Security...

 

Microsoft Security Bulletin Update
September 2006

The monthly Microsoft security updates for September 2006 were released on Tuesday September 12th. Three security updates were released, that address three separate issues in supported Windows operating systems and related components.

The September bulletin includes MS06-052 which Microsoft rates at an “important” level, MS06-053 which Microsoft rates at a “moderate” level, and MS06-054 which is rated at a “critical” level.

The potential impact to RALS customers are color coded as follows:

  • Red (immediate threat/urgent action needed)
  • Green (routine process or no action needed)
  • Black (action needed/recommended)

NOTE: Since Microsoft has ended support for Windows NT based systems; the potential for the following vulnerabilities to affect Windows NT based systems was not addressed or reviewed nor was any patch provided by Microsoft for NT systems.

Back to top

MS06-052 – Important

Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007)

  • This update addresses a newly discovered, privately reported, remote code execution vulnerability that could allow an attacker to send a specially crafted multicast message to an affected system and execute code on the affected system.
  • This affects only Windows XP systems.
  • In order for an attacker to exploit the vulnerability, the MSMQ (Microsoft Message Queuing) service, which is the Windows service needed to allow PGM communications, must be installed. The MSMQ service is NOT installed by default, and is NOT installed for any RALS systems running on the Windows XP platform.
  • Recommend this update be included with the next regular RALS product test and release cycle. The expected risk for adverse effects on RALS operations from this update is low. The update appears to change three files on Windows XP systems.

Back to top

MS06-053 – Moderate

Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685)

  • This update resolves several newly discovered, privately reported vulnerability in the Indexing Service because of the way that it handles query validation.
  • This affects Windows 2000 SP4, Windows 2003 SP1 and Windows XP SP2 systems.
  • The vulnerability could allow an attacker to run client-side script on behalf of a user. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site. An attacker could NOT exploit this vulnerability without user interaction. The Indexing Service is NOT installed by default on Windows XP or Windows Server 2003 platforms, and is NOT enabled for any RALS systems running on the Windows 2000 platform.
  • Recommend this update be included with the next regular RALS product test and release cycle. The expected risk for adverse effects on RALS operations from this update is low. The update appears to change eight files on Windows 2003 systems, six on Windows XP systems, and one on Windows 2000 systems.

Back to top

MS06-054 – Critical

Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729)
  • This affects only Microsoft Publisher 2000, Microsoft Publisher 2002, and Microsoft Publisher 2003. These products are not provided with any RALS product configuration.
  • Recommendation is no action needed for this update since the affected software is not provided with any RALS installations.

Back to top

Medical Automation Systems reviews all Microsoft security patches when they are released. No problems with the RALS systems have been found by our internal testing or reported by customers following the application of these security updates. The application of these updates to the standard RALS system configuration has been approved. Microsoft rates some of these as 'critical' but the vulnerabilities may in fact pose no risk to the RALS system if customers adhere to the intended use of RALS.

MS Patches NOT Critical to RALS Functionality

If MAS determines that the vulnerability as described in a Microsoft bulletin should not adversely affect the RALS functionality when the system is used as intended, the security patch will be tested and included in the next routine product version release. Should the user apply the patches, MAS cannot guarantee or warrant its operation or impact on the RALS system. In this situation there will be no routine customer notification.

MS Patches Critical to RALS Functionality

If it is determined that the security vulnerability as described in a Microsoft bulletin is critical to the RALS functionality, MAS will notify customers via a broadcast email from and by notice on the MAS website http://www.rals.com.

RALS-Plus I RALS-Web I RALS-eQuiz I RALS-TGCM I RALS-Report I Device Interfacing
Customer Support I Clinical Questions I MS Vulnerabilities I MS Updates I RRC Password of the Day
RRC Installation I RALS-Dataports I MAS News I About MAS I Case Studies
Contact Us I POC Links I Home I Legal Notice

© 2005 Medical Automation Systems, Inc., Charlottesville, VA USA. All rights reserved.