jmke

This advisory contains information about all security updates
released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS06-021 - Cumulative Security Update for Internet Explorer (916281)

- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4

- Review the FAQ section of bulletin MS06-021 for information
about these operating systems:
- Windows Millennium Edition (ME)
- Windows 98 Second Edition (SE)
- Windows 98

- Impact: Remote Code Execution
- Version Number: 1.0


MS06-022 - Vulnerability in ART Image Rendering Could Allow Remote
Code Execution (918439)

- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4 with the Windows 2000 AOL Image
Support Update

- Review the FAQ section of bulletin MS06-022 for information
about these operating systems:
- Windows Millennium Edition (ME)
- Windows 98 Second Edition (SE)
- Windows 98

- Impact: Remote Code Execution
- Version Number: 1.0


MS06-023 - Vulnerability in Microsoft JScript Could Allow Remote
Code Execution (917344)

- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4

- Review the FAQ section of bulletin MS06-023 for information
about these operating systems:
- Windows Millennium Edition (ME)
- Windows 98 Second Edition (SE)
- Windows 98

- Impact: Remote Code Execution
- Version Number: 1.0


MS06-024 - Vulnerability in Windows Media Player Could Allow Remote
Code Execution (917734)

- Affected Software:
- Windows Media Player 10
- Windows Media Player 9
- Windows Media Player for XP
- Windows Media Player 7.1

- Impact: Remote Code Execution
- Version Number: 1.0


MS06-025 - Vulnerability in Routing and Remote Access Could Allow
Remote Code Execution (911280)

- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4

- Impact: Remote Code Execution
- Version Number: 1.0


MS06-026 - Vulnerability in Graphics Rendering Engine Could Allow
Remote Code Execution (918547)

- Affected Software:
- Windows Millennium Edition (ME)
- Windows 98 Second Edition (SE)
- Windows 98


- Impact: Remote Code Execution
- Version Number: 1.0


MS06-027 - Vulnerability in Microsoft Word Could Allow Remote Code
Execution (917336)

- Affected Software:
- Word 2003
- Word Viewer 2003
- Word 2002
- Word 2000
- Works Suite 2006
- Works Suite 2005
- Works Suite 2004
- Works Suite 2003
- Works Suite 2002
- Works Suite 2001
- Works Suite 2000

- Impact: Remote Code Execution
- Version Number: 1.0


MS06-028 - Vulnerability in Microsoft PowerPoint Could Allow Remote
Code Execution (916768)

- Affected Software:
- PowerPoint 2003
- PowerPoint 2002
- PowerPoint 2000
- PowerPoint 2004 for Mac
- PowerPoint v.X for Mac

- Impact: Remote Code Execution
- Version Number: 1.0


Important Security Bulletins
============================

MS06-029 - Vulnerability in Microsoft Exchange Server Running
Outlook Web Access Could Allow Script Injection (912442)

- Affected Software:
- Exchange Server 2003 Service Pack 2
- Exchange Server 2003 Service Pack 1
- Exchange 2000 Server Pack 3 with the August 2004 Exchange 2000
Server Post-Service Pack 3 Update Rollup

- Impact: Remote Code Execution
- Version Number: 1.0


MS06-030 - Vulnerability in Server Message Block Could Allow
Elevation of Privilege (914389)

- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4

- Impact: Elevation of Privilege
- Version Number: 1.0


MS06-032 - Vulnerability in TCP/IP Could Allow Remote Code Execution
(917953)

- Affected Software:
- Windows Server 2003 Service Pack 1
- Windows Server 2003
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 2
- Windows XP Service Pack 1
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4

- Impact: Remote Code Execution
- Version Number: 1.0

Moderate Security Bulletin
==========================

MS06-031 - Vulnerability in RPC Mutual Authentication Could Allow
Spoofing (917736)

- Affected Software:
- Windows 2000 Service Pack 4

- Impact: Spoofing
- Version Number: 1.0


Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions,
and Update Deployment Information please read
the Microsoft Security Bulletin Summary for this
month at: http://go.microsoft.com/fwlink/?LinkId=68324

__________________