office Parsing Vulnerability
CVSS base: 5.6
CVE-2006-1540 ? Microsoft Office Malformed String Parsing Vulnerability
CVSS base: 1.1
CVE-2006-2389 ? Microsoft Office Property Vulnerability
CVSS base: 6.5
initial ISC announement: http://isc.sans.org/diary.php?storyid=1475
MS06-039: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)
CVE-2006-0033
CVSS base: 3.7
CVE-2006-0007
CVSS base: 5.6
initial ISC announement: http://isc.sans.org/diary.php?storyid=1476
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments