Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Microsoft Patch Tuesday - SANS Internet Storm Center Microsoft Patch Tuesday


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Patch Tuesday 2006-12-12

MS60-72
Title Remote Code Execution in Internet Explorer
Replaces
Affected Internet Explorer - remote code execution
KB KB925454
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2006-5577 Unknown
2006-5578 Unknown
2006-5579 Unknown
2006-5581 Unknown
MS60-73
Title Remote Code Execution in Visual Studio
Replaces
Affected Visual Studio 2005
KB KB925674
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Patch now
ISC Server Rating Patch now
CVE Exploitability
2006-4704 Unknown
MS60-74
Title Remote Code Execution Vulnerablity in SNMP
Replaces
Affected SNMP
KB KB926247
Known Exploits Yes
Microsoft Rating Important
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2006-5583 Unknown
MS60-75
Title CSRSS Privilege Escalation Vulnerability
Replaces
Affected csrss - privilege escalation
KB KB926255
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2006-5585 Unknown
MS60-76
Title Remote Code Execution Vulnerability in Outlook Express
Replaces
Affected Outlook express - remote code execution
KB KB923694
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2006-2386 Unknown
MS60-77
Title Remote Code Execution Vulnerability in RIS
Replaces
Affected RIS - remote code execution
KB KB926121
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2006-5584 Unknown
MS60-78
Title Remote Code Execution Vulnerablity in Windows Media Player
Replaces
Affected Windows Media player
KB KB923689
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Patch now
ISC Server Rating Patch now
CVE Exploitability
2006-4702 Unknown
2006-6134 Unknown
We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.