Microsoft released the following Security patches:
This patch should be applied as fast as possible, but due to a change in ActiveX functionality requires extra careful testing. Microsoft bundled all but one of this months Internet Explorer updates in this “Cumulative update”. This particular update patches no less then 8 remote code execution issues. In addition one information disclosure problem and an address bar spoofing vulnerability are fixed. Note that there are exploits public for at least one (CVE-2006-1245) and possibly two (CVE-2006-1388) of the advisories. While the exploits known to us only trigger a DoS condition, it is very much possible that more sinister exploits are already in use. Microsoft states that they are not aware of any exploits in the wild, which likely refers to remote execution exploits, not DoS exploit.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
A remote code execution vulnerability exists in Windows Explorer because of the way that it handles COM objects. An attacker would need to convince a user to visit a Web site that could force a connection to a remote file server. This remote file server could then cause Windows Explorer to fail in a way that could allow code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
if you can’t apply the patch right away, MS recommends:
* Disable the Web Client service
* Use the Group Policy settings to disable the WebClient service on all affected systems that do not require this feature.
* Block TCP ports 139 and 445 at the firewall
A remote code execution vulnerability exists within Outlook Express involving its handling of Windows Address Book (.wab) files. Attackers can craft a suitable version of the .wab file and then convince the end user to open the file through either direct email, or through opening a link on a web site. The attacker would gain the
same administrative rights as the end user.
A remote code execution exists in FrontPage Server Extensions (FPSE) or Sharepoint Team Services (STS) which could allow an attacker to run client-side scripts on behalf of an FPSE user. If the user has administrative rights, the attacker would gain complete access of the server. Otherwise, it will be limited to the administrative rights granted to the end user. As there is a list of mitigating circumstances, and the default install of Windows Server, Microsoft is releasing this as a moderate issue. However, pay attention that this is a remote code execution problem and could be more critical in your particular circumstances.