Home > Microsoft Security > Ms06-040

Ms06-040

Contents

Displays the command-line options. /q Specifies quiet mode, or suppresses prompts, when files are being extracted. /t:path Specifies the target folder for extracting files. /c Extracts the files without installing them. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or instant messenger message that takes This security update replaces a prior security update. If they are, see your product documentation to complete these steps. http://technologyprometheus.com/microsoft-security/microsoft-security-bulletin-ms06-014.html

For more information about the Windows Product Lifecycle, visit the following Microsoft Support Lifecycle Web site. Extended security update support for Microsoft Windows 98, Windows 98 Second Edition, or Windows Millennium Edition ended on July 11, 2006.  I am still using one of these operating systems; what Administrators should also review the KB923414.log file for any failure messages when they use this switch. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. https://technet.microsoft.com/en-us/library/security/ms06-070.aspx

Ms06-040

For more information about this procedure, visit the following Web site. Some security updates require administrative rights following a restart of the system. The security bulletin IDs and affected operating systems are listed in the following table. Administrative Installation File Information The English version of this update has the file attributes that are listed in the following table.

Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. System administrators can also use the Spuninst.exe utility to remove this security update. These files are located at the path that is specified in the switch. /extract[:path] Extracts files without starting the Setup program. /ER Enables extended error reporting. /verbose Enables verbose logging.

The Microsoft Works Suite 2005 severity rating is the same as the Microsoft Excel 2002 severity rating. Ms08-067 SMS can help detect and deploy this security update. This documentation is archived and is not being maintained. Administrative Deployment Information To update your administrative installation, follow these steps: Download the security update for Excel 2000.

Removal Information To remove this update, use the Add or Remove Programs tool in Control Panel. Using this switch may cause the installation to proceed more slowly. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. Supported Security Update Installation Switches SwitchDescription /help Displays the command-line options.

Ms08-067

For more information about this behavior, see Microsoft Knowledge Base Article 824994. https://technet.microsoft.com/en-us/library/security/ms06-007.aspx An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Ms06-040 Deployment Information To install the security update without any user intervention, use the following command at a command prompt for Microsoft Windows XP: Windowsxp-kb923414-x86-enu /quiet Note Use of the /quiet switch Windows NT Workstation 4.0 Service Pack 6a, Windows NT Server 4.0 Service Pack 6a, Windows 2000 Service Pack 2, and Windows 2000 Service Pack 3 have reached the end of their

Malformed COLINFO Record Vulnerability - CVE-2006-3875: A remote code execution vulnerability exists in Excel. For more information about the terminology that appears in this bulletin, such as hotfix, see Microsoft Knowledge Base Article 824684. Installation Information This security update supports the following setup switches. Excel 2000: File NameVersionDateTimeSize Excel.exe9.0.0.895006-Sep-200600:377,233,581 Verifying that the Update Has Been Applied Microsoft Baseline Security Analyzer Note MBSA 1.2.1 uses an integrated version of the Office Detection Tool (ODT) which does

The security bulletin IDs and affected operating systems are listed in the following table. Block TCP ports 139 and 445 at the firewall: This port is used to initiate a connection with the affected component. The features of the Office Document Open Confirmation Tool are incorporated in Office XP and Office 2003. Microsoft Security Bulletin MS06-007 - Important Vulnerability in TCP/IP Could Allow Denial of Service (913446) Published: February 14, 2006 | Updated: March 17, 2006 Version: 1.2 Summary Who should read this

There is no charge for support calls that are associated with security updates. To help protect from network-based attempts to exploit this vulnerability, block the affected ports by using IPSec on the affected systems. Click Start, and then click Search.

What is the Workstation service?

If the file or version information is not present, use one of the other available methods to verify update installation. Attempts to exploit the vulnerability will most probably result in a Denial of Service from a system restart. End users can visit the Protect Your PC Web site. Firewall best practices and standard default firewall configurations can help protect against attacks that originate from the Internet.

The following table provides the SMS detection summary for this security update. Security updates may not contain all variations of these files. For more information about how to configure TCP/IP filtering, see Microsoft Knowledge Base Article 309798. There is no charge for support that is associated with security updates.

What systems are primarily at risk from the vulnerability? An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. When you view the file information, it is converted to local time. Extended security update support for Microsoft Windows 2000 Service Pack 3 ended on June 30, 2005.

In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search. To install the security update without forcing the system to restart, use the following command at a command prompt for Windows XP: Windowsxp-kb913446-x86-enu /norestart For information about how to deploy this This security update supports HotPatching. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

To install the security update without forcing the system to restart, use the following command at a command prompt for Windows XP: Windowsxp-kb921883-x86-enu /norestart For information about how to deploy this V2.0 (September 12, 2006): The update has been revised and re-released for Microsoft Windows 2003 and Microsoft Windows XP Professional x64 Edition to address the issues identified in Microsoft Knowledge Base For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and To do this, see the “Workstation Deployment Information” section.

Can I use the Microsoft Baseline Security Analyzer (MBSA) to determine whether this update is required? In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially-crafted .wab file to the user and by persuading the user to open the file. To backup and remove the WAB registry key, follow these steps:Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

If this behavior occurs, a message appears that advises you to restart. Extended security update support for Microsoft Windows 98, Windows 98 Second Edition, or Windows Millennium Edition ended on July 11, 2006.