Blog

Home > Microsoft Security > Microsoft Security Bulletin Ms06 078

Microsoft Security Bulletin Ms06 078

Using this switch may cause the installation to proceed more slowly. During installation, creates %Windir%\CabBuild.log. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes Yes. http://getbetabox.com/microsoft-security/microsoft-security-bulletin-ms06-070.html

Special Options /overwriteoem Overwrites OEM files without prompting. /nobackup Does not back up files needed for uninstallation. /forceappsclose Forces other programs to close when the computer shuts down. /log: path Allows To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site. What does the update do? If the file or version information is not present, use one of the other available methods to verify update installation. https://technet.microsoft.com/en-us/library/security/ms06-078.aspx

Can I use the Microsoft Baseline Security Analyzer (MBSA) 1.2.1 to determine whether this update is required? Special Options /overwriteoem Overwrites OEM files without prompting. /nobackup Does not back up files needed for uninstallation. /forceappsclose Forces other programs to close when the computer shuts down. /log:path Allows the Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended. For more information about the extended security update support period for these operating system versions, visit the Microsoft Product Support Services Web site.

However, best practices strongly discourage allowing this. In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user and by persuading the user to open the file. In all cases, however, an attacker would have no way to force users to visit these Web sites. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose.

Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update has been applied. Administrators can use the Elevated Rights Deployment Tool (available in the SMS 2003 Administration Feature Pack and in the SMS 2.0 Administration Feature Pack) to install these updates. No user interaction is required, but installation status is displayed. It has been assigned the Common Vulnerability and Exposure number CVE-2006-6134.

In order for the exploit to take place, the user would have to open the .wab file. Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update has been applied. For more information about how to deploy this security update using Windows Server Update Services, visit the Windows Server Update Services Web site. Revisions: V1.0 (February 14, 2006): Bulletin published.

For more information about how to deploy this security update using Windows Server Update Services, visit the Windows Server Update Services Web site. Visit Website Restart Options /norestart Does not restart when installation has completed. /forcerestart Restarts the computer after installation and forces other applications to close at shutdown without saving open files first. /warnrestart[:x] Displays The Restricted sites zone helps reduce attacks that could try to exploit this vulnerability by preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail. This bulletin has been reissued to remove Microsoft Windows XP Service Pack 3 from the Affected Software list for Microsoft Windows Media Player 6.4 and to add Microsoft Windows Media Player

Registry Key Verification You may also be able to verify the files that this security update has installed by reviewing the following registry key. http://getbetabox.com/microsoft-security/microsoft-security-bulletin-03-026.html Special Options /overwriteoem Overwrites OEM files without prompting. /nobackup Does not back up files needed for uninstallation. /forceappsclose Forces other programs to close when the computer shuts down. /log:path Allows the Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. For more information, see Microsoft Knowledge Base Article 910723.

For more information about how to deploy this security update using Windows Server Update Services, visit the Windows Server Update Services Web site. Windows Server Update Services: By using Windows Server Update Services (WSUS), administrators can quickly and reliably deploy the latest critical updates and security updates for Windows 2000 operating systems and later, For more information, see the Windows Operating System Product Support Lifecycle FAQ. this contact form Security Advisories and Bulletins Security Bulletin Summaries 2006 2006 MS06-DEC MS06-DEC MS06-DEC MS06-DEC MS06-NOV MS06-OCT MS06-SEP MS06-AUG MS06-JUL MS06-JUN MS06-MAY MS06-APR MS06-MAR MS06-FEB MS06-JAN TOC Collapse the table of content Expand

Registry Key Verification You may also be able to verify the files that this security update has installed by reviewing the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Outlook Express 6\SP1\KB911567-OE6SP1-20060316.165634\Filelist Note This registry key This includes suppressing failure messages. Administrators can use the Elevated Rights Deployment Tool (available in the SMS 2003 Administration Feature Pack and in the SMS 2.0 Administration Feature Pack) to install these updates.

This is the same as unattended mode, but no status or error messages are displayed.

IT professionals can visit the Security Guidance Center Web site. No. Note The security updates for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 also apply to Microsoft Windows Server 2003 R2. I have installed Windows Media Player 11 on my computer.

Deployment Information To install the security update without any user intervention, use the following command at a command prompt for Windows 2000 Service Pack 4: Windows2000-kb920683-x86-enu /quiet Note Use of the What might an attacker use the vulnerability to do? For backward compatibility, the security update also supports many of the setup switches that the earlier version of the Setup program uses. http://getbetabox.com/microsoft-security/microsoft-security-bulletin-ms06-019.html For more information about how administrators can use SMS 2003 to deploy security updates, visit the SMS 2003 Security Patch Management Web site.

This security update does not support HotPatching. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site. Also, this registry key may not be created correctly if an administrator or an OEM integrates or slipstreams the security update into the Windows installation source files. During installation, creates %Windir%\CabBuild.log.

When a workaround reduces functionality, it is identified in the following section. For more information about Windows Media Player 11 you can visit the Windows Media Player Home Web page.