JD @ myITforum.com

Trend Micro Aquires Hijack This

2007-03-14T20:26:00Z

http://www.trendmicro.com/en/about/news/pr/archive/2006/pr031407.htm

Elevated Risk for the financial industry

2006-12-01T13:36:00Z

I noticed that the SANS Institute has published an entry in today's diary for an elevated risk to the financial industry. An article published on slashdot caught my eye yesterday. As stated from the article:

"Israeli computer security company say they have discovered a fundamental weakness in the system that banks use to keep debit card PIN codes secret while they are transported across bank networks"

For those in the financial industry, it is well known that this month in particular has the highest number of transactions for the year, due to holiday shopping. Unfortunately, it is also a time when the industry is most vulnerable.

Off the top of my head, here are a few of my recommendations and reminders for members of the industry as a whole. The articles previously mentioned are at the bottom of the post.

IT Managers:

While the number of projects and responsibilities have been increasing in the first three quarters of the year, ensure systems administrators and security personnel stager vacations throughout the year to avoid having a shortage of key personnel on hand to respond to incidents that might occur during the peak transaction season.

Risk Managers:

While Network freezes are common throughout the peak transaction season, and while it is very important to limit network changes, the patch management program should continue during this time frame. It is also important to ensure that members of the incident response team will be on hand to respond to any incidents during the peak season.

Network Administrators:

While most network changes are limited during the peak season, Network and server monitoring should remain a top priority during this time. Immediately report any incidents or anomalies to the risk management team.

PC Techs:

While many users are on vacation and the work load slows, remember to be on the lookout for any signs of malware and use the time to educate users on the importance of reporting any strange or unusual network or computer behavior to the IT staff or Risk Management team.

Help desk technicians:

Keep a close watch on computer events and verify that any tickets are assigned to staff that are on duty and not out of the office during the holidays. This will allow the IT support staff to respond to incidents quickly. It is also very important to be very cognizant of social engineers that may be pretending to be someone else in order to gain information about the internal workings of your company.

Business system users:

Report any computer problems or network glitches immediately. Remember that there is usually no reason to give out your password to anyone including IT support staff, Network administrators, or information security. These personnel do not need your password as they should have the necessary rights and tools to correct issues without the need of your password.

ATM system called unsafe
http://redtape.msnbc.com/2006/11/researchers_who.html

US DHS Banking Alert
http://isc.sans.org/diary.php?storyid=1899&rss

How to ask a question the smart way

2006-10-31T15:40:00Z

I am posting this as a reference for myself. "How to ask a question the smart way" is a must read. Its not only good for asking questions on the internet, but for life in general. For all of the Microsoft die-hards, check out the KB article. It is a good summary. http://support.microsoft.com/kb/555375

Rem sleep 17100

2006-10-27T09:09:00Z

Rem (Rapid eye movement) is the stage of sleep characterized by rapid movements of the eyes, and 17100 is about the number of seconds it took for me to be through all of the stages of sleep and stumbling for the coffee pot. Of course if I were scripting, then the statement "Rem sleep 17100" would have done nothing for me.

rem - sets a remark in batch scripts

The Windows 2003 Resource Kit provides a 'sleep' command and many more needed commands if you are going to use batch files to manage systems.

sleep - will wait for a specific amount of time before the script continues.

sleep N
Replace N with the number of seconds for batch file to 'sleep'.

If I used this blog post title in my script, I would have remarked out the sleep command and would be very tired right now. Fortunately for me, sleep and rem were accomplished.

I also learned that according to wikipedia "People who regularly sleep between 4 and 7 hours live longer than people sleeping more or less than this, with serious differences between life span when people sleep less than four hours or more than 9."

He shells on the sea shore, or floor, or couch. Ouch, Neck, hurts now.

2006-10-27T02:22:00Z

Ah, the wonderful world of shells. It's been over a year since I posted about trying out linux.

