Alert Type:
Security - July 31, 2006

Alert Summary:
Released on July 11, Microsoft's July 2006 security updates address Critical and Important vulnerabilities that as a group affect Microsoft Office and all supported versions of Microsoft Windows, which as of July 11 no longer include Windows 98, Windows 98 Second Edition, and Windows Me. Users of affected systems should update their installations as soon as possible via Windows Update, Microsoft Update, or equivalent patch-management solutions.

This month, SupportPoint goes to patch-by-patch coverage to highlight the ongoingly high activity involving these patches by Microsoft, users, and attackers alike.

MS06-033: "Vulnerability in ASP.NET Could Allow Information Disclosure" (http://www.microsoft.com/technet/security/Bulletin/MS06-033.mspx). This Important vulnerability, which affects .NET 2.0, could allow an attacker to gain unauthorized access to known Application folder objects by bypassing ASP.Net security.

Microsoft's Version 1.0 bulletin on MS06-033 was updated to Version 1.1 on July 11 and 1.2 on July 19.

Microsoft Knowledge Base article 917283 documents currently known issues that customers may experience when they install this update.

MS06-034: "Vulnerability in Microsoft Internal Information Services Using Active Server Pages Could Allow Remote Code Execution" (http://www.microsoft.com/technet/security/Bulletin/MS06-034.mspx) The title of the bulletin for this Important vulnerability conveys its potential impact. The vulnerability affects IIS 5.0, 5.1, and 6.0 on all supported versions of Windows other than Windows XP Home SP1 and SP2.

Microsoft's Version 1.0 bulletin on MS06-034 was updated to Version 1.1 on July 12 and Version 1.2 on July 19.

As described in a Microsoft Security Response Center Blog posting on July 18, Microsoft reissued this patch with a modified installer after receiving reports of silent failures during installation of the original version, saying, "We recommend all Windows 2003 SP1 users rerun detection on these systems to make sure that their systems have updated properly." Microsoft Knowledge Base article 917537 provides details on issues involved with the installation and reissue of this patch.

The SANS Internet Security Center reported on July 24 that a public exploit had been published for MS06-034. MS06-035: "Vulnerability in Server Service Could Allow Remote Code Execution (917159)"  (http://www.microsoft.com/technet/security/Bulletin/MS06-035.mspx). The title of the bulletin for this Critical vulnerability, affects all supported versions of Windows, conveys its potential impact. Although support ended for Windows 98, Windows 98 Second Edition, and Windows Me as of July 11, the bulletin explicitly states that this vulnerability does not affect those operating systems.

Microsoft's Version 1.0 bulletin on MS06-035 was updated to Version 1.1 on July 11.

The SANS Internet Security Center reported on July 24 that a public exploit had been published for the MS06-035 vulnerability.

MS06-036: "Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)"  (http://www.microsoft.com/technet/security/bulletin/ms06-036.mspx) The title of this Critical vulnerability conveys its potential impact. This vulnerability affects all supported versions of Windows. Even though supported ended for Windows 98, Windows 98 Second Edition, and Windows Me as of July 11, the bulletin explicitly states that this vulnerability does not affect those operating systems.

Microsoft's Version bulletin on MS06-036 remains at Version 1.0.

The SANS Internet Security Center reported on July 24 that a public exploit had been published for MS06-036.

MS06-037: "Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)"  (http://www.microsoft.com/technet/security/bulletin/ms06-037.mspx) The title of this Critical vulnerability conveys its potential impact. The software affected includes Microsoft Office and Excel. This update patches the 0-day Excel exploit that was published immediately following Microsoft's release of its June 2006 security updates.

Microsoft's Version 1.0 bulletin on MS06-037 was updated to Version 1.1 on July 12. MS06-038: "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)"  (http://www.microsoft.com/technet/security/bulletin/ms06-038.mspx) The title of this Critical vulnerability conveys its potential impact. The software affected includes Microsoft Office, Microsoft Project, Microsoft Visio, Microsoft Works (Suite 2004, 2005, and 2006), and Microsoft Visual Studio.

Microsoft updated its Version 1.0 bulletin on MS06-036 to Version 1.1 on July 12 and Version 1.2 on July 19.

