Go to Windows 7 Insider Guide
Spyware, viruses, & security : Microsoft Security Bulletin Minor Revisions
- 10/12/06 8:12 PM
Microsoft Security Bulletin Minor Revisions
by Donna Buenaventura - 10/12/06 8:12 PM
The following bulletins have undergone a minor revision increment. Kindly visit the bulletins page to view more information.
* MS06-063 - http://www.microsoft.com/technet/security/bulletin/ms06-063.mspx
- Reason for Revision: Bulletin content updated to clarify security impact associated with the SMB Rename Vulnerability CVE-2006-4696 as an authenticated remote code execution vulnerability. The guidance to block port 593 has also been removed from the "Mitigations and Workarounds" section of the bulletin for both vulnerabilities.
- Originally posted: October 10, 2006
- Updated: October 11, 2006
- Bulletin Severity Rating: Important
- Version: 1.1
* MS06-062 - http://www.microsoft.com/technet/security/bulletin/ms06-062.mspx
- Reason for Revision: Bulletin updated to add additional clarity around "I am updating the administrative installation points and I noticed that there are two .msp's. Why?" and "The administrative installation points lists mso.msp and pvmso.msp. Do I need to install both packages?" in the "Frequently Asked Questions (FAQ) Related to This Security Update" section.
- Originally posted: October 10, 2006
- Updated: October 11, 2006
- Bulletin Severity Rating: Critical
- Version: 1.1
* MS06-061 - http://www.microsoft.com/technet/security/bulletin/ms06-061.mspx
- Reason for Revision: Bulletin Updated: removed erroneous "Security Update Replacement" information. This update does not replace a prior security update.
- Originally posted:
- Updated: October 11, 2006
- Bulletin Severity Rating: Critical
- Version: 1.1
* MS06-060 - http://www.microsoft.com/technet/security/bulletin/ms06-060.mspx
- Reason for Revision: Bulletin updated to provide additional clarity around "What updates does this release replace?" for Office Word 2003 Viewer.
- Originally posted: October 10, 2006
- Updated: October 11, 2006
- Bulletin Severity Rating: Critical
- Version: 1.1
* MS06-056 - http://www.microsoft.com/technet/security/bulletin/ms06-056.mspx
- Reason for Revision: Bulletin updated "Caveats" Section and "What are the known issues that customers may experience when they install this security update?" under the "Frequently
Asked Questions (FAQ) Related to This Security Update" section.
- Originally posted: October 10, 2006
- Updated: October 11, 2006
- Bulletin Severity Rating: Moderate
- Version: 1.1
* MS06-048 - http://www.microsoft.com/technet/security/bulletin/ms06-048.mspx
- Reason for Revision: Bulletin updated to provide additional clarity for "Verifying Update Installation" for Office 2004 for Mac and Office v. X for Mac under the "Security Update Information" section.
- Originally posted: August 8, 2006
- Updated: October 11, 2006
- Bulletin Severity Rating: Critical
- Version: 1.1
* MS06-038 - http://www.microsoft.com/technet/security/bulletin/ms06-038.mspx
- Reason for Revision: Bulletin updated to add additional clarity around "I am updating the administrative installation points and I noticed that there are two .msp's. Why?" and "The administrative installation points lists mso.msp and pvmso.msp. Do I need to install both packages?" in the "Frequently Asked Questions (FAQ) Related to This Security Update" section.
- Originally posted: July 11, 2006
- Updated: October 11, 2006
- Bulletin Severity Rating: Critical
- Version: 1.5
Updates-something I have always wondered about.
by michhala - 10/13/06 1:59 AM In reply to: Microsoft Security Bulletin Minor Revisions by Donna Buenaventura
I am often undecided as to whether or not to download certain Microsoft Updates. There are three large high-priority update files this month for Office 2002/XP: Excel, Word, Office XP. I usually take all high-priority/critical updates, but I have to give it some thought before so doing. It would help if I was sure about the words in the updates, ''vulnerability could allow arbitrary code to run when a maliciously modified code is opened. Does the arbitrary code come in with an Excel or Word download or is it built-in?
I decided to disregard a high-priority update to the spelling checker that improves and corrects errors in Dutch language documents; but I am undecided about SharePoint Team Services (KB911701) and .NET Framework 2.0 (KB829019).
Do y'all download all the high-priority/critical updates without concern or do you give it some deep thought first :)? I have plenty of free space on my hard drive, so that is not the problem -- the problem is that I am overly cautious.
I manually download......do not use automatic option.