Im going to have to come out of the closet at some point (ha! not what you were thinking), but I have "switched to the dark side". Ok, I haven't really switched. I have however, gained an entirely new respect for linux. In the past, I used Linux to accomplish the things I was unable to do in windows, such as password recovery or removing malware entries from the registry. Shortly after that post, I discovered Ubuntu Linux. Since then, I have explored many other distro's and I really do like Linux. It is simply a very powerful operating system. What does this have to do with shells or my hurt neck?

Well, the power of linux is quite apparent once you start to do some shell scripting. It also make you think about how you can accomplish some of the same things in windows. Ok, shells made for a better title, but I needed something to segway into batch scripting and the power of being LAZY. I am a lazy person. I live by the theory of "If you do it more than once, AUTOMATE it." I posted this last month on using WMIC to manage McAfee, but WMIC is much more powerful than the examples I listed. Matt Broadstock posted a comment stating that he loved to see folks using the FOR command, and that's because Matt knows the power of that command and scripting in general. He has some great posts on his blog with many examples of the FOR command. He would appear to be lazy also. I say lazy, but it actually takes some practice to be lazy, much practice. You will know you have been practicing enough when you only sleep a few hours per night and your neck is in pain from staring at the screen for so long. Ah, another segway, pun intended. Your welcome segway, both of my readers will visit your link. Lets get started on your hurt neck, but first lets ask Matt a question, if he is not busy with world of warcraft. Hey Matt, or anyone who may stumble upon this post, what is the clipboard output of WMIC used for? Yea, Yea, I know you can copy the output to the clipboard, but why? What else could you do besides paste it into another document? I'm just curious if there are some other uses or not. Ok back to the hurt neck....

If you had the time to read this, then whats the next few months of neck injury going to matter?

Open a shell, um you know, start, run, cmd.exe.

Then type WMIC

Then /?

Good luck, life will never be the same. If you have to physically go to the server room after that, and a HDD or a motherboard isnt shot, just bang your head against the nearest wall - just kidding.

If that doesnt peak your interest, then pick up Microsoft Windows Command-Line - Administrators Pocket Consultant ISBN# 0-7356-2038-5, its good stuff and will be great for your career administering Windows.

SANS - PDF Vulnerabilities

2006-09-20T17:16:00Z

http://isc.sans.org/diary.php?storyid=1718&rss

Handler's Diary September 19th 2006

PDF vulnerabilities

Published: 2006-09-19,
Last Updated: 2006-09-20 00:01:15 UTC by donald smith (Version: 1)

Several new Adobe pdf vulnerabilities were recently announced.
The author claims these are basic vulnerabilities in the pdf api or architecture. The author tested his poc's against Acrobat reader and Adobe professional.

The details are available here.
http://michaeldaw.org/
http://www.eweek.com/article2/0,1895,2016606,00.asp

Here is a quick risk assessment.

How widely deployed is the application?
Adobe reader is widely used and deployed. (9)

Are vendor patches available?
No patches currently available (10)

Is mitigation available and if so how complete is the mitigation?
No mitigation is currently available. (10)

Is user participation required?

Yes. The user first has to download or click the link to a pdf. (5)
So some user interaction takes place.
I have not tested the POCs but several people have and their results do not match. Depending on who tested it you may have to click allow.
See this discussion on who tested the pocs and their results.
http://www.networksecurityarchive.org/html/FullDisclosure/2006-09/msg00252.html

Is the vulnerability cross platform?

Yes. Any exploits will still have to run system dependant malware on the end host but there are plenty of malware binaries that could be used. (8)

Is proof of concepts or exploit code available?
The poc for two of the vulnerabilities are publicly available (10)

Overall risk score 8.7 on a scale of 0 – 10 with 10 being the highests.
This is based on the numbers I assigned.
Your risk might be slightly higher or lower depending on the numbers you would assign and any mitigation factors. In most risk assesments I do I include the value of the system that is vulnerable. In this case that is difficult to do so I have left that out.

A answer to a question, and a bit more

2006-09-01T15:38:00Z

Question: If I were doing a check upon logon to see if McAfee and ePO are
installed and running, would this be a good thing to check?

