Medical Automation Systems reviews all Microsoft security
patches when they are released. MAS has evaluated and
completed reviews for the security patches listed below
for May 2006. Microsoft rates some of these as
'critical' but the vulnerabilities may in fact pose no risk
to the RALS system if customers adhere to the intended use
of RALS.
The potential impact to RALS customers are Color Coded as
follows:
·
Red (immediate threat/urgent action needed)
·
Green (routine process
or no action needed)
·
Black (action needed/recommended)
MS06-018 - Moderate
Vulnerability in Microsoft Distributed Transaction
Coordinator Could Allow Denial of Service (913580)
-
This update addresses two newly discovered, privately
reported vulnerabilities.
-
This affects Windows 2000 SP4 and Windows XP SP2 systems
[and other Windows operating systems]. This update
replaces MS05-051 for Windows 2000.
-
The two separate vulnerabilities in the MSDTC (Microsoft
Distributed Transaction Coordinator) can be exploited by
anonymous user interaction, however firewall best
practices and standard default firewall configurations can
help protect against attacks that originate from the
Internet. This vulnerability if exploited would result in
a denial of service this would NOT allow an attacker to
execute code or to elevate their user rights, but it could
cause the affected system to stop accepting requests.
-
As Windows based systems, all RALS systems are potentially
at risk as are related systems such as the iStat DE
system. While most RALS systems are protected from direct
Internet access by customer firewalls, the systems would
not be protected from remote attacks from inside the
customer network.
-
NOTE: Since Microsoft has ended support for Windows NT
based systems; the potential for this vulnerability to
affect Windows NT based systems was not addressed nor was
any patch provided by Microsoft for NT systems.
-
Recommend this update be included with the next regular
RALS product test and release cycle. The update appears to
change 30 files on Windows 2000 systems and 18 files on
Windows XP. The expected risk for adverse effects on RALS
operations from this update is medium.
MS06-019 - Critical
Vulnerability in Microsoft Exchange Could Allow Remote Code
Execution (916803)
-
This affects only Microsoft Exchange Server 2000 and
Microsoft Exchange Server 2003. This product is not
provided with any RALS product configuration.
-
Recommendation is no action needed for this update since
the affected software is not provided with any RALS
installations.
MS06-020 - Critical
Vulnerabilities in Macromedia Flash Player from Adobe Could
Allow Remote Code Execution (913433)
-
This update resolves a publicly reported vulnerability
that exists in the Macromedia Flash Player.
-
This affects Windows XP SP2 operating systems. [By
default Windows 2000 SP4 operating systems do not ship
with a vulnerable version of Flash Player].
-
An attacker could exploit these vulnerabilities by hosting
a malicious web page and enticing the user to visit this
site or delivering the malicious content by other means
such as email. These issues can NOT be exploited without
user interaction. The impact of successful exploit could
be remote code execution. If the logged in user had
administrative rights, the code execution could take
complete control over the system.
-
Windows XP based RALS systems would have the version of
Flash Player installed that is affected by this
vulnerability. This vulnerability cannot be exploited
without user interaction and the intended use for the RALS
systems does not support users using the RALS systems for
non-RALS related "web-surfing" activities nor provide for
receiving emails with potentially malicious content or
attachments.
-
Recommend this update be included with the next regular
RALS product test and release cycle. The update appears
to change two files on Windows XP operating systems. The
expected risk for adverse effects on RALS operations from
this update is low.
