Microsoft has just posted their security patch builletin for the month of February. As usual all required patches for your PC can be found on Microsoft Update. Here's a brief summary of the six major patches released this month:
MS06-004: Cumulative Security Update for Internet Explorer (910620) Critical
A vulnerability exists in the Graphics Rendering Engine that could allow remote code execution.
MS06-005: Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565) Critical
A vulnerability exists in the way that Windows Media Player processes certain files that could allow remote code execution.
MS06-006: Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564) Important
A remote code execution vulnerability exists in the Windows Media Player plug-in for non-Microsoft Internet browsers that can allow remote code execution.
MS06-007: Vulnerability in TCP/IP Could Allow Denial of Service (913446) Important
A vulnerability exists that could allow an attacker to send a specially crafted IGMP that could cause an affected system to stop responding.
MS06-008: Vulnerability in Web Client Service Could Allow Remote Code Execution (911927) Important
A vulnerability exists in the Windows Web Client Service that could allow an attacker to take complete control of an affected system. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
MS06-009: Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190) Important
A vulnerability exists in the Windows and Office Korean Input Method Editor that could allow an attacker to take complete control of an affected system. For an attack to be successful an attacker must be able to interactively log on to the affected system.
Many people are having issues with the MS06-007 patch when installing it from Microsoft Update. Users have claimed that having a patched tcpip.sys file is one cause of the error, while the vast majority simply have it fail on install. Downloading the patch and installing it manually seems to work without any reported problems.
There were a few smaller releases from Microsoft today including updates for Outlook, PowerPoint 2000, and a new Malicious Software Removal Tool. Windows Media Player 10 was also updated to build 3990 after the application of both related patches this month. Apple has coincidently released OS X 10.4.5 today for folks to download.
View: Neowin Forum Discussion
View: Microsoft Security Bulletin Summary for February | Microsoft Update
MS06-004: Cumulative Security Update for Internet Explorer (910620) Critical
A vulnerability exists in the Graphics Rendering Engine that could allow remote code execution.
MS06-005: Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565) Critical
A vulnerability exists in the way that Windows Media Player processes certain files that could allow remote code execution.
MS06-006: Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564) Important
A remote code execution vulnerability exists in the Windows Media Player plug-in for non-Microsoft Internet browsers that can allow remote code execution.
MS06-007: Vulnerability in TCP/IP Could Allow Denial of Service (913446) Important
A vulnerability exists that could allow an attacker to send a specially crafted IGMP that could cause an affected system to stop responding.
MS06-008: Vulnerability in Web Client Service Could Allow Remote Code Execution (911927) Important
A vulnerability exists in the Windows Web Client Service that could allow an attacker to take complete control of an affected system. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
MS06-009: Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190) Important
A vulnerability exists in the Windows and Office Korean Input Method Editor that could allow an attacker to take complete control of an affected system. For an attack to be successful an attacker must be able to interactively log on to the affected system.
Many people are having issues with the MS06-007 patch when installing it from Microsoft Update. Users have claimed that having a patched tcpip.sys file is one cause of the error, while the vast majority simply have it fail on install. Downloading the patch and installing it manually seems to work without any reported problems.
There were a few smaller releases from Microsoft today including updates for Outlook, PowerPoint 2000, and a new Malicious Software Removal Tool. Windows Media Player 10 was also updated to build 3990 after the application of both related patches this month. Apple has coincidently released OS X 10.4.5 today for folks to download.
View: Neowin Forum Discussion View: Microsoft Security Bulletin Summary for February | Microsoft Update
http://www.microsoft.com/downloads/details...&displaylang=en
though something weird did happen a window to c:windows opened up
Good. I don't want to have to reboot my god damn server AGAIN today.
http://www.microsoft.com/technet/security/...n/ms06-007.mspx
KB913446
my tcpip.sys is 5.1.2600.2685 and I have 2180 in a backup folder, going to try and find out what caused this and get back to u guys
This happens on my laptop too
/me reads the above posts and downloads it manually
yay works
Last edited by Z3r0 on 15 Feb 2006 - 00:29
KB913446 (Security Update for Windows XP (KB913446)) on 02/15/06 [code]
Bah i must be crazy as went in the way you mentioned and thought i only saw General. Double clicks on the icon in taskbar and Support now there.
Bah i must be going nuts.
everyone should use microsoft update instead of windows update, then u can get office patches aswell =]
I had my tcpip.sys patched to allow more half-open connections though. Maybe that was it.
like to be at the cutting edge....
just hope it don't crash!
Last edited by indiehead on 15 Feb 2006 - 10:02
Something else I found weird is that 912452 has a newer version of wmp.dll for WMP9/10 then MS06-005.
Versions of wmp.dll in MS06-005:
9:9.0.0.3344
10:10.0.0.3990
In 912452, they are:
9:9.0.0.3346
10:10.0.0.3993
912452 was released before MS06-005. What's going on here?
the_guy
EDIT: Microsoft fixed the issue for MS06-007/KB913446 at around 8:30pm PST last night.
Last edited by the_guy on 15 Feb 2006 - 11:08
www.windowsupdate.com is not Microsoft Update by default for many people.
Microsoft Update is actually located at http://update.microsoft.com/microsoftupdate.
Windowsupdate.com does not point to this service until you "opt-in" to Microsoft Update.
Just had to make that clear.
It's need to re-crack the tcpip prior the update.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.