Answer:

What to Check for:

ePO

Check if key exists and return the values:

HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent\Installed Path

Returned Value example:
C:\Program Files\Network Associates\Common Framework

Check if file(s) exist:
FrameworkService.exe

Check if service exists:

McAfeeFramework

Check if Process is running:

FrameworkService.exe

VirusScan

Check if key exists and return the values:

HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\szInstallDir

Returned Value example:
C:\Program Files\Network Associates\VirusScan\

Check if file(s) exist:

Mcshield.exe
scan32.exe

Check if service exists:

McShield
McTaskManager

Check if Process is running:

McShield.exe

WMIC examples of how to check for this (you could create a vb script or smsinstaller script to do the checks):

Let’s cut to the chase and see if the processes are running:

Click Start, then Run and Type cmd.exe

Then Type:

wmic process where (Name='FrameWorkService.exe') get name,processid
wmic process where (Name='McShield.exe') get name,processid

But maybe we want to check more than one machine:

Click Start, then Run and Type cmd.exe

Type cd \ and hit enter

Type Notepad.exe

Paste a line by line list of computers

For example:

Redrider1
redriderDC2
redridersms5
smsjackleg
smellyserver3

Then hit the alt + f key
Then hit the a key
Save the document to the SystemDrive as computers.txt (usually C:\computers.txt)
Exit Notepad.exe

Now Type in your cmd.exe window:

for /F %i in (computers.txt) do wmic /node:%i process where (Name='FrameWorkService.exe') get name,processid
for /F %i in (computers.txt) do wmic /node:%i process where (Name='McShield.exe') get name,processid

How cool, but you say that you dont want to just see it, you want to document it.
K, lets put all this in a document

for /F %i in (computers.txt) do wmic /node:%i process where (Name='FrameWorkService.exe') get name,processid /FORMAT:CSV >> Results.csv

Now open c:\Results.csv with excel:

Thats pretty cool too, because we now have an document we can open with excel. We love excel. Unfortunately, our boss wants a pretty document. So lets give her/him one.

for /F %i in (computers.txt) do wmic /node:%i process where (Name='FrameWorkService.exe') get name,processid /FORMAT:htable >> Results.htm

Now open c:\Results.htm with internet explorer:

It seems like the longer the command line the better the Results(.htm) ;)

Did you notice?

2006-09-01T15:28:00Z

Probably not.

My blog is missing something.

Its last months Microsoft Security Updates.

I hate my blog. Somewhere along the way I lost what wanted my blog to be.

I forgot rule # 3

3) Most importantly, I will have have fun with my blog.

I got to the point that I was just propagating news, and I realy wanted to share some content.

Going forward, I will not forget about rule # 3 . If I do , and my blog gets boring again, please let me know.

Will myITforum be banned from schools and libraries?

2006-07-28T18:30:00Z

I dont have the answer to that, but it could be subject to being banned if this broadly worded bill passes.

