June 2006 is another big month for workstation-centric vulnerabilities. Microsoft finally released a patch for the very public Word 2000/2002/2003 vulnerability that we began hearing about several weeks ago (MS06-027). Until now, your only real protection has been comprehensive and up-to-date anti-malware coverage. I recommend deploying this update to all systems that have a vulnerable version of Word as soon as possible because this vulnerability is already being exploited in the wild. In addition, Microsoft released 11 other security bulletins covering a wide range of vulnerabilities. One bulletin (MS06-021) covers eight vulnerabilities in Microsoft Internet Explorer (IE) on all versions of Windows, and I recommend installing it on all computers used to access the Web. Two bulletins deal with vulnerabilities in image file formats (ART and WMF--bulletins MS06-022 and MS06-024, respectively) that you should patch on workstations.

The only vulnerabilities deserving particular consideration for servers are:

MS06-025 - Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)

MS06-029 - Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)

MS06-031 - Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736)

MS06-032 - Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)

The remaining security bulletins are:

MS06-021 - Cumulative Security Update for Internet Explorer (916281)

MS06-022 - Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)

MS06-023 - Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)

MS06-024 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)

MS06-026 - Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (918547)

MS06-027 - Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)

MS06-028 - Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)

MS06-030 - Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)

For my complete coverage of all 12 vulnerabilities, go to

http://www.ultimatewindowssecurity.com/msbulletins.html