Miki
Miki..
by Donna Buenaventura - 10/13/06 9:06 AM
In reply to: Updates-something I have always wondered about. by michhala
Hi,
The vulnerability exists in Office product and/or the said component of Office (e.g. Word, Excel..) not with the download of certain files. The malicious file play a role only by exploiting the existing vulnerability in the product.
Microsoft recommend to install the update especially if they rated it as critical (rated base on impact).
As for .NET Framework 2.0, please see http://support.microsoft.com/kb/829019 to see the benefits of having it. I suggest to have it only if you have an application that requires it. Other version of .NET Framework can co-exists but again, get only what you need. Just make sure that there is no beta of .NET Framework if you decide to get a final version.
Yes, I get them all (low, moderate, important, high/critical) because all of them are fixes for security holes. I do read though [e.g. whether I have the affected product and version and the file name (if mentioned) or whether there is caveats and how it can be removed if there is issue]
Donna...thank you....and thank you :)
by michhala - 10/13/06 2:22 PM In reply to: Miki.. by Donna Buenaventura
You have helped me and my peace of mind
If I remember correctly, and not sure if I do, but wasn't there a time when Office updates were not listed on Microsoft/Windows Update?.....I always downloaded them separately from the Office download site, and I don't remember their being categorized by severity.
My intuition re .NET Framework 2.0 has been to stay with my 1.1 version and its related Hotfix, although I did put it on a friend's computer because of his applications. It eventually became corrupt and he was unable to use said applications until I discovered the problem and reinstalled a new 2.0.
If there is such a thing as being too cautious, then I am guilty.....my thanks for your ability to understand from where I am coming....that is amazing in itself
Miki
Never visit Office Update site til you mentioned Miki
by Donna Buenaventura - 10/13/06 7:33 PM
In reply to: Donna...thank you....and thank you :) by michhala
Thanks for mentioning Office Update site, I forgot about it since I've been getting MS products update at MU for months now. Today, I visited Office Update site to just see whether it's going to find anything I need or missing. Result is nothing to update anymore.
And because I don't visit it for months, I also don't remember if there is rating thingy 
You know being cautious is good! 
(NT) Donna: Sure do appreciate your reply and wisdom :D
by michhala - 10/14/06 1:49 AM In reply to: Never visit Office Update site til you mentioned Miki by Donna Buenaventura
Office Update vs. Microsoft Update vs, Windows Update
by pmchefalo - 10/16/06 5:46 AM In reply to: Donna...thank you....and thank you :) by michhalaGreat question!
If you are running Office 2000, you must continue to visit Office Update, whether you use Windows Update or Microsoft Update for Windows.
If you are still using Windows Update for Windows, you must still visit Office Update for Office updates. You should really upgrade to Microsoft Update to also get the Office 2002 (Office XP) and Office 2003 updates in the same place as Windows updates.
If you use Microsoft Update, you will get updates for Windows, Office and other Microsoft products at one time.
Update Question
by Fish - 10/15/06 5:55 AM In reply to: Microsoft Security Bulletin Minor Revisions by Donna Buenaventura
Donna,I have just gotten around to the chore of downloading last tuesdays releases.Since I have not yet done my downloads can I assume that what I download today will have these revisions included? Or will I need to download both releases.Fish
Fish, Yes, They Are Included... But..
by Grif Thomas - 10/15/06 2:35 PM
In reply to: Update Question by Fish
...the revisions are only "wording" changes, not the actual update itself.
Hope this helps.
Grif
(NT) Thank's for your reply Grif
by Fish - 10/15/06 7:09 PM In reply to: Fish, Yes, They Are Included... But.. by Grif Thomas
MS Download sends to older versions?
by berock - 10/16/06 4:54 AM In reply to: Microsoft Security Bulletin Minor Revisions by Donna Buenaventura
Donna, thanks for the alert. Some of these were included (and installed) in the October 10th Auto-Update but, per my pc's update revision history showing activity only up to October 10th, appear to be the PRE-October 11th versions.
When I click on your links, those links take me to the newest version's Security Bulletins, which reflect those version numbers and the October 11th revision date you indicate, but the download links on MS's Security Bulletin webpages lead to Version 1.0's (with older dates) on MS's KB webpages. When I download from there and attempt to install, I get a notification dialog box indicating that each is already installed, confirming that MS's downloads are the older versions listed on MS's KB webpages. How do I access those latest October 11th version when MS's download link lead to the older versions?
No changes with the security update
by Donna Buenaventura - 10/16/06 6:23 AM
In reply to: MS Download sends to older versions? by berock
The only stuff that has been revised is the bulletin but not the update
Just confirmed you got the latest by visiting Microsoft Update website. Microsoft did not re-released or revised the updates.
I received one update today (a security update) for MSXML when I visited MU website.
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