http://news.com.com/2100-1028_3-6099414.html?part=rss&tag=6099414&subj=news

Microsoft Security Updates 11JUL06

2006-07-11T19:07:00Z

Bulletin Identifier	Microsoft Security Bulletin MS06-033
Bulletin Title	Vulnerability in ASP.NET Could Allow Information Disclosure (917283)
Executive Summary	This vulnerability could allow an attacker to bypass ASP.Net security and gain unauthorized access to objects in the Application folder explicitly by name. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system.
Maximum Severity Rating	Important
Impact of Vulnerability	Information Disclosure
Affected Software	Windows, .NET Framework. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS06-034
Bulletin Title	Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)
Executive Summary	This vulnerability could allow an attacker to take complete control of an affected system. Note that the attacker must have valid logon credentials, but if a server has been purposely configured to allow users, either anonymous or authenticated, to upload web content such as .ASP pages to web sites, the server could be exploited by this vulnerability.
Maximum Severity Rating	Important
Impact of Vulnerability	Remote Code Execution
Affected Software	Windows, IIS. For more information, see the Affected Software and Download Locations section.
Bulletin Identifier	Microsoft Security Bulletin MS06-035
Bulletin Title	Vulnerability in Server Service Could Allow Remote Code Execution (917159)
Executive Summary	This update resolves two vulnerabilities in the Server service, the most serious of which could allow remote code execution.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Affected Software	Windows. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS06-036
Bulletin Title	Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)
Executive Summary	This update resolves a vulnerability in the DHCP Client service that could allow remote code execution.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Affected Software	Windows. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS06-037
Bulletin Title	Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)
Executive Summary	This update resolves several vulnerabilities in Excel, the most serious of which could allow remote code execution.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Affected Software	Office, Excel. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS06-038
Bulletin Title	Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
Executive Summary	This update resolves two vulnerabilities in Office, the most serious of which could allow remote code execution.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Affected Software	Office, Project, Visio, Works, Visual Studio. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS06-039
Bulletin Title	Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)
Executive Summary	This update resolves two vulnerabilities in Office, the most serious of which could allow remote code execution.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Affected Software	Office, Project, Works. For more information, see the Affected Software and Download Locations section.

Voice Phishing

2006-06-28T19:29:00Z

I am never surprised at how far scammers will go in order to get new victims. It seems they are now combining targeted spam with phone numbers that utilize voice recordings that prompt the user to provide account information.

http://www.theregister.co.uk/2006/06/26/voice_phishing/

http://www.websense.com/securitylabs/alerts/alert.php?AlertID=534

How can you protect yourself? Here are three tips that might help:

1) Be suspicious of any email with urgent requests for personal financial information.

2) Don't use the links or phone numbers in any email to contact your online service provider. Instead, keep your online service provider's phone number, address, and website on record. Always verify the number with the one you have on record. In most cases, service providers never ask for account passwords.

3) Familiarize yourself with your online services provider (I.E. Banking, ISP, Utilities) and their methods of operation and privacy policies.

Microsoft Security Updates 13JUN06

2006-06-13T18:23:00Z

Bulletin Identifier	Microsoft Security Bulletin MS06-021
Bulletin Title	Cumulative Security Update for Internet Explorer (916281)
Executive Summary	This update resolves several vulnerabilities in Internet Explorer that could allow remote code execution.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Affected Software	Windows, Internet Explorer. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS06-022
Bulletin Title	Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)
Executive Summary	This update resolves a vulnerability that could allow remote code execution when using Internet Explorer.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Affected Software	Windows, Internet Explorer. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS06-023
Bulletin Title	Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)
Executive Summary	This update resolves a vulnerability in JScript that could allow remote code execution when using Internet Explorer.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Affected Software	Windows, JScript. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS06-024
Bulletin Title	Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)
Executive Summary	This update resolves a vulnerability in Windows Media Player that could allow remote code execution.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Affected Software	Windows, Windows Media Player. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS06-025
Bulletin Title	Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)
Executive Summary	This update resolves vulnerabilities in Windows that could allow remote code execution.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Affected Software	Windows. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS06-026
Bulletin Title	Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (918547)
Executive Summary	This update resolves a vulnerability in Windows that could allow remote code execution.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Affected Software	Windows. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS06-027
Bulletin Title	Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)
Executive Summary	This update resolves a vulnerability in Word that could allow remote code execution.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Affected Software	Office, Works. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS06-028
Bulletin Title	Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)
Executive Summary	This update resolves a vulnerability in PowerPoint that could allow remote code execution.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Affected Software	PowerPoint. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS06-029
Bulletin Title	Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)
Executive Summary	This update resolves a vulnerability in Outlook Web Access that could allow script execution. User interaction is required for an attacker to exploit this vulnerability.
Maximum Severity Rating	Important
Impact of Vulnerability	Remote Code Execution
Affected Software	Exchange. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS06-030
Bulletin Title	Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)
Executive Summary	This update resolves several vulnerabilities in Windows. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Maximum Severity Rating	Important
Impact of Vulnerability	Elevation of Privilege
Affected Software	Windows. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS06-032
Bulletin Title	Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)
Executive Summary	This update resolves a vulnerability in Windows. By default, the Routing and Remote Access Service is disabled on any affected operating system version.
Maximum Severity Rating	Important
Impact of Vulnerability	Remote Code Execution
Affected Software	Windows. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS06-031
Bulletin Title	Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736)
Executive Summary	This update resolves a vulnerability in Windows. A user would need to connect to a malicious RPC server for any spoofing to occur. An attacker would have no way to force users to connect to a malicious RPC server. Windows 2000 Service Pack 4 is the only affected version.
Maximum Severity Rating	Moderate
Impact of Vulnerability	Spoofing
Affected Software	Windows. For more information, see the Affected Software and Download Locations section.

