Tomorrow will bring more patches than usual, twelve security related if I count them right, plus a new version of the Windows Malicious Software Removal Tool and either three high-priority updates as well. Is that a new record?
Nine of the security patches are for Windows, one for Exchange Server and two for MS Office. The Windows and MS Office security patches are marked "Critical", so make sure you apply the lot. Full details on the MS Security Bulletin pages and Microsoft is holding a Webcast about the patches on the 14th US time, so the 15th for Kiwis and Aussies.
Update: Running Microsoft Update on a system here, and see that Windows Genuine Advantage Validation Tool KB892130 is required before anything else gets downloaded and installed. After that, Microsoft Update stops and says I have succesfully updated my computer. Hmm... that's a tad too optimistic, as I believe I have a number of patches left to go through. I also have validated the copy of Windows XP on that machine a number of times before.
While I can appreciate Microsoft's concern about pirated software, it really is getting its priorities wrong here. The security patches should be downloaded and installed first, instead of treating all customers as possible software pirates.
Microsoft also classifies the Windows Genuine Advantage Notification (KB905474) as a "high priority update" if you haven't got it installed already and says:
Come on, Microsoft... that's not true.
All in all, I got four security updates for XP on the test system (KB914389, KB918439, KB911280, KB917953) plus the Windows Malicious Software Removal Tool again (KB890830). Office 2003 got an update for the Outlook Junk filter (KB917149), Security Updates for Word (KB917334) and PowerPoint (KB916518) - didn't expect the last one. A grand total of 15.4MB for the lot.
Here's the official word (no pun intended) from Microsoft on the patches:
Updates Released Today:
Max. Severity Bulletin Number Products Affected Impact
Critical MS06-021 Microsoft Windows Remote Code Execution
Critical MS06-022 Microsoft Windows Remote Code Execution
Critical MS06-023 Microsoft Windows Remote Code Execution
Critical MS06-024 Windows Media Player Remote Code Execution
Critical MS06-025 Microsoft Windows Remote Code Execution
Critical MS06-026 Microsoft Windows Remote Code Execution
Critical MS06-027 Microsoft Word Remote Code Execution
Critical MS06-028 Microsoft PowerPoint Remote Code Execution
Important MS06-029 Microsoft Exchange+ OWA Remote Code Execution
Important MS06-030 Microsoft Windows Elevation of Privilege
Moderate MS06-031 Microsoft Windows Spoofing
Important MS06-032 Microsoft Windows Remote Code Execution
The summary for these new bulletins can be found by visiting:
In addition, Microsoft is re-releasing the following security bulletin:
Important MS06-011 Microsoft Windows Elevation of Privilege
Information on this re-released bulletin may be found at the following page:
TechNet Webcast: Information about Microsoft June 2006 Security Bulletins (level 200)
Live: Thursday, 15 June 2006 4.00 PM NZST
The on-demand version of the Webcast will be available 24 hours after the live Webcast at: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032297371
Microsoft Windows Malicious Software Removal Tool
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will not be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here:
Microsoft recommends that all customers sign up for Microsoft Update (MU) and enable its Automatic Updates functionality to receive all updates available this month and to help make their systems more secure. MU is a service offered at no charge that gives customers everything they get through Windows Update (WU), plus high priority updates for Office and other Microsoft applications. Customers can sign up for MU by following the steps at:
comments powered by Disqus