Alert Type:
Security - June 16, 2006

Alert Summary:
Released on June 13, Microsoft's June 2006 security updates address Critical, Important, and Moderate vulnerabilities that as a group affect all supported versions of Microsoft Windows, including:

• Eight Critical updates for Internet Explorer (MS06-021), ART image rendering (MS06-022), JScript (MS06-023), Windows Media Player (MS06-024), Routing and Remote Access (MS06-025), the Windows Graphics Rendering Engine (MS06-026), Microsoft Word (MS06-027), and Microsoft PowerPoint (MS06-028)

• Three Important updates for Microsoft Exchange Server Running Outlook Web Access (MS06-029), Server Message Block (MS06-030), and TCP/IP (MS06-032)

• One Moderate update for RPC Mutual Authentication (MS06-031)

Ten of the twelve flaws addressed could allow remote attackers to run arbitrary code on an affected computer and gain complete control of the system. Exploits for five of the flaws were available within a day of Microsoft's release of the patches. Users of affected systems are urged to update their installations immediately.

Windows Server 2003, XP, and 2000 users who obtain the patches via Automatic Update, Windows Update, or Microsoft Update may also receive the June 2006 version of the Windows Malicious Software Removal Tool.

The Response So Far:
An exploit or exploits for the Microsoft Word vulnerability (MS06-027) had been made public prior to Microsoft's patch releases.

On June 14, The SANS Internet Storm Center reported the release of exploits for five of the vulnerabilities, including the exploit previously known to be available for Word.

On June 15, the Internet Storm Center carried a verified preliminary report of interference with dial-up networking by the Routing and Remote Access patch (MS06-026).

On June 16, the Internet Storm Center reported that a new 0-day exploit for the Microsoft Excel spreadsheet application had been reported in the Microsoft Security Response Center blog, and that Symantec's Norton Antivirus was detecting its malicious payload as Trojan.Mdropper.J and Downloader.Booli.A. This vulnerability is not addressed by the patches released on June 13.

How May These Issues Affect Your Subscribers and Users?
Successful exploits of these vulnerabilities could allow remote attackers to read, modify, and delete files; run arbitrary programs; and/or disrupt the operation of system processes on a compromised computer. Loss of data, privacy, and/or system function could result.

How May These Issues Affect Your Operations and Help Desk?
Your help desk may potentially experience an increase in call volume as a result of these issues. If unauthorized access or malicious programs cause damage to files or settings necessary for maintaining connectivity to your network, subscribers may contact your support desk for assistance in restoring their connections. Computer processes under the control of an attacker could be used to send spam or launch attacks against other computers inside and outside of your network. Disruption of system processes could result in computer malfunctions that drive calls to your help desk.

What Can You Do About Them?
Help desk staff should familiarize themselves with the details of these vulnerabilities and modifications, the bulletins and support pages that describe them, the patches that fix them, and the use and behavior of Automatic Update, Windows Update, and Microsoft Update, Microsoft's preferred means of delivering patches to end users.

Technical coverage of these Windows Security updates begins at http://www.microsoft.com/technet/security/bulletin/ms06-jun.mspx. End-user coverage begins at http://www.microsoft.com/athome/security/update/bulletins/200606.mspx. Details on Windows Update and Microsoft Update are available from the Windows Update site at http://windowsupdate.microsoft.com/. For current Microsoft operating systems, an upgrade to Microsoft Update, which provides single-source access to updates for Windows, Office, and other Microsoft software, is available via the Windows Update homepage.

A known issue in Automatic Update functionality may delay for up to several days notification and download of patches via Automatic Update as described at http://support.microsoft.com/?kbid=910340.

Fine Point Self Repair Technician cuts support costs and helps subscribers recover from malware attacks by repairing unwanted changes to web browser, e-mail, and networking settings. To learn more about Self Repair Technician, call +1.212.962.7410, e-mail sales@finepoint.com, or visit http://www.finepoint.com/.

You are receiving this SupportPoint Alert email because you are a member of the Fine Point Technologies SupportPoint Partner Program. If you would like to opt out of this mailing list, please send an email to supportpoint@finepoint.com with your request to be removed. This document is intended for informational purposes only. Fine Point Technologies, Inc., assumes no responsibility or liability for damages resulting from errors or misuse of information contained herein. Copyright © 2006 Fine Point Technologies, Inc. All rights reserved.

Fine Point Technologies and SupportPoint are trademarks or registered trademarks of Fine Point Technologies, Inc. Microsoft, Windows, and ActiveX are registered trademarks of Microsoft Corporation in the United States and/or other countries.

Symantec and Norton Antivirus are trademarks of Symantec Corporation.

Other registered trademarks used herein are the property of their respective owners.