• IDP Daily Update #1164
  posted: 05/09/08
  
• NSM Daily Update #1164
  posted: 05/09/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1164
  posted: 05/09/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1155
  posted: 05/09/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 05/09/08

Text Size:        

• See Also
• Current Updates

• Microsoft Security Resources
• Security Incidents
• Security Resources

• Juniper Networks Product Solutions for Microsoft
• Get detailed information about Juniper solutions that protect your Microsoft environment:
• SSL VPNs
• Intrusion Prevention
• Firewall / VPN Central Management34 KB
• VPN Resiliency594 KB
• Denial of Service and Attack Prevention754 KB
• Antivirus Protection55 KB

September 2006

---

Prior Updates:

---

Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)

September 2006

Microsoft Security Bulletin MS06-052

Vulnerability in Pragmatic General Multicast (919007)

Severity: Important
Vulnerabilities:

• PGM Code Execution Vulnerability - CVE-2006-3442
  There is a remote code execution vulnerability that could allow an attacker to send a specially crafted multicast message to an affected system and execute code on the affected system. The MSMQ service is not installed by default

Microsoft Security Bulletin MS06-053

Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685)

Severity: Moderate
Vulnerabilities:

• Microsoft Indexing Service Vulnerability - CVE-2006-0032
  There is an information disclosure vulnerability in Indexing Service because of the way that it handles query validation, creating the possibility of cross-site scripting. The vulnerability could allow an attacker to run client-side script on behalf of a user. The script could spoof content, disclose information, or take any action that the user could take on the affected web site.

Microsoft Security Bulletin MS06-054

Vulnerability in Publisher Could Allow Remote Code Execution (910729)

Severity: Critical
Vulnerabilities:

• Microsoft Publisher Vulnerability - CVE-2006-0001
  A remote code execution vulnerability exists in Publisher, and could be exploited when a malformed string included in a Publisher file is parsed. Such a file might be included in an e-mail attachment processed by one of the affected applications or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Publisher file that could allow remote code execution. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

Microsoft Security Bulletin MS06-055

Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486)

Severity: Critical
Vulnerabilities:

• VML Buffer Overrun Vulnerability - CVE-2006-4868
  A remote code execution vulnerability exists in the Vector Markup Language (VML) implementation in Microsoft Windows. An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML e-mail that could potentially allow remote code execution if a user visited the Web page or viewed the message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.