Sunday, March 19, 2006

Microsoft Releases 2 New Security Bulletins

On March 14th, Microsoft released two new security bulletins, one rated as important and the other as critical on the company's security rating scale.

The important bulletin (MS06-011) includes a patch for a vulnerability in the Permissive Windows Services DACLs which, if successfully exploited, can allow an attacker to take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft's second bulletin (MS06-012), rated critical, addresses a vulnerability in Microsoft Office that could allow remote code execution. An attacker could exploit this vulnerability and take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Below is more detail regarding the new Microsoft Security Bulletins:

MS06-011: Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798)
Severity: Important
http://www.microsoft.com/technet/security/Bulletin/MS06-011.mspx

MS06-012: Vulnerability in Microsoft Office Could Allow Remote Code Execution
Severity: Critical
http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx

MSRT-001: Malicious Software Removal Tool (March Update) http://www.microsoft.com/security/malwareremove/default.mspx

Additional information about these bulletins can be found on Microsoft's TechNet Web Site at: http://www.microsoft.com/technet/security/bulletin/ms06-Mar.mspx. Additional details on these bulletins can also be found on the on Shavlik's Web site at http://forum.shavlik.com/viewtopic.php?t=3002.

Shavlik recommends installation of these patches as soon as possible in order to ensure networks are secure. Deployment is simple with Shavlik NetChk(TM) Protect, our integrated patch and spyware management solution. Handle two of the most persistent network problems through one console! For more information about Shavlik NetChk Protect, or to watch a live demo, click http://www.shavlik.com/netchk-protect.html.

----
New! IMPORTANT NOTE REGARDING MBSA 1.2.1

Microsoft will be discontinuing support for MBSA 1.2.1 as of March 31, 2006. To support these MBSA 1.2.1 users, Shavlik Technologies has developed Shavlik NetChk(TM) Analyzer, a commandline patch scanner. The Shavlik NetChk Analyzer will be a replacement for the mbsacli.exe that shipped in MBSA 1.2.1, scheduled for release on March 31, 2006. For more information, please visit CEO Mark Shavlik's blog at mark_shavliks_blog.

----

Shavlik NetChk Protect is the first integrated solution that automates the management of critical security patches and spyware from one easy-to-use console. For more information about how Shavlik NetChk Protect can help you secure your network, or to download a free version, please visit www.shavlik.com, call your Shavlik representative at (800) 690-6911 or +1 (612) 331-6737 (international), or email sales@shavlik.com.


Posted by: Jethro | 9:38 AM |