Graphical Version |
Home Microsoft Security Bulletin MS06-018, MS06-019, MS06-020Number: AV06-015 PurposeThe purpose of this advisory is to bring attention to the following vulnerabilities (2 Critical, and 1 Moderate) in some Microsoft products. MS06-018: Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580) AssessmentMSDTC Invalid Memory Access Vulnerability - CVE-2006-0034: MSDTC Denial of Service Vulnerability - CVE-2006-1184: Impact of Vulnerability: Denial of Service Maximum Severity Rating: Moderate Affected Software Suggested actionPSEPC recommends that administrators test and install the update at the earliest opportunity. MS06-019: Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803) AssessmentAn attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Affected Software: Suggested actionPSEPC recommends that administrators test and install the update immediately. MS06-020: Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433) AssessmentIf a user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Affected Software Suggested actionPSEPC recommends that administrators test and install the update immediately. Note to readersPublic Safety and Emergency Preparedness Canada (PSEPC) collects information related to cyber and physical threats to, and incidents involving, Canadian critical infrastructure. This allows us to monitor and analyze threats and to issue alerts, advisories and other information products. To report threats or incidents, please contact the Government Operations Centre (GOC) at (613) 991-7000 or goc-cog@psepc-sppcc.gc.ca by e-mail.Unauthorized use of computer systems and mischief in relation to data are serious Criminal Code offences in Canada. Any suspected criminal activity should be reported to local law enforcement organizations. The Royal Canadian Mounted Police (RCMP) National Operations Centre (N.O.C.) provides a 24/7 service to receive such reports or to redirect callers to local law enforcement organizations. The N.O.C. can be reached at (613) 993-4460. National security concerns should be reported to the Canadian Security Intelligence Service (CSIS) at (613) 993-9620. For urgent matters or to report any incidents, please contact the Government Operations Centre at: Phone: (613) 991-7000 For general information on critical infrastructure protection and emergency preparedness, please contact PSEPC's Public Affairs division at: Telephone: (613) 944-4875 or 1-800-830-3118 |