Microsoft released six security updates, five of which replace updates released in prior security bulletins. Microsoft rates five of these updates as critical. Here's a brief description of each update; for more information, go to

http://www.microsoft.com/technet/security/bulletin/ms06-nov.mspx

MS06-067--Cumulative Security Update for Internet Explorer

This bulletin replaces bulletin MS06-042. It provides updates that block remote code execution attacks propagated through Web pages. The severity of the attack will depend on the privileges of the logged-on user.

Applies to: IE in Windows Server 2003, Windows XP, and Windows 2000.

Recommendation: Test and install as quickly as possible.

MS06-068--Vulnerability in Microsoft Agent Could Allow Remote Code Execution

This bulletin replaces bulletin MS05-032. It relates to a remote code execution vulnerability that can be exploited through specially crafted .acf files. The attack vector would be a specially crafted Web page.

Applies to: Windows Server 2003, Windows XP, and Windows 2000.

Recommendation: Test and install as quickly as possible.

MS06-069--Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution

This vulnerability is in the version of Flash Player that ships with Windows XP. Updating to the most recent version of Flash or applying this update will resolve this vulnerability.

Applies to: Windows XP.

Recommendation: Test and install as part of the normal patch management cycle.

MS06-070--Vulnerabilities in Workstation Service Could Allow Remote Code Execution

This bulletin replaces bulletins MS03-049 and MS06-040. A remote code execution vulnerability exists in the workstation service. The attacker would need to send specifically crafted traffic to the target computer in order to exploit this vulnerability. Clients behind good firewalls would be protected.

Applies to: Windows XP and Windows 2000.

Recommendation: Test and install as part of the normal patch management cycle.

MS06-071--Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution

This bulletin replaces last month's MS06-061. The attack vector is a specially crafted Web page or email message. If a user access the Web page or email message, remote code could be executed.

Applies to: XML Core Services.

Recommendation: Test and install as part of the normal patch management cycle.

MS06-066: Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution

This bulletin replaces MS05-046. This vulnerability applies only to environments that use NetWare. Exploitation of this vulnerability could allow remote code to be executed by an attacker.

Applies to: NetWare in Windows Server 2003, Windows XP, and Windows 2000.

Recommendation: If your organization uses NetWare, test and deploy as part of your normal patch management cycle.