·       (MS06-040) - Vulnerability in Server Service Could Allow Remote Code Execution (921883) - Critical

Primary Attack Vector: Via the internet but there is a potential for email or local exploitation. 
Public Exploit Available: Yes.
Assumptions: NetBIOS traffic is dropped at the firewall of all organizations following best practices. 
Recommendations: Apply patch after testing as soon as possible.  This has a strong possibility to be used in a worm.
Advisory Candidate: Yes.

·       (MS06-041) - Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683) - Critical

Primary Attack Vector: This bulletin addresses two separate vulnerabilities.  The first is exploited via malformed DNS responses from a malicious DNS server.  The second is exploited by enticing a user to visit a malicious website or open a malicious attachment in email..

Public Exploit Available: No.
Assumptions: Users in a workplace should have appropriate training to not open questionable attachments or visit unknown websites.  Multiple manual steps are required on the users’ part for these to be successfully exploited. 

Recommendations: Apply patch after testing as soon as possible. 
Advisory Candidate: No.

·       (MS06-042) - Cumulative Security Update for Internet Explorer (918899) - Critical

Primary Attack Vector: Entice user to visit a malicious website.
Public Exploit Available: No.
Assumptions: Users in a workplace should have appropriate training to not visit unknown websites. 
Recommendations: This corrects issues with MS06-021 and MS06-013 and fixes one new vulnerability in FTP. Therefore, we recommend you apply the patch after testing as soon as possible. 

Advisory Candidate: Yes.

·       (MS06-043) - Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214) - Critical - listed by US-Certs today.

Primary Attack Vector: Entice user to visit a malicious website or open a malicious HTML formatted email.
Public Exploit Available: No.
Assumptions: Users in a workplace should have appropriate training to not open questionable attachments or visit unknown websites. Organizations are using Outlook 2002 and 2003 which opens email in a restricted zone preventing code from auto-executing.

Recommendations: Apply patch as soon as possible after testing.
Advisory Candidate: No.

·       (MS06-044) - Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008) - Critical

Primary Attack Vector: Only affects Windows 2000 users.  Entice user to visit a malicious website.
Public Exploit Available: No.
Assumptions: Windows 2000 users have upgraded to Internet Explorer 6 SP1 which prevents local file access from the internet zone. Users in a workplace should have appropriate training to not visit unknown websites.  

Recommendations: Apply patch as soon as possible after testing.
Advisory Candidate: No.

·       (MS06-045) - Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398) - Important

Primary Attack Vector: Entice user to visit and save a malicious website.
Public Exploit Available: No.
Assumptions: Users in a workplace should have appropriate training to not visit unknown websites.  Multiple manual steps are required on the users’ part for these to be successfully exploited.   

Recommendations: Apply patch during the next regular patch cycle after testing. 
Advisory Candidate: No.

·       (MS06-046) - Vulnerability in HTML Help Could Allow Remote Code Execution (922616) - Critical

Primary Attack Vector: Entice user to visit a malicious website or open a malicious attachment in email.
Public Exploit Available: No.
Assumptions: Users in a workplace should have appropriate training to not open questionable attachments or visit unknown websites.  Multiple manual steps are required on the users’ part for these to be successfully exploited. Organizations are using Outlook 2002 and 2003 which opens email in a restricted zone preventing code from auto-executing.   

Recommendations: Apply patch as soon as possible after testing. 
Advisory Candidate: No.

·       (MS06-047) - Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645) - Critical

Primary Attack Vector: Entice user to visit a malicious website or open a malicious attachment in email.
Public Exploit Available: Yes.
Assumptions: Users in a workplace should have appropriate training to not open questionable attachments or visit unknown websites.  Most organization have upgraded to Office XP or 2003 which require multiple manual steps on the users’ part for these to be successfully exploited.    

Recommendations: Apply patch as soon as possible after testing.  Note that this is only critical for Office 2000.
Advisory Candidate: No.

·       (MS06-048) - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968) - Critical

Primary Attack Vector: This addresses two different vulnerabilities both of which require a user to be enticed to visit a malicious website or open a malicious attachment in email.

Public Exploit Available: Yes.
Assumptions: Users in a workplace should have appropriate training to not open questionable attachments or visit unknown websites.  Multiple manual steps are required on the users’ part for these to be successfully exploited.    

Recommendations: This also addresses the PowerPoint zero day exploit identified in MS-ISAC Advisory 2006-013. Therefore, apply the patch as soon as possible after testing. 

Advisory Candidate: We will be updating advisory 2006-013.

·       (MS06-049) - Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958) - Important

Primary Attack Vector: Local access.
Public Exploit Available: No.
Assumptions: A local account is needed in order to exploit this vulnerability.     
Recommendations: Apply patch during the next regular patch cycle after testing
Advisory Candidate: No.

·       (MS06-050) - Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670) - Important

Primary Attack Vector: Entice user to visit a malicious website.
Public Exploit Available: Yes.
Assumptions: Users in a workplace should have appropriate training to not visit unknown websites.  Multiple manual steps are required on the users’ part for these to be successfully exploited.    

Recommendations: Apply patch as soon as possible after testing.  Note that this updates MS06-015.
Advisory Candidate: No.

·       (MS06-051) - Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422) - Critical

Primary Attack Vector: This addresses two different vulnerabilities.  The first requires a valid local logon therefore, it is not remotely exploitable. The second requires a user to be enticed to visit a malicious website.

Public Exploit Available: No.
Assumptions:  Users in a workplace should have appropriate training to not visit unknown websites.  Multiple manual steps are required on the users’ part for these to be successfully exploited.    

Recommendations: Apply patch as soon as possible after testing. 
Advisory Candidate: No.

 

 

The advisory #MS06-048 describing Vulnerabilities in Microsoft Office Could Allow Remote Code Execution addresses PowerPoint zero day exploit. Above patches are recommended to be applied as soon as possible after testing. As soon as DOIT and agencies can certify that the patch was applied, recommendation will made to lift the restriction of blocking the PowerPoint attachments.

 

Information Security Office

 

See all DOIT InfoSec advisories at http://www.doit.ri.gov/security/advisories web site.