• IDP Daily Update #1164
  posted: 05/09/08
  
• NSM Daily Update #1164
  posted: 05/09/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1164
  posted: 05/09/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1155
  posted: 05/09/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 05/09/08

Text Size:        

• See Also
• Current Updates

• Microsoft Security Resources
• Security Incidents
• Security Resources

• Juniper Networks Product Solutions for Microsoft
• Get detailed information about Juniper solutions that protect your Microsoft environment:
• SSL VPNs
• Intrusion Prevention
• Firewall / VPN Central Management34 KB
• VPN Resiliency594 KB
• Denial of Service and Attack Prevention754 KB
• Antivirus Protection55 KB

May 2006

---

Prior Updates:

---

Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)

May 2006

Microsoft Security Bulletin MS06-018

Vulnerability in Microsoft Distributed Transaction Coordinator Could Lead to Denial of Service (913580)

Severity: Moderate
Vulnerabilities:

• MSDTC Invalid Memory Access Vulnerability - CVE-2006-0034
  A denial of service vulnerability exists that could allow an attacker to send a specially crafted network message to an affected system. An attacker could cause the Microsoft Distributed Transaction Coordinator (MSDTC) to stop responding. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests.
• MSDTC Stack Overflow Vulnerability - CVE-2006-1184
  A denial of service vulnerability exists that could allow an attacker to send a specially crafted network message to an affected system. An attacker could cause the Microsoft Distributed Transaction Coordinator (MSDTC) to stop responding. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests.

Microsoft Security Bulletin MS06-019

Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803)

Severity: Critical
Vulnerabilities:

• Exchange Calendar Vulnerability - CVE-2006-0027
  A remote code execution vulnerability exists in Microsoft Exchange Server that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could exploit the vulnerability by constructing a malicious message that could potentially allow remote code execution when an Exchange Server processes an email with certain vCal or iCal properties. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft Security Bulletin MS06-020

Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433)

Severity: Critical
Vulnerabilities:

• Flash Player Vulnerability - CVE-2006-0024
  A remote code execution vulnerability exists in Macromedia Flash Player from Adobe because of the way that it handles Flash Animation (SWF) files. An attacker could exploit the vulnerability by constructing a malicious Flash Animation (SWF) file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.