MS06-039: "Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)"  (http://www.microsoft.com/technet/security/bulletin/ms06-039.mspx) The title of this Critical vulnerability conveys its potential impact. The products affected include Microsoft Office, Microsoft Project, and Microsoft Works.

Microsoft updated its Version 1.0 of the MS06-039 bulletin to Version 1.1 on July 12.

A New PowerPoint Exploit Published
Within a few days of the release of the July updates, the Internet Storm Center and the Microsoft Security Response Center reported that a new 0-day Microsoft PowerPoint exploit had appeared. On July 17, Microsoft published a security advisory on this issue, for which a patch is expected when August 2006 security updates are released.

A New Windows Server Service Exploit Published
On July 28, the Microsoft Security Response Team blog reported the existence of a proof-of-concept exploit for a Windows Server Service vulnerability not addressed in the July 11 MS06-035 bulletin. The workarounds described in MS06-035—blocking unsolicited inbound traffic and ports 135-139 and 445 from untrusted networks—apply to this new vulnerability as well.

Malicious Software Removal Tool and Anti-Spyware Definitions
Users who obtain the July 2006 security updates from Windows Update or Microsoft Update may also receive the July 2006 version of the Microsoft Malicious Software Removal Tool, now at Version 22.0. A description of the tool, including a list of the malware it detects and instructions on how to use its online version, appears in Microsoft Knowledge Base article 890830.

For users whose systems include Beta 2 of the Windows Defender anti-spyware application, two anti-spyware definitions updates have been published via Microsoft Update since July 11.

How May The July 2006 Issues Affect Your Subscribers and Users?
Successful exploits of these vulnerabilities could allow remote attackers to read, modify, and delete files; run arbitrary programs; and/or disrupt the operation of system processes on a compromised computer. Loss of data, privacy, and/or system function could result.

How May These Issues Affect Your Operations and Help Desk?
Your help desk may potentially experience an increase in call volume as a result of these issues. If unauthorized access or malicious programs cause damage to files or settings necessary for maintaining connectivity to your network, subscribers may contact your support desk for assistance in restoring their connections. Computer processes under the control of an attacker could be used to send spam or launch attacks against other computers inside and outside of your network. Disruption of system processes could result in computer malfunctions that drive calls to your help desk.

What Can You Do About Them?
Help desk staff should familiarize themselves with the details of these vulnerabilities and modifications, the bulletins and support pages that describe them, the patches that fix them, and the use and behavior of Automatic Update, Windows Update, and Microsoft Update, Microsoft's preferred means of delivering patches to end users.

Technical coverage of these Windows Security updates begins at http://www.microsoft.com/technet/security/bulletin/ms06-jul.mspx. End-user coverage begins at http://www.microsoft.com/athome/security/update/bulletins/200607.mspx. Details on Windows Update and Microsoft Update are available from the Windows Update site at http://windowsupdate.microsoft.com/. For current Microsoft operating systems, an upgrade from Windows Update to Microsoft Update, which provides single-source access to updates for Windows, Office, and other Microsoft software, is available via the Windows Update homepage.

A known issue in Automatic Update functionality may delay for up to several days notification and download of patches via Automatic Update as described at http://support.microsoft.com/?kbid=910340.

Fine Point Self Repair Technician cuts support costs and helps subscribers recover from malware attacks by repairing unwanted changes to web browser, e-mail, and networking settings. To learn more about Self Repair Technician, call +1.212.962.7410, e-mail sales@finepoint.com, or visit http://www.finepoint.com/.

You are receiving this SupportPoint Alert email because you are a member of the Fine Point Technologies SupportPoint Partner Program. If you would like to opt out of this mailing list, please send an email to supportpoint@finepoint.com with your request to be removed. This document is intended for informational purposes only. Fine Point Technologies, Inc., assumes no responsibility or liability for damages resulting from errors or misuse of information contained herein. Copyright © 2006 Fine Point Technologies, Inc. All rights reserved.

Fine Point Technologies and SupportPoint are trademarks or registered trademarks of Fine Point Technologies, Inc. Microsoft, Windows, PowerPoint, and Visio are registered trademarks of Microsoft Corporation in the United States and/or other countries.

Symantec and Norton Antivirus are trademarks of Symantec Corporation.

Other registered trademarks used herein are the property of their respective owners.