Microsoft Security Updates 09MAY06

2006-05-09T17:10:00Z

May 9, 2006	Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433): MS06-020 Affected Software: Windows XP Home Edition, Windows XP Professional, Windows 98, Windows 98 SE, Windows Me	Windows XP Service Pack 1, Windows XP Service Pack 2, Windows 98 Gold, Windows 98 SP1, Windows 98 SE Gold, Windows Me Gold	Critical
May 9, 2006	Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803): MS06-019 Affected Software: Exchange 2000 Server, Exchange 2000 Enterprise Server, Exchange Server 2003	Exchange 2000 SP3, Exchange Server 2003 SP1, Exchange Server 2003 SP2	Critical
May 9, 2006	Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580): MS06-018 Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows Server 2003 Datacenter Edition for Itanium-based Systems, Windows Server 2003 Enterprise Edition for Itanium-based Systems	Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003 Gold, Windows Server 2003 for Itanium-based Systems Gold	Moderate

McAfee reports 700% increase in Rootkits

2006-04-18T12:21:00Z

McAfee published the first of a series of whitepapers on rootkits. The following is an excerpt from their website.

"Comparing the first quarter of 2006 to that of 2005, we have witnessed an increase by 700% of the number of rootkits submitted to McAfee AVERT Labs. Our numbers further show that rootkits are getting more sophisticated and that rootkits have moved from Trojans into malware and Potentially Unwanted Programs. Follow the "Learn More" link for a copy of the paper."

