[Microsoft Alert] Microsoft Security Bulletin MS06-016
Cumulative Security Update for Outlook Express (911567)
Issued: April 11, 2006
Version: 1.0
Summary
Who should read this document: Customers who use Microsoft
Outlook Express
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Recommendation: Customers should apply the update at the earliest
opportunity.
Security Update Replacement: This bulletin replaces several prior
security updates. See the frequently asked questions (FAQ) section of
this bulletin for the complete list.
Vulnerability Details:
AThis update resolves a newly-discovered, privately-reported
vulnerability. The vulnerability is documented in the "Vulnerability
Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take
complete control of an affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with
full user rights.
If a user is logged on with administrative user rights, an attacker who
successfully exploited this vulnerability could take complete control of
an affected system. An attacker could then install programs; view,
change, or delete data; or create new accounts with full user rights.
Users whose accounts are configured to have fewer user rights on the
system could be less impacted than users who operate with
administrative user rights.
Affected Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP
Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003
Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),
and Microsoft Windows Millennium Edition (ME)
References: http://www.microsoft.com/security/bulletins/current.mspx (Microsoft Security Updates)