Learn More

Microsoft Security Updates 11APR06

2006-04-11T19:13:00Z

Date	Bulletin Description	Affected Software Service Packs	Bulletin Rating
Apr 11, 2006	Cumulative Security Update for Outlook Express (911567): MS06-016 Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows XP Professional 64-Bit Edition, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows Server 2003 Datacenter Edition for Itanium-based Systems, Windows Server 2003 Enterprise Edition for Itanium-based Systems, Windows Server 2003 Datacenter x64 Edition, Windows Server 2003 Enterprise x64 Edition, Windows Server 2003 Standard x64 Edition, Windows 98, Windows 98 SE, Windows Me, Outlook Express 6 on Windows Server 2003, Outlook Express 6 on Windows Server 2003 (64 bit edition), Outlook Express 6 for Microsoft Windows Server 2003 for Itanium-based Systems, Outlook Express 6 for Microsoft Windows XP 64-Bit Edition, Outlook Express 6.0, Outlook Express 5.5	Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows XP 64-Bit Gold, Windows Server 2003 Gold, Windows Server 2003 SP1, Windows Server 2003 for Itanium-based Systems Gold, Windows Server 2003 for Itanium-based Systems SP 1, Windows Server 2003 x64 Gold, Windows 98 Gold, Windows 98 SP1, Windows 98 SE Gold, Windows Me Gold, Outlook Express 6 on Windows Server 2003 Gold, Outlook Express 6 on Windows Server 2003 SP1, Outlook Express 6 on Windows Server 2003 (64 bit edition) Gold, Outlook Express 6 for Microsoft Windows Server 2003 for Itanium-based Systems Gold, Outlook Express 6 for Microsoft Windows XP 64-Bit Edition Version 2003 Gold, Outlook Express 6.0 SP1, Outlook Express 5.5 SP2	Important
Apr 11, 2006	Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531): MS06-015 Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows XP Professional 64-Bit Edition, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows Server 2003 Datacenter Edition for Itanium-based Systems, Windows Server 2003 Enterprise Edition for Itanium-based Systems, Windows Server 2003 Datacenter x64 Edition, Windows Server 2003 Enterprise x64 Edition, Windows Server 2003 Standard x64 Edition, Windows 98, Windows 98 SE, Windows Me	Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows XP 64-Bit Gold, Windows Server 2003 Gold, Windows Server 2003 SP1, Windows Server 2003 for Itanium-based Systems Gold, Windows Server 2003 for Itanium-based Systems SP 1, Windows Server 2003 x64 Gold, Windows 98 Gold, Windows 98 SP1, Windows 98 SE Gold, Windows Me Gold	Critical
Apr 11, 2006	Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562): MS06-014 Affected Software: Windows XP Home Edition, Windows XP Professional, Windows XP Professional 64-Bit Edition, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows Server 2003 Datacenter Edition for Itanium-based Systems, Windows Server 2003 Enterprise Edition for Itanium-based Systems, Windows Server 2003 Datacenter x64 Edition, Windows Server 2003 Enterprise x64 Edition, Windows Server 2003 Standard x64 Edition, Windows 98, Windows 98 SE, Windows Me, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, MDAC 2.7, MDAC 2.8, MDAC 2.5	Windows XP Service Pack 1, Windows XP Service Pack 2, Windows XP 64-Bit Gold, Windows Server 2003 Gold, Windows Server 2003 SP1, Windows Server 2003 for Itanium-based Systems Gold, Windows Server 2003 for Itanium-based Systems SP 1, Windows Server 2003 x64 Gold, Windows 98 Gold, Windows 98 SP1, Windows 98 SE Gold, Windows Me Gold, Windows 2000 Service Pack 4, MDAC 2.7 SP1, MDAC 2.8 SP1, MDAC 2.8 SP2, MDAC 2.8 Gold, MDAC 2.5 SP3	Critical
Apr 11, 2006	Cumulative Security Update for Internet Explorer (912812): MS06-013 Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows XP Professional 64-Bit Edition, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows Server 2003 Datacenter Edition for Itanium-based Systems, Windows Server 2003 Enterprise Edition for Itanium-based Systems, Windows Server 2003 Datacenter x64 Edition, Windows Server 2003 Enterprise x64 Edition, Windows 98, Windows 98 SE, Windows Me, Internet Explorer 5.01, Internet Explorer 6.0, Internet Explorer 6.0 for Windows XP Service Pack 2, Internet Explorer 6.0 for Windows Server 2003, Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems, Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition, Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition	Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows XP 64-Bit Gold, Windows Server 2003 Gold, Windows Server 2003 SP1, Windows Server 2003 for Itanium-based Systems Gold, Windows Server 2003 for Itanium-based Systems SP 1, Windows Server 2003 x64 Gold, Windows 98 SP1, Windows 98 SE Gold, Windows Me Gold, Internet Explorer 5.01 SP4, Internet Explorer 6.0 SP1, Internet Explorer 6.0 Gold	Critical
Apr 10, 2006	Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627): MS06-017 Affected Software: FrontPage Server Extensions 2002, FrontPage Server Extensions 2002 64-bit, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows Server 2003 Datacenter Edition for Itanium-based Systems, Windows Server 2003 Enterprise Edition for Itanium-based Systems, Windows Server 2003 Datacenter x64 Edition, Windows Server 2003 Enterprise x64 Edition, Windows Server 2003 Standard x64 Edition, Windows XP Professional 64-Bit Edition, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, SharePoint Team Services 2002	FrontPage Server Extensions 2002 Gold, FrontPage Server Extensions 2002 64-bit Gold, Windows Server 2003 Gold, Windows Server 2003 SP1, Windows Server 2003 for Itanium-based Systems Gold, Windows Server 2003 for Itanium-based Systems SP 1, Windows Server 2003 x64 Gold, Windows XP 64-Bit Gold, Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP Service Pack 2, SharePoint Team Services 2002 Gold	Moderate